Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   gema-trojaner (100 euro-version) win xp (https://www.trojaner-board.de/110937-gema-trojaner-100-euro-version-win-xp.html)

bullahoch2 05.03.2012 13:47
gema-trojaner (100 euro-version) win xp
 
hallo,

habe auch seit einigen tagen den gema-trojaner, der den zugriff auf win xp blockiert.
im abgesicherten modus zu starten geht nicht, es kommt für einen gaaaanz kurzen ein bluescreen, bevor der rechner neustartet.

ich habe nun schon - angelegt an diesen fall - OTLPENet.exe geladen, damit gebootet und den scan laufen lassen. hier das logfile der OTL.txt:

Code:
OTL logfile created on: 3/5/2012 1:25:30 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 18.62 Gb Total Space | 1.41 Gb Free Space | 7.55% Space Free | Partition Type: NTFS
Drive D: | 18.63 Gb Total Space | 5.47 Gb Free Space | 29.36% Space Free | Partition Type: NTFS
Drive F: | 999.63 Mb Total Space | 855.06 Mb Free Space | 85.54% Space Free | Partition Type: FAT
Drive G: | 3.78 Gb Total Space | 1.90 Gb Free Space | 50.08% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/01/04 07:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/03/18 04:06:49 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2010/04/27 09:57:32 | 000,247,152 | ---- | M] () [Auto] -- C:\Programme\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/04/07 07:57:42 | 000,099,896 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2008/05/07 18:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/04/24 07:40:56 | 002,562,048 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/10/26 13:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Adapter | On_Demand] --  -- (Mvhel3esepcw)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - File not found [Kernel | On_Demand] --  -- (appliandMP)
DRV - File not found [Kernel | On_Demand] --  -- (AgereSoftModem)
DRV - [2012/01/14 10:58:54 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2011/11/01 04:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 04:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/11/01 04:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 04:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/03/15 06:51:03 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/03/05 18:40:57 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2010/01/05 04:31:32 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/05 04:31:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/05 04:31:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/05 04:31:30 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/08/26 03:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/28 08:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/03/18 10:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/03/17 11:45:52 | 000,019,584 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2008/03/12 21:25:36 | 002,530,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2008/02/11 10:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007/12/14 03:21:56 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/08/28 09:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/06/18 10:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/06/18 07:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/05/09 07:27:00 | 000,097,280 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2007/01/22 07:09:38 | 000,034,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wisdpen.sys -- (wisdpen)
DRV - [2006/02/27 10:45:48 | 001,342,602 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/02/27 10:43:36 | 000,030,189 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/02/27 10:43:06 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/02/27 10:40:16 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/10/26 04:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/09/19 08:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/05/09 14:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2003/07/08 12:49:24 | 000,514,155 | ---- | M] (Digital Camera) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Ca536av.sys -- (Ca536av)
DRV - [2003/05/13 18:28:14 | 000,011,048 | ---- | M] (USB BULK) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Bulk536.sys -- (USBCamera)
DRV - [2001/08/17 22:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =  [binary data]
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKU\flo_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\flo_ON_C\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\flo_ON_C\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKU\flo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\flo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\flo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 121.204.0.2:80
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.1.7
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..network.proxy.backup.ftp: "10.1.0.0"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "10.1.0.0"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "10.1.0.0"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "192.168.1.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "192.168.1.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.1.1"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "192.168.1.1"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.Net\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\DOKUME~1\flo\ANWEND~1\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5FE7198A-5950-4068-9FBF-1A60395CC4E9}: C:\Programme\1&1\1&1 SoftPhone\Firefox [2011/03/16 07:01:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_10.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_10.0
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/02/18 06:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/02/11 16:45:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/02/29 04:24:00 | 000,000,000 | ---D | M]
 
[2011/03/15 06:42:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\mozilla\Extensions
[2012/03/01 14:58:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\mozilla\Firefox\Profiles\h2h6cuos.default\extensions
[2011/11/22 18:59:37 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/01/13 10:57:21 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/02/11 16:26:07 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/03/01 14:58:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\mozilla\Firefox\Profiles\h2h6cuos.default\extensions\staged
[2011/03/15 18:29:10 | 000,002,062 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\searchplugins\qip-search.xml
[2011/12/25 19:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FLO\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\H2H6CUOS.DEFAULT\EXTENSIONS\{AD48108D-92A6-4EB9-87E4-978ACA1DBAE4}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FLO\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\H2H6CUOS.DEFAULT\EXTENSIONS\ADD-TO-SEARCHBOX@MALTEKRAUS.DE.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FLO\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\H2H6CUOS.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012/02/18 06:08:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011/06/19 16:47:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/23 08:41:48 | 002,557,440 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFp530.dll
[2009/09/21 05:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFv522.dll
[2011/09/23 08:43:02 | 001,623,552 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFv530.dll
[2012/01/12 16:38:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/12 16:38:34 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/01/12 16:38:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/12 16:38:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/12 16:38:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/12 16:38:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKU\flo_ON_C\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKU\flo_ON_C\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TabletTip] C:\Programme\Gemeinsame Dateien\microsoft shared\ink\tabtip.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UIExec] C:\Programme\Join Air\UIExec.exe ()
O4 - HKU\flo_ON_C..\Run: []  File not found
O4 - HKU\LocalService_ON_C..\Run: [TabletWizard]  File not found
O4 - HKU\NetworkService_ON_C..\Run: [TabletWizard]  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\cd-laufwerk.lnk = C:\map.bat ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Watch.lnk = C:\Programme\4.0M MPEG4 DV\Console\Watch.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\flo\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: In 1&&1 SoftPhone wählen - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\ContextMenuHandler.html ()
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (sfklg.dll) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\E13521A1E0A0CC59F69D.exe) - C:\WINDOWS\system32\E13521A1E0A0CC59F69D.exe (Unizeto Sp. z o.o.)
O20 - Winlogon\Notify\loginkey: DllName - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\loginkey.dll - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\loginkey.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/14 19:12:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1b60351d-b14f-11e0-9fd0-0018debd900d}\Shell - "" = AutoRun
O33 - MountPoints2\{1b60351d-b14f-11e0-9fd0-0018debd900d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b60351d-b14f-11e0-9fd0-0018debd900d}\Shell\AutoRun\command - "" = F:\SISetup.exe
O33 - MountPoints2\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\Shell - "" = AutoRun
O33 - MountPoints2\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{9180a4e3-de0a-11e0-a065-0016d498d8af}\Shell\AutoRun\command - "" = F:\RunClubSanDisk.exe
O33 - MountPoints2\{ba2d366a-6dc5-11e0-9ebf-0018debd900d}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe
O33 - MountPoints2\{ef120711-b1f4-11e0-9fd3-0016d498d8af}\Shell\AutoRun\command - "" = IO90453\JJU294\fuiahjdfu.exe
O33 - MountPoints2\{ef120711-b1f4-11e0-9fd3-0016d498d8af}\Shell\open\command - "" = IO90453\JJU294\fuiahjdfu.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E30AC7CA-ED4A-48A8-A539-A711A256B163} - Vektorgrafik-Rendering (VML)
ActiveX: {E55010A4-6F00-201C-B8B3-80AE9A1744D6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/01 09:46:47 | 000,039,424 | -H-- | C] (Unizeto Sp. z o.o.) -- C:\WINDOWS\System32\E13521A1E0A0CC59F69D.exe
[2012/02/29 04:57:46 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Nokia Suite
[2012/02/29 04:41:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia Suite
[2012/02/29 04:40:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\NokiaAccount
[2012/02/29 04:37:18 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012/02/29 04:25:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\Nokia
[2012/02/29 04:24:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia
[2012/02/29 04:24:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2012/02/29 04:24:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\PC Suite
[2012/02/29 04:24:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nokia
[2012/02/29 04:23:58 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Nokia
[2012/02/29 04:23:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2012/02/28 07:18:11 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox
[2012/02/28 06:40:45 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2012/02/28 06:40:32 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2012/02/28 06:40:13 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2012/02/28 06:40:12 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2012/02/28 06:40:11 | 000,023,168 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2012/02/28 06:40:10 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll
[2012/02/28 06:40:10 | 000,605,696 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2012/02/28 06:40:10 | 000,123,904 | ---- | C] (Nokia) -- C:\WINDOWS\System32\ccdcmbwu.dll
[2012/02/28 06:40:10 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2012/02/28 06:40:09 | 000,075,264 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2012/02/28 06:37:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2012/02/28 06:35:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2012/02/28 06:35:23 | 000,000,000 | ---D | C] -- C:\Programme\Nokia
[2012/02/14 06:30:21 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012/02/11 16:23:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Flatcast
[2012/02/11 05:31:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012/02/11 05:29:17 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2012/02/11 05:29:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Karaoke Anything!
[2012/02/11 05:29:15 | 000,000,000 | ---D | C] -- C:\Programme\Karaoke Anything!
[2012/02/11 05:27:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sibelius Software
[2012/02/11 05:27:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Sibelius Software
[2012/02/10 07:02:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sibelius Software
[2012/02/10 07:02:59 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Scores
[2012/02/10 06:59:18 | 000,000,000 | ---D | C] -- C:\Programme\Sibelius Software
[2011/04/02 11:11:02 | 000,818,176 | ---- | C] (Image-Line) -- C:\Programme\Kopie von FL Studio VSTi.dll
[2011/03/16 07:36:36 | 000,092,064 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmmdm.sys
[2011/03/16 07:36:36 | 000,079,328 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmserd.sys
[2011/03/16 07:36:36 | 000,066,656 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmbus.sys
[2011/03/16 07:36:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\flo\usbsermptxp.sys
[2011/03/16 07:36:36 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\flo\usbsermpt.sys
[2011/03/16 07:36:36 | 000,009,232 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmmdfl.sys
[2011/03/16 07:36:36 | 000,006,208 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmcmnt.sys
[2011/03/16 07:36:36 | 000,005,936 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmwhnt.sys
[2011/03/16 07:36:36 | 000,004,048 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmcr.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/05 07:04:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/05 07:04:12 | 000,449,334 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/03/05 07:04:12 | 000,433,130 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/05 07:04:12 | 000,080,302 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/03/05 07:04:12 | 000,067,704 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/05 07:03:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/05 07:03:38 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/03 04:28:11 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/01 15:29:55 | 000,020,180 | ---- | M] () -- C:\WINDOWS\System32\sfklg.dat
[2012/03/01 13:31:52 | 000,002,507 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Microsoft Office OneNote 2007.lnk
[2012/03/01 13:08:34 | 000,000,536 | ---- | M] () -- C:\WINDOWS\Sam9_D.INI
[2012/03/01 09:46:47 | 000,039,424 | -H-- | M] (Unizeto Sp. z o.o.) -- C:\WINDOWS\System32\E13521A1E0A0CC59F69D.exe
[2012/03/01 08:03:34 | 000,186,368 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 06:51:43 | 000,002,555 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2012/02/29 04:37:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/02/29 04:37:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf
[2012/02/29 04:31:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012/02/29 04:31:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/29 04:31:41 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/02/29 04:24:21 | 000,001,717 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nokia Suite.lnk
[2012/02/29 04:24:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nokia
[2012/02/28 16:37:17 | 000,001,014 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Desktop\Dropbox.lnk
[2012/02/28 11:39:27 | 000,224,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/28 07:53:30 | 000,002,527 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/02/28 06:38:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/02/28 06:37:10 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012/02/23 13:44:58 | 001,440,054 | ---- | M] () -- C:\WINDOWS\System32\winsh324
[2012/02/19 21:27:58 | 000,002,439 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Power Tab Editor 1.7.lnk
[2012/02/19 10:01:47 | 000,002,241 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012/02/11 16:45:10 | 000,002,292 | ---- | M] () -- C:\WINDOWS\unins002.dat
[2012/02/11 16:45:08 | 000,715,038 | ---- | M] () -- C:\WINDOWS\unins002.exe
[2012/02/11 16:27:44 | 000,002,368 | ---- | M] () -- C:\WINDOWS\unins001.dat
[2012/02/11 16:27:42 | 000,715,038 | ---- | M] () -- C:\WINDOWS\unins001.exe
[2012/02/11 16:23:21 | 000,000,898 | ---- | M] () -- C:\WINDOWS\unins000.dat
[2012/02/11 16:23:18 | 000,695,578 | ---- | M] () -- C:\WINDOWS\unins000.exe
[2012/02/11 05:31:41 | 000,000,624 | -H-- | M] () -- C:\WINDOWS\System32\T4
[2012/02/11 05:29:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Karaoke Anything!
[2012/02/11 05:29:07 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2012/02/11 05:27:27 | 000,000,604 | -H-- | M] () -- C:\Programme\STLL Notifier
[2012/02/10 16:52:30 | 000,002,563 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2003.lnk
[2012/02/10 15:40:10 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei4
[2012/02/10 15:40:10 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei2
[2012/02/10 15:40:10 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei3
[2012/02/10 15:40:10 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei1
[2012/02/10 15:40:10 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei7
[2012/02/10 15:40:10 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei5
[2012/02/10 15:40:10 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\Datei0
[2012/02/10 15:40:10 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei9
[2012/02/10 15:40:10 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei8
[2012/02/10 15:40:10 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei10
[2012/02/10 15:40:10 | 000,000,465 | ---- | M] () -- C:\WINDOWS\System32\Datei6
[2012/02/10 07:03:12 | 000,000,444 | ---- | M] () -- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2012/02/10 07:02:59 | 000,001,786 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sibelius 6.lnk
[2012/02/10 07:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sibelius Software
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/03/01 09:47:17 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/03/01 09:47:17 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/03/01 09:47:17 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/03/01 09:47:17 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/03/01 09:47:16 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2012/02/29 04:37:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/02/29 04:37:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf
[2012/02/29 04:31:42 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012/02/29 04:31:41 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/02/29 04:24:21 | 000,001,717 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nokia Suite.lnk
[2012/02/28 06:37:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012/02/11 16:45:10 | 000,715,038 | ---- | C] () -- C:\WINDOWS\unins002.exe
[2012/02/11 16:45:10 | 000,002,292 | ---- | C] () -- C:\WINDOWS\unins002.dat
[2012/02/11 16:27:43 | 000,715,038 | ---- | C] () -- C:\WINDOWS\unins001.exe
[2012/02/11 16:27:43 | 000,002,368 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2012/02/11 16:23:20 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2012/02/11 16:23:20 | 000,000,898 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2012/02/11 05:31:41 | 000,000,624 | -H-- | C] () -- C:\WINDOWS\System32\T4
[2012/02/11 05:27:27 | 000,000,604 | -H-- | C] () -- C:\Programme\STLL Notifier
[2012/02/10 07:02:59 | 000,001,786 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sibelius 6.lnk
[2012/02/10 06:59:03 | 000,000,444 | ---- | C] () -- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2012/01/14 11:00:00 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2012/01/14 10:59:31 | 000,000,074 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2012/01/14 10:59:27 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2012/01/14 10:59:27 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2012/01/14 10:59:27 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2012/01/14 10:59:27 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2012/01/14 10:58:54 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2011/12/23 06:24:51 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/12/23 02:33:11 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2011/09/12 13:43:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011/09/12 13:43:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011/09/12 13:43:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2011/09/12 13:43:19 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2011/09/12 13:43:19 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2011/08/05 06:24:02 | 000,000,030 | ---- | C] () -- C:\Programme\Exiferupdate.ini
[2011/07/28 12:23:36 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
[2011/07/28 12:23:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2011/07/28 12:23:02 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\mvusbews.dll
[2011/07/28 12:22:57 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2011/07/18 10:14:01 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
[2011/04/11 14:56:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2011/04/06 10:01:20 | 000,030,461 | ---- | C] () -- C:\WINDOWS\snap099.dat
[2011/04/06 10:01:20 | 000,029,565 | ---- | C] () -- C:\WINDOWS\snap098.dat
[2011/04/06 10:01:20 | 000,028,669 | ---- | C] () -- C:\WINDOWS\snap097.dat
[2011/04/06 10:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap095.dat
[2011/04/06 10:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap094.dat
[2011/04/06 10:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap093.dat
[2011/04/06 10:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap090.dat
[2011/04/06 10:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap089.dat
[2011/04/06 10:01:20 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap096.dat
[2011/04/06 10:01:20 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap092.dat
[2011/04/06 10:01:20 | 000,025,981 | ---- | C] () -- C:\WINDOWS\snap091.dat
[2011/04/06 10:01:19 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap088.dat
[2011/04/06 10:01:19 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap087.dat
[2011/04/06 10:01:19 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap086.dat
[2011/04/06 10:01:19 | 000,025,981 | ---- | C] () -- C:\WINDOWS\snap085.dat
[2011/04/06 10:01:19 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap084.dat
[2011/04/06 10:01:19 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap083.dat
[2011/04/06 10:01:19 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap082.dat
[2011/04/06 10:01:19 | 000,022,397 | ---- | C] () -- C:\WINDOWS\snap081.dat
[2011/04/06 10:01:19 | 000,021,501 | ---- | C] () -- C:\WINDOWS\snap080.dat
[2011/04/06 10:01:19 | 000,020,605 | ---- | C] () -- C:\WINDOWS\snap079.dat
[2011/04/06 10:01:19 | 000,019,709 | ---- | C] () -- C:\WINDOWS\snap078.dat
[2011/04/06 10:01:19 | 000,019,709 | ---- | C] () -- C:\WINDOWS\snap077.dat
[2011/04/06 10:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap072.dat
[2011/04/06 10:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap069.dat
[2011/04/06 10:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap068.dat
[2011/04/06 10:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap067.dat
[2011/04/06 10:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap066.dat
[2011/04/06 10:01:18 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap073.dat
[2011/04/06 10:01:18 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap071.dat
[2011/04/06 10:01:18 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap070.dat
[2011/04/06 10:01:18 | 000,022,397 | ---- | C] () -- C:\WINDOWS\snap074.dat
[2011/04/06 10:01:18 | 000,021,501 | ---- | C] () -- C:\WINDOWS\snap075.dat
[2011/04/06 10:01:18 | 000,020,605 | ---- | C] () -- C:\WINDOWS\snap076.dat
[2011/04/06 10:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap061.dat
[2011/04/06 10:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap060.dat
[2011/04/06 10:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap059.dat
[2011/04/06 10:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap058.dat
[2011/04/06 10:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap057.dat
[2011/04/06 10:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap055.dat
[2011/04/06 10:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap053.dat
[2011/04/06 10:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap065.dat
[2011/04/06 10:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap064.dat
[2011/04/06 10:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap063.dat
[2011/04/06 10:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap062.dat
[2011/04/06 10:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap056.dat
[2011/04/06 10:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap054.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap052.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap051.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap050.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap049.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap048.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap047.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap046.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap045.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap044.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap043.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap042.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap041.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap040.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap039.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap038.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap037.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap036.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap035.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap034.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap033.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap032.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap031.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap030.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap029.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap028.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap027.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap026.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap025.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap024.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap023.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap022.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap021.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap020.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap019.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap018.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap017.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap016.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap015.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap014.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap013.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap012.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap011.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap010.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap009.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap008.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap007.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap006.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap005.dat
[2011/04/06 10:00:41 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap004.dat
[2011/04/06 10:00:41 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap003.dat
[2011/04/06 10:00:30 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap002.dat
[2011/04/06 10:00:29 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap001.dat
[2011/04/06 10:00:29 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap000.dat
[2011/04/06 09:58:29 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2011/04/06 09:58:25 | 000,002,042 | ---- | C] () -- C:\WINDOWS\Ca536a.ini
[2011/03/23 13:39:32 | 000,000,038 | -HS- | C] () -- C:\WINDOWS\camcodec100.ini
[2011/03/23 13:39:32 | 000,000,028 | -HS- | C] () -- C:\WINDOWS\lagarith.ini
[2011/03/23 13:39:18 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011/03/23 12:39:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2011/03/21 11:04:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kopie von musicmaker.INI
[2011/03/21 10:16:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\musicmaker.INI
[2011/03/21 10:13:46 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini
[2011/03/21 09:54:10 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\mgxasio.dll
[2011/03/19 17:57:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/18 03:55:30 | 000,000,536 | ---- | C] () -- C:\WINDOWS\Sam9_D.INI
[2011/03/18 03:51:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2011/03/18 03:51:19 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2011/03/18 03:48:46 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/03/17 12:46:25 | 000,020,180 | ---- | C] () -- C:\WINDOWS\System32\sfklg.dat
[2011/03/16 07:36:36 | 000,009,913 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\MCCI_MDM.INF
[2011/03/16 07:36:36 | 000,009,232 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USB_MOT_BRIT.INF
[2011/03/16 07:36:36 | 000,007,201 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USBMOT2000.INF
[2011/03/16 07:36:36 | 000,006,989 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\MCCI_BUS.INF
[2011/03/16 07:36:36 | 000,006,141 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USBMOT2000XP.INF
[2011/03/16 07:36:36 | 000,005,960 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USB_MOT_A1000.INF
[2011/03/16 07:36:36 | 000,005,880 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USB_CMCS_2000.INF
[2011/03/16 07:36:36 | 000,004,477 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\MCCI_SDM.INF
[2011/03/15 18:09:20 | 000,186,368 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/15 06:42:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/14 20:28:05 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2011/03/14 19:19:29 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011/03/14 19:14:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/14 19:04:58 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/14 18:41:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/14 18:40:35 | 000,224,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/01 03:48:16 | 000,053,478 | ---- | C] () -- C:\WINDOWS\mvtcpui.ini
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,449,334 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006/02/28 07:00:00 | 000,433,130 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,080,302 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006/02/28 07:00:00 | 000,067,704 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/02/27 10:51:36 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/03/06 01:06:02 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\sfklgcp.exe.vir
[2005/03/06 01:05:56 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\sfklg.dll.vir
[2004/01/13 12:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2001/11/14 06:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2011/10/31 05:21:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Application Updater
[2011/10/17 12:15:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\.oit
[2011/06/09 10:04:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\1&1
[2012/01/21 08:54:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\ASCOMP Software
[2011/07/21 05:33:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\avidemux
[2012/02/10 05:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Azureus
[2012/01/22 04:19:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DesktopIconForAmazon
[2011/07/02 14:44:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Downloadr
[2012/02/28 16:37:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Dropbox
[2011/10/31 05:41:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DVDVideoSoft
[2011/10/31 05:41:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012/02/11 16:23:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Flatcast
[2011/07/22 03:44:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\GARMIN
[2011/07/18 06:32:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\GetRightToGo
[2011/03/15 18:07:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\GrabPro
[2011/04/02 04:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Gutscheinmieze
[2011/03/21 11:23:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\MAGIX
[2012/02/29 04:41:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia
[2012/02/29 04:41:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia Suite
[2011/11/26 06:40:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Opera
[2012/02/28 08:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Orbit
[2012/02/29 04:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\PC Suite
[2011/03/28 03:23:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\PDF Writer
[2011/03/15 18:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\ProgSense
[2011/03/15 18:11:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\QIP
[2011/03/15 18:29:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\QipGuard
[2011/07/21 11:17:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Vara Software
[2011/08/22 07:57:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Wirecast
[2011/06/09 10:02:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1&1
[2011/06/12 15:48:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Applian
[2011/03/21 16:47:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2011/03/25 17:52:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GARMIN
[2011/03/22 16:30:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2011/09/12 13:43:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Minnetonka Audio Software
[2012/02/29 04:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2012/02/28 06:35:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2012/02/29 04:36:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2011/03/28 03:23:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PDF Writer
[2012/01/17 16:20:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Stardraw.com Ltd
[2011/07/21 11:17:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Telestream
[2012/02/11 05:53:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/04/11 14:56:50 | 000,000,000 | -H-D | M] -- C:\BJPrinter
[2011/03/14 19:19:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2012/01/05 06:10:40 | 000,000,000 | ---D | M] -- C:\downloads
[2011/03/15 17:57:40 | 000,000,000 | ---D | M] -- C:\Garmin
[2011/03/14 20:27:57 | 000,000,000 | ---D | M] -- C:\Intel
[2011/03/15 07:34:45 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/05/27 01:09:38 | 000,000,000 | ---D | M] -- C:\Program Files
[2012/02/28 07:18:11 | 000,000,000 | R--D | M] -- C:\Programme
[2011/03/14 19:39:39 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011/04/21 06:03:15 | 000,000,000 | ---D | M] -- C:\SWSetup
[2012/03/01 18:15:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/03/14 21:03:24 | 000,000,000 | ---D | M] -- C:\Temp
[2012/03/05 07:03:40 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2006/02/28 07:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011/03/19 17:47:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011/03/19 17:47:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2006/02/28 07:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011/03/19 17:47:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011/03/19 17:47:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/13 21:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 21:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2006/02/28 07:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 21:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/13 21:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008/04/13 21:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 21:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 13:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/13 21:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 21:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2006/02/28 07:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2006/02/28 07:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008/04/13 21:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 21:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/13 21:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 21:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2006/02/28 07:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006/02/28 07:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 21:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 21:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006/02/28 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2006/02/28 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2011/03/14 19:39:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011/03/14 19:39:49 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011/03/14 19:39:49 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 12:46:10 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2008/04/13 21:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 21:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2010/04/16 11:06:44 | 001,509,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shdocvw.dll
[2008/06/17 14:00:59 | 008,502,272 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C8B8CEBD
< End of report >
wie soll ich weiter vorgehen?

danke schonmal + gruß, flo.

cosinus 05.03.2012 19:42
Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =  [binary data]
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\flo_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\flo_ON_C\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\flo_ON_C\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKU\flo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 121.204.0.2:80
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..network.proxy.backup.ftp: "10.1.0.0"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "10.1.0.0"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "10.1.0.0"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "192.168.1.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "192.168.1.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.1.1"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "192.168.1.1"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKU\flo_ON_C..\Run: []  File not found
O4 - HKU\LocalService_ON_C..\Run: [TabletWizard]  File not found
O4 - HKU\NetworkService_ON_C..\Run: [TabletWizard]  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\cd-laufwerk.lnk = C:\map.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\E13521A1E0A0CC59F69D.exe) - C:\WINDOWS\system32\E13521A1E0A0CC59F69D.exe (Unizeto Sp. z o.o.)
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/14 19:12:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1b60351d-b14f-11e0-9fd0-0018debd900d}\Shell - "" = AutoRun
O33 - MountPoints2\{1b60351d-b14f-11e0-9fd0-0018debd900d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b60351d-b14f-11e0-9fd0-0018debd900d}\Shell\AutoRun\command - "" = F:\SISetup.exe
O33 - MountPoints2\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\Shell - "" = AutoRun
O33 - MountPoints2\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{9180a4e3-de0a-11e0-a065-0016d498d8af}\Shell\AutoRun\command - "" = F:\RunClubSanDisk.exe
O33 - MountPoints2\{ba2d366a-6dc5-11e0-9ebf-0018debd900d}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe
O33 - MountPoints2\{ef120711-b1f4-11e0-9fd3-0016d498d8af}\Shell\AutoRun\command - "" = IO90453\JJU294\fuiahjdfu.exe
O33 - MountPoints2\{ef120711-b1f4-11e0-9fd3-0016d498d8af}\Shell\open\command - "" = IO90453\JJU294\fuiahjdfu.exe
[2012/03/01 09:46:47 | 000,039,424 | -H-- | C] (Unizeto Sp. z o.o.) -- C:\WINDOWS\System32\E13521A1E0A0CC59F69D.exe
@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C8B8CEBD
:Files
C:\WINDOWS\System32\winsh3??
:Commands
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

bullahoch2 06.03.2012 00:08
ok, habs gefixt - hier das log:

Code:
========== OTL ==========
HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\flo_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\flo_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
Registry value HKEY_USERS\flo_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
C:\Programme\Vuze_Remote\prxtbVuz0.dll moved successfully.
HKU\flo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "chr-greentree_ff&type=937811&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=" removed from keyword.URL
Prefs.js: "10.1.0.0" removed from network.proxy.backup.ftp
Prefs.js: 8080 removed from network.proxy.backup.ftp_port
Prefs.js: "10.1.0.0" removed from network.proxy.backup.socks
Prefs.js: 8080 removed from network.proxy.backup.socks_port
Prefs.js: "10.1.0.0" removed from network.proxy.backup.ssl
Prefs.js: 8080 removed from network.proxy.backup.ssl_port
Prefs.js: "192.168.1.1" removed from network.proxy.ftp
Prefs.js: 3128 removed from network.proxy.ftp_port
Prefs.js: "192.168.1.1" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: "localhost" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "192.168.1.1" removed from network.proxy.socks
Prefs.js: 3128 removed from network.proxy.socks_port
Prefs.js: "192.168.1.1" removed from network.proxy.ssl
Prefs.js: 3128 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
File C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
File C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Programme\Vuze_Remote\prxtbVuz0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Programme\Vuze_Remote\prxtbVuz0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\H2O deleted successfully.
C:\Programme\Syncrosoft\POS\H2O\cledx.exe moved successfully.
Registry value HKEY_USERS\flo_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\TabletWizard deleted successfully.
Registry value HKEY_USERS\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\TabletWizard deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\cd-laufwerk.lnk moved successfully.
C:\map.bat moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegedit deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutorun deleted successfully.
Registry value HKEY_USERS\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_USERS\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegedit deleted successfully.
Registry value HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\E13521A1E0A0CC59F69D.exe deleted successfully.
C:\WINDOWS\system32\E13521A1E0A0CC59F69D.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b60351d-b14f-11e0-9fd0-0018debd900d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b60351d-b14f-11e0-9fd0-0018debd900d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b60351d-b14f-11e0-9fd0-0018debd900d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b60351d-b14f-11e0-9fd0-0018debd900d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b60351d-b14f-11e0-9fd0-0018debd900d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b60351d-b14f-11e0-9fd0-0018debd900d}\ not found.
File F:\SISetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9180a4e3-de0a-11e0-a065-0016d498d8af}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9180a4e3-de0a-11e0-a065-0016d498d8af}\ not found.
File F:\RunClubSanDisk.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba2d366a-6dc5-11e0-9ebf-0018debd900d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba2d366a-6dc5-11e0-9ebf-0018debd900d}\ not found.
File F:\StartPortableApps.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef120711-b1f4-11e0-9fd3-0016d498d8af}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef120711-b1f4-11e0-9fd3-0016d498d8af}\ not found.
File IO90453\JJU294\fuiahjdfu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef120711-b1f4-11e0-9fd3-0016d498d8af}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef120711-b1f4-11e0-9fd3-0016d498d8af}\ not found.
File IO90453\JJU294\fuiahjdfu.exe not found.
File C:\WINDOWS\System32\E13521A1E0A0CC59F69D.exe not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C8B8CEBD deleted successfully.
========== FILES ==========
C:\WINDOWS\System32\winsh320 moved successfully.
C:\WINDOWS\System32\winsh321 moved successfully.
C:\WINDOWS\System32\winsh322 moved successfully.
C:\WINDOWS\System32\winsh323 moved successfully.
C:\WINDOWS\System32\winsh324 moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 03052012_234830

bullahoch2 06.03.2012 00:12
hat das mit dem upload funktioniert?
ich kann jedenfalls wieder auf win xp zugreifen, bislang ohne probleme - ganz viel dankeschön! und so. =)

flo.

cosinus 06.03.2012 13:22
Ja ist angekommen, danke :)


Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

bullahoch2 07.03.2012 08:30
malwarebytes-log:

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.06.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
flo :: FLOPTOP [Administrator]

Schutz: Aktiviert

06.03.2012 13:34:58
mbam-log-2012-03-06 (13-34-58).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 330619
Laufzeit: 3 Stunde(n), 22 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Programme\rkfree\rkfree.exe (Keylogger.Logixoft) -> 1036 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rkfree (Keylogger.Logixoft) -> Daten: C:\Programme\rkfree\rkfree.exe /b -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 4
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: ("regedit.exe" "%1") Gut: (regedit.exe "%1") -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Programme\rkfree\rkfree.exe (Keylogger.Logixoft) -> Löschen bei Neustart.
C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Temp\166C269CE0A0CC5902B0.exe (Trojan.Zbot.USZ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\03052012_234830\C_WINDOWS\system32\E13521A1E0A0CC59F69D.exe (Trojan.Zbot.USZ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\downloads\rkfree_setup.exe (Keylogger.Logixoft) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
eset-scanner-log:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a0184e7fd704fa4999bc1551fda0cc52
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-14 12:56:36
# local_time=2012-02-14 01:56:36 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 4623 4623 0 0
# scanned=177622
# found=0
# cleaned=0
# scan_time=4151
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a0184e7fd704fa4999bc1551fda0cc52
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-06 11:35:10
# local_time=2012-03-07 12:35:10 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 1856589 1856589 0 0
# scanned=156795
# found=3
# cleaned=0
# scan_time=4899
C:\_OTL.zip        a variant of Win32/Kryptik.ABSQ trojan (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\8\641dc908-24415f8b        Java/Exploit.CVE-2011-3544.AW trojan (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Temp\Inc.class        Java/Exploit.CVE-2011-3544.AW trojan (unable to clean)        00000000000000000000000000000000        I

cosinus 07.03.2012 11:36
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

bullahoch2 07.03.2012 13:20
Code:
OTL logfile created on: 07.03.2012 11:43:54 - Run 1
OTL by OldTimer - Version 3.2.35.1    Folder = D:\downloads
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 72,50% Memory free
3,84 Gb Paging File | 3,44 Gb Available in Paging File | 89,65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 18,62 Gb Total Space | 0,76 Gb Free Space | 4,09% Space Free | Partition Type: NTFS
Drive D: | 18,63 Gb Total Space | 5,79 Gb Free Space | 31,10% Space Free | Partition Type: NTFS
Drive M: | 3,78 Gb Total Space | 2,01 Gb Free Space | 53,06% Space Free | Partition Type: FAT32
 
Computer Name: FLOPTOP | User Name: flo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.07 11:42:34 | 000,584,704 | ---- | M] (OldTimer Tools) -- D:\downloads\OTL.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010.04.27 16:06:02 | 000,138,072 | ---- | M] () -- C:\Programme\Join Air\UIExec.exe
PRC - [2010.04.27 15:57:32 | 000,247,152 | ---- | M] () -- C:\Programme\Join Air\AssistantServices.exe
PRC - [2010.04.07 13:57:42 | 000,099,896 | ---- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
PRC - [2008.05.08 00:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008.04.24 13:40:56 | 002,562,048 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2008.04.14 03:23:03 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\tcserver.exe
PRC - [2008.04.14 03:23:02 | 000,271,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\tabtip.exe
PRC - [2008.04.14 03:22:50 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\keyboardsurrogate.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006.02.27 17:02:06 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2003.12.16 17:48:16 | 000,208,896 | ---- | M] () -- C:\Programme\4.0M MPEG4 DV\Console\Watch.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.30 21:29:32 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2011.10.30 21:29:26 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll
MOD - [2011.10.30 17:13:17 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2011.10.30 17:13:11 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2011.10.30 17:13:00 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2011.10.30 17:11:14 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2011.10.30 17:11:05 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2011.03.20 00:01:37 | 001,179,648 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.3300.0__b77a5c561934e089\system.dll
MOD - [2011.03.20 00:00:01 | 001,855,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.0.3705\system\1.0.3300.0__b77a5c561934e089_b3550d4c\system.dll
MOD - [2011.03.19 23:59:58 | 003,301,376 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_6bdbd301\mscorlib.dll
MOD - [2011.03.19 23:59:42 | 000,012,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC\SoftKeyboardLogic\1.7.2600.5512__31bf3856ad364e35\SoftKeyboardLogic.dll
MOD - [2011.03.19 23:59:41 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC\SKLibrary\1.7.2600.5512__31bf3856ad364e35\SKLibrary.dll
MOD - [2011.03.19 23:59:41 | 000,009,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.SoftKeyboardInterface\1.7.2600.5512__31bf3856ad364e35\Interop.SoftKeyboardInterface.dll
MOD - [2011.03.15 01:05:57 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\interop.tipcomponents\1.7.2600.2180__31bf3856ad364e35\interop.tipcomponents.dll
MOD - [2011.03.15 01:05:39 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.3300.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.04.27 16:06:02 | 000,138,072 | ---- | M] () -- C:\Programme\Join Air\UIExec.exe
MOD - [2010.04.27 15:57:32 | 000,247,152 | ---- | M] () -- C:\Programme\Join Air\AssistantServices.exe
MOD - [2010.03.04 15:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
MOD - [2010.03.04 15:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2006.02.27 17:03:28 | 000,053,248 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2003.12.16 17:48:16 | 000,208,896 | ---- | M] () -- C:\Programme\4.0M MPEG4 DV\Console\Watch.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.03.18 10:06:49 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2010.04.27 15:57:32 | 000,247,152 | ---- | M] () [Auto | Running] -- C:\Programme\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.04.07 13:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2008.05.08 00:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008.04.24 13:40:56 | 002,562,048 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Adapter | On_Demand | Unknown] --  -- (Mvhel3esepcw)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (appliandMP)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (al55mvok)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (AgereSoftModem)
DRV - [2012.01.14 16:58:54 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.11.01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.11.01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.11.01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.11.01 10:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.03.15 12:51:03 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.03.06 00:40:57 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2010.01.05 10:31:32 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010.01.05 10:31:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010.01.05 10:31:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010.01.05 10:31:30 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.28 14:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008.03.18 16:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.03.17 17:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2008.03.13 03:25:36 | 002,530,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2008.02.11 16:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007.12.14 09:21:56 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007.08.28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.06.18 13:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007.05.09 13:27:00 | 000,097,280 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2007.01.22 13:09:38 | 000,034,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wisdpen.sys -- (wisdpen)
DRV - [2006.02.27 16:45:48 | 001,342,602 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006.02.27 16:43:36 | 000,030,189 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006.02.27 16:43:06 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006.02.27 16:40:16 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005.10.26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005.09.19 14:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005.05.09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2003.07.08 18:49:24 | 000,514,155 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Ca536av.sys -- (Ca536av)
DRV - [2003.05.14 00:28:14 | 000,011,048 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk536.sys -- (USBCamera)
DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 121.204.0.2:80
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.1.7
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
FF - prefs.js..network.proxy.backup.ftp: "10.1.0.0"
FF - prefs.js..network.proxy.backup.ftp_port: ""
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: ""
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: ""
FF - prefs.js..network.proxy.ftp: "10.1.0.0"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "10.1.0.0"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, 10.3.0.64, 10.1.0.0/8080"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "10.1.0.0"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "10.1.0.0"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\DOKUME~1\flo\ANWEND~1\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5FE7198A-5950-4068-9FBF-1A60395CC4E9}: C:\Programme\1&1\1&1 SoftPhone\Firefox [2011.03.16 13:01:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_10.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_10.0
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.02.18 12:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.02.11 22:45:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.29 10:24:00 | 000,000,000 | ---D | M]
 
[2011.03.15 12:42:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Extensions
[2012.03.06 00:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions
[2011.11.23 00:59:37 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.01.13 16:57:21 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012.03.06 00:35:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.03.16 00:29:10 | 000,002,062 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\searchplugins\qip-search.xml
[2012.03.06 00:16:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.06 00:16:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FLO\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\H2H6CUOS.DEFAULT\EXTENSIONS\{AD48108D-92A6-4EB9-87E4-978ACA1DBAE4}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FLO\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\H2H6CUOS.DEFAULT\EXTENSIONS\ADD-TO-SEARCHBOX@MALTEKRAUS.DE.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FLO\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\H2H6CUOS.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.02.18 12:08:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.03.06 00:16:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.23 14:41:48 | 002,557,440 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFp530.dll
[2009.09.21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFv522.dll
[2011.09.23 14:43:02 | 001,623,552 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFv530.dll
[2012.01.12 22:38:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.12 22:38:34 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.01.12 22:38:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.12 22:38:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.12 22:38:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.12 22:38:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.03.06 05:51:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-1644491937-861567501-839522115-1003\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKU\S-1-5-21-1644491937-861567501-839522115-1003\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TabletTip] C:\Programme\Gemeinsame Dateien\microsoft shared\ink\tabtip.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UIExec] C:\Programme\Join Air\UIExec.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Watch.lnk = C:\Programme\4.0M MPEG4 DV\Console\Watch.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\flo\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: In 1&&1 SoftPhone wählen - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\ContextMenuHandler.html ()
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1112610A-13BC-453D-BD87-A101219290C4}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (sfklg.dll) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\loginkey: DllName - (C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\loginkey.dll) - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\loginkey.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
 
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E30AC7CA-ED4A-48A8-A539-A711A256B163} - Vektorgrafik-Rendering (VML)
ActiveX: {E55010A4-6F00-201C-B8B3-80AE9A1744D6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.CSCD - C:\WINDOWS\System32\camcodec.dll (RenderSoft Software.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.IPJ2 - jp2avi.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LAGS - lagarith.dll File not found
Drivers32: VIDC.SP54 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP55 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP56 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP57 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP58 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: vidc.VP40 - vp4vfw.dll File not found
Drivers32: vidc.VP60 - vp6vfw.dll File not found
Drivers32: vidc.VP61 - vp6vfw.dll File not found
Drivers32: vidc.VP70 - vp7vfw.dll File not found
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.07 11:10:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012.03.06 17:27:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Desktop\110937-gema-trojaner-100-euro-version-win-xp-Dateien
[2012.03.06 13:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Malwarebytes
[2012.03.06 13:31:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.03.06 13:31:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.03.06 13:31:18 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.06 13:31:18 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.03.06 12:35:04 | 000,000,000 | ---D | C] -- C:\Programme\rkfree
[2012.03.06 12:35:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rkfree
[2012.03.06 05:51:36 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012.03.06 05:48:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.03.06 00:16:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012.02.29 10:57:46 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Nokia Suite
[2012.02.29 10:41:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia Suite
[2012.02.29 10:40:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\NokiaAccount
[2012.02.29 10:25:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\Nokia
[2012.02.29 10:24:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia
[2012.02.29 10:24:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2012.02.29 10:24:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\PC Suite
[2012.02.29 10:24:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nokia
[2012.02.29 10:23:58 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Nokia
[2012.02.29 10:23:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2012.02.28 13:18:11 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox
[2012.02.28 12:40:45 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2012.02.28 12:40:32 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2012.02.28 12:40:13 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2012.02.28 12:40:12 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2012.02.28 12:40:11 | 000,023,168 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2012.02.28 12:40:10 | 000,605,696 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2012.02.28 12:40:10 | 000,123,904 | ---- | C] (Nokia) -- C:\WINDOWS\System32\ccdcmbwu.dll
[2012.02.28 12:40:10 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2012.02.28 12:40:09 | 000,075,264 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2012.02.28 12:37:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2012.02.28 12:35:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2012.02.28 12:35:23 | 000,000,000 | ---D | C] -- C:\Programme\Nokia
[2012.02.14 12:30:21 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.02.11 22:23:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Flatcast
[2012.02.11 11:31:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.02.11 11:29:17 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2012.02.11 11:29:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Karaoke Anything!
[2012.02.11 11:29:15 | 000,000,000 | ---D | C] -- C:\Programme\Karaoke Anything!
[2012.02.11 11:27:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sibelius Software
[2012.02.11 11:27:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Sibelius Software
[2012.02.10 13:02:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sibelius Software
[2012.02.10 13:02:59 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Scores
[2012.02.10 12:59:18 | 000,000,000 | ---D | C] -- C:\Programme\Sibelius Software
[2011.04.02 17:11:02 | 000,818,176 | ---- | C] (Image-Line) -- C:\Programme\Kopie von FL Studio VSTi.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.07 11:28:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.07 11:10:01 | 000,449,334 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.03.07 11:10:01 | 000,433,130 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.03.07 11:10:01 | 000,080,302 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.03.07 11:10:01 | 000,067,704 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.03.07 11:05:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.07 11:05:18 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.07 11:05:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.06 17:27:13 | 000,153,225 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Desktop\110937-gema-trojaner-100-euro-version-win-xp.html
[2012.03.06 13:33:36 | 000,000,543 | ---- | M] () -- C:\WINDOWS\Sam9_D.INI
[2012.03.06 13:31:20 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.06 11:47:31 | 000,188,416 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.06 00:01:34 | 000,883,431 | ---- | M] () -- C:\_OTL.zip
[2012.03.05 13:46:02 | 000,002,241 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.03.01 21:29:55 | 000,020,180 | ---- | M] () -- C:\WINDOWS\System32\sfklg.dat
[2012.02.29 10:37:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.02.29 10:37:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf
[2012.02.29 10:31:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012.02.29 10:31:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.02.29 10:31:41 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012.02.29 10:24:21 | 000,001,717 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nokia Suite.lnk
[2012.02.28 22:37:17 | 000,001,014 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Desktop\Dropbox.lnk
[2012.02.28 17:39:27 | 000,224,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.28 12:38:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012.02.28 12:37:10 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012.02.11 22:45:10 | 000,002,292 | ---- | M] () -- C:\WINDOWS\unins002.dat
[2012.02.11 22:45:08 | 000,715,038 | ---- | M] () -- C:\WINDOWS\unins002.exe
[2012.02.11 22:27:44 | 000,002,368 | ---- | M] () -- C:\WINDOWS\unins001.dat
[2012.02.11 22:27:42 | 000,715,038 | ---- | M] () -- C:\WINDOWS\unins001.exe
[2012.02.11 22:23:21 | 000,000,898 | ---- | M] () -- C:\WINDOWS\unins000.dat
[2012.02.11 22:23:18 | 000,695,578 | ---- | M] () -- C:\WINDOWS\unins000.exe
[2012.02.11 11:31:41 | 000,000,624 | -H-- | M] () -- C:\WINDOWS\System32\T4
[2012.02.11 11:29:07 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2012.02.11 11:27:27 | 000,000,604 | -H-- | M] () -- C:\Programme\STLL Notifier
[2012.02.10 21:40:10 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei4
[2012.02.10 21:40:10 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei2
[2012.02.10 21:40:10 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei3
[2012.02.10 21:40:10 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei1
[2012.02.10 21:40:10 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei7
[2012.02.10 21:40:10 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei5
[2012.02.10 21:40:10 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\Datei0
[2012.02.10 21:40:10 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei9
[2012.02.10 21:40:10 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei8
[2012.02.10 21:40:10 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei10
[2012.02.10 21:40:10 | 000,000,465 | ---- | M] () -- C:\WINDOWS\System32\Datei6
[2012.02.10 13:03:12 | 000,000,444 | ---- | M] () -- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2012.02.10 13:02:59 | 000,001,786 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sibelius 6.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.06 17:27:11 | 000,153,225 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\Desktop\110937-gema-trojaner-100-euro-version-win-xp.html
[2012.03.06 13:31:20 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.06 00:01:31 | 000,883,431 | ---- | C] () -- C:\_OTL.zip
[2012.02.29 10:37:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.02.29 10:37:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf
[2012.02.29 10:31:42 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012.02.29 10:31:41 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012.02.29 10:24:21 | 000,001,717 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nokia Suite.lnk
[2012.02.28 12:37:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012.02.11 22:45:10 | 000,715,038 | ---- | C] () -- C:\WINDOWS\unins002.exe
[2012.02.11 22:45:10 | 000,002,292 | ---- | C] () -- C:\WINDOWS\unins002.dat
[2012.02.11 22:27:43 | 000,715,038 | ---- | C] () -- C:\WINDOWS\unins001.exe
[2012.02.11 22:27:43 | 000,002,368 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2012.02.11 22:23:20 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2012.02.11 22:23:20 | 000,000,898 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2012.02.11 11:31:41 | 000,000,624 | -H-- | C] () -- C:\WINDOWS\System32\T4
[2012.02.11 11:27:27 | 000,000,604 | -H-- | C] () -- C:\Programme\STLL Notifier
[2012.02.10 13:02:59 | 000,001,786 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sibelius 6.lnk
[2012.02.10 12:59:03 | 000,000,444 | ---- | C] () -- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2012.01.14 17:00:00 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2012.01.14 16:59:31 | 000,000,074 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2012.01.14 16:59:27 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2012.01.14 16:59:27 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2012.01.14 16:59:27 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2012.01.14 16:59:27 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2012.01.14 16:58:54 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2011.12.23 12:24:51 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.12.23 08:33:11 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2011.09.12 19:43:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011.09.12 19:43:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011.09.12 19:43:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2011.09.12 19:43:19 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2011.09.12 19:43:19 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2011.08.05 12:24:02 | 000,000,030 | ---- | C] () -- C:\Programme\Exiferupdate.ini
[2011.07.28 18:23:36 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
[2011.07.28 18:23:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2011.07.28 18:23:02 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\mvusbews.dll
[2011.07.28 18:22:57 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2011.07.18 16:14:01 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
[2011.04.11 20:56:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2011.04.06 16:01:20 | 000,030,461 | ---- | C] () -- C:\WINDOWS\snap099.dat
[2011.04.06 16:01:20 | 000,029,565 | ---- | C] () -- C:\WINDOWS\snap098.dat
[2011.04.06 16:01:20 | 000,028,669 | ---- | C] () -- C:\WINDOWS\snap097.dat
[2011.04.06 16:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap095.dat
[2011.04.06 16:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap094.dat
[2011.04.06 16:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap093.dat
[2011.04.06 16:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap090.dat
[2011.04.06 16:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap089.dat
[2011.04.06 16:01:20 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap096.dat
[2011.04.06 16:01:20 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap092.dat
[2011.04.06 16:01:20 | 000,025,981 | ---- | C] () -- C:\WINDOWS\snap091.dat
[2011.04.06 16:01:19 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap088.dat
[2011.04.06 16:01:19 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap087.dat
[2011.04.06 16:01:19 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap086.dat
[2011.04.06 16:01:19 | 000,025,981 | ---- | C] () -- C:\WINDOWS\snap085.dat
[2011.04.06 16:01:19 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap084.dat
[2011.04.06 16:01:19 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap083.dat
[2011.04.06 16:01:19 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap082.dat
[2011.04.06 16:01:19 | 000,022,397 | ---- | C] () -- C:\WINDOWS\snap081.dat
[2011.04.06 16:01:19 | 000,021,501 | ---- | C] () -- C:\WINDOWS\snap080.dat
[2011.04.06 16:01:19 | 000,020,605 | ---- | C] () -- C:\WINDOWS\snap079.dat
[2011.04.06 16:01:19 | 000,019,709 | ---- | C] () -- C:\WINDOWS\snap078.dat
[2011.04.06 16:01:19 | 000,019,709 | ---- | C] () -- C:\WINDOWS\snap077.dat
[2011.04.06 16:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap072.dat
[2011.04.06 16:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap069.dat
[2011.04.06 16:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap068.dat
[2011.04.06 16:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap067.dat
[2011.04.06 16:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap066.dat
[2011.04.06 16:01:18 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap073.dat
[2011.04.06 16:01:18 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap071.dat
[2011.04.06 16:01:18 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap070.dat
[2011.04.06 16:01:18 | 000,022,397 | ---- | C] () -- C:\WINDOWS\snap074.dat
[2011.04.06 16:01:18 | 000,021,501 | ---- | C] () -- C:\WINDOWS\snap075.dat
[2011.04.06 16:01:18 | 000,020,605 | ---- | C] () -- C:\WINDOWS\snap076.dat
[2011.04.06 16:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap061.dat
[2011.04.06 16:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap060.dat
[2011.04.06 16:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap059.dat
[2011.04.06 16:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap058.dat
[2011.04.06 16:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap057.dat
[2011.04.06 16:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap055.dat
[2011.04.06 16:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap053.dat
[2011.04.06 16:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap065.dat
[2011.04.06 16:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap064.dat
[2011.04.06 16:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap063.dat
[2011.04.06 16:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap062.dat
[2011.04.06 16:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap056.dat
[2011.04.06 16:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap054.dat
[2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap052.dat
[2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap051.dat
[2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap050.dat
[2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap049.dat
[2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap048.dat
[2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap047.dat
[2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap046.dat
[2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap045.dat
[2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap044.dat
[2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap043.dat
[2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap042.dat
[2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap041.dat
[2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap040.dat
[2011.04.06 16:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap039.dat
[2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap038.dat
[2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap037.dat
[2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap036.dat
[2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap035.dat
[2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap034.dat
[2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap033.dat
[2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap032.dat
[2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap031.dat
[2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap030.dat
[2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap029.dat
[2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap028.dat
[2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap027.dat
[2011.04.06 16:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap026.dat
[2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap025.dat
[2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap024.dat
[2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap023.dat
[2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap022.dat
[2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap021.dat
[2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap020.dat
[2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap019.dat
[2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap018.dat
[2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap017.dat
[2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap016.dat
[2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap015.dat
[2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap014.dat
[2011.04.06 16:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap013.dat
[2011.04.06 16:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap012.dat
[2011.04.06 16:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap011.dat
[2011.04.06 16:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap010.dat
[2011.04.06 16:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap009.dat
[2011.04.06 16:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap008.dat
[2011.04.06 16:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap007.dat
[2011.04.06 16:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap006.dat
[2011.04.06 16:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap005.dat
[2011.04.06 16:00:41 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap004.dat
[2011.04.06 16:00:41 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap003.dat
[2011.04.06 16:00:30 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap002.dat
[2011.04.06 16:00:29 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap001.dat
[2011.04.06 16:00:29 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap000.dat
[2011.04.06 15:58:29 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2011.04.06 15:58:25 | 000,002,042 | ---- | C] () -- C:\WINDOWS\Ca536a.ini
[2011.03.23 19:39:32 | 000,000,038 | -HS- | C] () -- C:\WINDOWS\camcodec100.ini
[2011.03.23 19:39:32 | 000,000,028 | -HS- | C] () -- C:\WINDOWS\lagarith.ini
[2011.03.23 19:39:18 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011.03.23 18:39:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2011.03.21 17:04:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kopie von musicmaker.INI
[2011.03.21 16:16:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\musicmaker.INI
[2011.03.21 16:13:46 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini
[2011.03.21 15:54:10 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\mgxasio.dll
[2011.03.19 23:57:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.03.18 09:55:30 | 000,000,543 | ---- | C] () -- C:\WINDOWS\Sam9_D.INI
[2011.03.18 09:51:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2011.03.18 09:51:19 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2011.03.18 09:48:46 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.03.17 18:46:25 | 000,020,180 | ---- | C] () -- C:\WINDOWS\System32\sfklg.dat
[2011.03.16 00:09:20 | 000,188,416 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.15 12:42:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.03.15 02:28:05 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2011.03.15 01:19:29 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.03.15 01:14:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.03.15 01:04:58 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.03.15 00:41:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.03.15 00:40:35 | 000,224,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== LOP Check ==========
 
[2011.06.09 16:02:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1&1
[2011.06.12 21:48:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Applian
[2011.03.21 22:47:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2011.03.25 23:52:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GARMIN
[2011.03.22 22:30:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2011.09.12 19:43:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Minnetonka Audio Software
[2012.02.29 10:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2012.02.28 12:35:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2012.02.29 10:36:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2011.03.28 09:23:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PDF Writer
[2012.03.06 12:35:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rkfree
[2012.01.17 22:20:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Stardraw.com Ltd
[2011.07.21 17:17:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Telestream
[2012.03.06 20:05:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.10.17 18:15:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\.oit
[2011.06.09 16:04:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\1&1
[2012.01.21 14:54:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\ASCOMP Software
[2011.07.21 11:33:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\avidemux
[2012.02.10 11:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Azureus
[2012.01.22 10:19:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DesktopIconForAmazon
[2011.07.02 20:44:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Downloadr
[2012.03.06 12:26:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Dropbox
[2011.10.31 11:41:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DVDVideoSoft
[2011.10.31 11:41:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.02.11 22:23:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Flatcast
[2011.07.22 09:44:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\GARMIN
[2011.07.18 12:32:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\GetRightToGo
[2011.03.16 00:07:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\GrabPro
[2011.04.02 10:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Gutscheinmieze
[2011.03.21 17:23:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\MAGIX
[2012.02.29 10:41:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia
[2012.02.29 10:41:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia Suite
[2011.11.26 12:40:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Opera
[2012.03.06 11:33:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Orbit
[2012.02.29 10:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\PC Suite
[2011.03.28 09:23:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\PDF Writer
[2011.03.16 00:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\ProgSense
[2011.03.16 00:11:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\QIP
[2011.03.16 00:29:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\QipGuard
[2011.07.21 17:17:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Vara Software
[2011.08.22 13:57:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Wirecast
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.17 18:15:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\.oit
[2011.06.09 16:04:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\1&1
[2011.09.26 22:25:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Adobe
[2011.07.22 09:53:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Apple Computer
[2012.01.21 14:54:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\ASCOMP Software
[2011.07.21 11:33:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\avidemux
[2012.02.10 11:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Azureus
[2012.01.22 10:19:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DesktopIconForAmazon
[2011.07.02 20:44:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Downloadr
[2012.03.06 12:26:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Dropbox
[2011.04.06 20:35:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\dvdcss
[2011.10.31 11:41:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DVDVideoSoft
[2011.10.31 11:41:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.07.18 12:27:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\ESTsoft
[2012.02.11 22:23:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Flatcast
[2011.07.22 09:44:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\GARMIN
[2011.07.18 12:32:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\GetRightToGo
[2011.03.16 00:07:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\GrabPro
[2011.04.02 10:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Gutscheinmieze
[2011.07.28 13:33:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Help
[2011.03.15 01:19:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Identities
[2011.03.15 02:01:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\InstallShield
[2011.03.15 14:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Macromedia
[2011.03.21 17:23:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\MAGIX
[2012.03.06 13:31:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Malwarebytes
[2011.12.22 19:24:04 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft
[2012.02.11 22:27:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla
[2012.02.29 10:41:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia
[2012.02.29 10:41:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia Suite
[2011.11.26 12:40:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Opera
[2012.03.06 11:33:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Orbit
[2012.02.29 10:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\PC Suite
[2011.03.28 09:23:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\PDF Writer
[2011.03.16 00:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\ProgSense
[2011.03.16 00:11:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\QIP
[2011.03.16 00:29:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\QipGuard
[2011.03.23 18:56:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Real
[2012.02.11 11:31:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Sibelius Software
[2012.02.19 18:40:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Skype
[2011.08.22 13:38:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\skypePM
[2011.06.19 22:44:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Sun
[2011.06.22 13:24:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\U3
[2011.07.21 17:17:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Vara Software
[2012.02.29 10:08:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\vlc
[2011.08.22 13:57:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Wirecast
 
< %APPDATA%\*.exe /s >
[2011.07.02 16:24:49 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Azureus\plugins\mlab\ShaperProbeC.exe
[2012.01.21 14:52:40 | 000,753,664 | ---- | M] (Microsoft) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DesktopIconForAmazon\IconForAmazon.exe
[2012.02.17 01:23:00 | 026,530,760 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Dropbox\bin\Dropbox.exe
[2012.02.15 05:19:02 | 000,871,624 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Dropbox\bin\DropboxPhotoUpdate.exe
[2012.02.17 01:23:34 | 000,174,152 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Dropbox\bin\Uninstall.exe
[2011.03.15 02:12:39 | 000,057,344 | R--- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Installer\{7F362F06-A9A3-440F-8B19-6A01A72723C4}\ARPPRODUCTICON.exe
[2012.01.14 16:59:31 | 000,084,126 | R--- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Installer\{E994D0AC-CB70-4f1f-A1F7-59AC626FEECA}\stardraw.exe
[2010.07.26 13:41:56 | 000,188,416 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\QipGuard\QipGuard.exe
[2007.10.23 08:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\U3\temp\cleanup.exe
[2008.05.02 09:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
[2011.07.13 03:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
 
 
< MD5 for: AGP440.SYS  >
[2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.03.19 23:47:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011.03.19 23:47:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.03.19 23:47:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011.03.19 23:47:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.02.28 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2006.02.28 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2006.02.28 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2006.02.28 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2006.02.28 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2006.02.28 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.02.28 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.03.15 12:51:03 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2011.03.15 01:39:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011.03.15 01:39:49 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011.03.15 01:39:49 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 3020 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rkfree:cfg
@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C8B8CEBD

< End of report >

cosinus 07.03.2012 14:40
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/search?query={searchTerms}&from=IE
IE - HKU\S-1-5-21-1644491937-861567501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 121.204.0.2:80
[2012.01.13 16:57:21 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
O3 - HKU\S-1-5-21-1644491937-861567501-839522115-1003\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O20 - AppInit_DLLs: (sfklg.dll) -  File not found
[2011.04.02 10:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Gutscheinmieze
@Alternate Data Stream - 3020 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rkfree:cfg
@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C8B8CEBD
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

bullahoch2 08.03.2012 10:18
Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1644491937-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_USERS\S-1-5-21-1644491937-861567501-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1644491937-861567501-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1644491937-861567501-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
HKU\S-1-5-21-1644491937-861567501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin folder moved successfully.
C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\modules folder moved successfully.
C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components folder moved successfully.
C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-1644491937-861567501-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:sfklg.dll deleted successfully.
C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Gutscheinmieze folder moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rkfree:cfg deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C8B8CEBD deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: flo
->Temp folder emptied: 146422326 bytes
->Temporary Internet Files folder emptied: 217270617 bytes
->Java cache emptied: 49530 bytes
->FireFox cache emptied: 281135142 bytes
->Flash cache emptied: 71873 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2148906 bytes
%systemroot%\System32 .tmp files removed: 3771271 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27266398 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 647,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.35.1 log created on 03082012_094028

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 08.03.2012 11:15
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

bullahoch2 08.03.2012 11:25
Code:
11:23:43.0031 3944        TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39
11:23:43.0156 3944        ============================================================
11:23:43.0156 3944        Current date / time: 2012/03/08 11:23:43.0156
11:23:43.0156 3944        SystemInfo:
11:23:43.0156 3944       
11:23:43.0156 3944        OS Version: 5.1.2600 ServicePack: 3.0
11:23:43.0156 3944        Product type: Workstation
11:23:43.0156 3944        ComputerName: FLOPTOP
11:23:43.0171 3944        UserName: flo
11:23:43.0171 3944        Windows directory: C:\WINDOWS
11:23:43.0171 3944        System windows directory: C:\WINDOWS
11:23:43.0171 3944        Processor architecture: Intel x86
11:23:43.0171 3944        Number of processors: 2
11:23:43.0171 3944        Page size: 0x1000
11:23:43.0171 3944        Boot type: Normal boot
11:23:43.0171 3944        ============================================================
11:23:46.0312 3944        Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1430, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:23:46.0359 3944        Drive \Device\Harddisk1\DR3 - Size: 0xF2E50000 (3.80 Gb), SectorSize: 0x200, Cylinders: 0x3DB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x80, Type 'W'
11:23:46.0375 3944        Drive \Device\Harddisk3\DR6 - Size: 0x3E800000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x7F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:23:46.0375 3944        Drive \Device\Harddisk6\DR13 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:23:53.0359 3944        \Device\Harddisk0\DR0:
11:23:53.0390 3944        MBR used
11:23:53.0390 3944        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x253EE31
11:23:53.0390 3944        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x253EE70, BlocksNum 0x2542980
11:23:53.0390 3944        \Device\Harddisk1\DR3:
11:23:53.0390 3944        MBR used
11:23:53.0390 3944        \Device\Harddisk1\DR3\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x795400
11:23:53.0390 3944        \Device\Harddisk3\DR6:
11:23:53.0390 3944        MBR used
11:23:53.0390 3944        \Device\Harddisk3\DR6\Partition0: MBR, Type 0x6, StartLBA 0x3B, BlocksNum 0x1F3F05
11:23:53.0390 3944        \Device\Harddisk6\DR13:
11:23:53.0390 3944        MBR used
11:23:53.0390 3944        \Device\Harddisk6\DR13\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
11:23:55.0328 3944        Initialize success
11:23:55.0328 3944        ============================================================
11:24:18.0031 3468        ============================================================
11:24:18.0031 3468        Scan started
11:24:18.0031 3468        Mode: Manual; SigCheck; TDLFS;
11:24:18.0031 3468        ============================================================
11:24:18.0312 3468        Abiosdsk - ok
11:24:18.0328 3468        abp480n5 - ok
11:24:18.0390 3468        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:24:20.0343 3468        ACPI - ok
11:24:20.0437 3468        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:24:20.0593 3468        ACPIEC - ok
11:24:20.0640 3468        ADIHdAudAddService (4e12c97cbfe99be15d7680918f9899ec) C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:24:20.0687 3468        ADIHdAudAddService - ok
11:24:20.0703 3468        adpu160m - ok
11:24:20.0734 3468        AEAudio        (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
11:24:20.0765 3468        AEAudio - ok
11:24:20.0890 3468        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:24:21.0093 3468        aec - ok
11:24:21.0156 3468        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:24:21.0218 3468        AFD - ok
11:24:21.0234 3468        AgereSoftModem - ok
11:24:21.0250 3468        Aha154x - ok
11:24:21.0265 3468        aic78u2 - ok
11:24:21.0281 3468        aic78xx - ok
11:24:21.0359 3468        aksfridge      (cb5a5079744a0535416d3a5e462c5efe) C:\WINDOWS\system32\drivers\aksfridge.sys
11:24:21.0453 3468        aksfridge - ok
11:24:21.0546 3468        AliIde - ok
11:24:21.0546 3468        amsint - ok
11:24:21.0562 3468        appliandMP - ok
11:24:21.0593 3468        asc - ok
11:24:21.0593 3468        asc3350p - ok
11:24:21.0609 3468        asc3550 - ok
11:24:21.0656 3468        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:24:21.0859 3468        AsyncMac - ok
11:24:21.0890 3468        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:24:22.0015 3468        atapi - ok
11:24:22.0031 3468        Atdisk - ok
11:24:22.0062 3468        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:24:22.0171 3468        Atmarpc - ok
11:24:22.0234 3468        ATSWPDRV        (69e65a2ce11619f0c868967ca9540b80) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
11:24:22.0265 3468        ATSWPDRV - ok
11:24:22.0296 3468        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:24:22.0421 3468        audstub - ok
11:24:22.0500 3468        b57w2k          (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:24:22.0562 3468        b57w2k - ok
11:24:22.0609 3468        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:24:22.0781 3468        Beep - ok
11:24:22.0890 3468        BTKRNL          (5c3807e7768023a1229c73296758a361) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
11:24:23.0015 3468        BTKRNL ( UnsignedFile.Multi.Generic ) - warning
11:24:23.0015 3468        BTKRNL - detected UnsignedFile.Multi.Generic (1)
11:24:23.0109 3468        BTWDNDIS        (b8bbc117fdb528227702637de468be72) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
11:24:23.0140 3468        BTWDNDIS ( UnsignedFile.Multi.Generic ) - warning
11:24:23.0140 3468        BTWDNDIS - detected UnsignedFile.Multi.Generic (1)
11:24:23.0156 3468        btwmodem        (2d0dfa6d7d74bd249d74cf652b78055c) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
11:24:23.0171 3468        btwmodem ( UnsignedFile.Multi.Generic ) - warning
11:24:23.0171 3468        btwmodem - detected UnsignedFile.Multi.Generic (1)
11:24:23.0203 3468        BTWUSB          (7024e11dab9410b31a37547575249dd7) C:\WINDOWS\system32\Drivers\btwusb.sys
11:24:23.0250 3468        BTWUSB ( UnsignedFile.Multi.Generic ) - warning
11:24:23.0250 3468        BTWUSB - detected UnsignedFile.Multi.Generic (1)
11:24:23.0312 3468        Ca536av        (2fec2e18aff42ff28189410d244d3f03) C:\WINDOWS\system32\Drivers\Ca536av.sys
11:24:23.0421 3468        Ca536av - ok
11:24:23.0515 3468        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:24:23.0703 3468        cbidf2k - ok
11:24:23.0750 3468        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:24:23.0875 3468        CCDECODE - ok
11:24:23.0875 3468        cd20xrnt - ok
11:24:23.0921 3468        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:24:24.0031 3468        Cdaudio - ok
11:24:24.0062 3468        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:24:24.0171 3468        Cdfs - ok
11:24:24.0203 3468        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:24:24.0328 3468        Cdrom - ok
11:24:24.0390 3468        Changer - ok
11:24:24.0421 3468        CLEDX          (b53f9635457b56dcffef750e18aec6cb) C:\WINDOWS\system32\DRIVERS\cledx.sys
11:24:24.0437 3468        CLEDX ( UnsignedFile.Multi.Generic ) - warning
11:24:24.0437 3468        CLEDX - detected UnsignedFile.Multi.Generic (1)
11:24:24.0468 3468        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:24:24.0593 3468        CmBatt - ok
11:24:24.0609 3468        CmdIde - ok
11:24:24.0640 3468        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:24:24.0765 3468        Compbatt - ok
11:24:24.0796 3468        Cpqarray - ok
11:24:24.0812 3468        dac2w2k - ok
11:24:24.0828 3468        dac960nt - ok
11:24:24.0843 3468        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:24:25.0031 3468        Disk - ok
11:24:25.0093 3468        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
11:24:25.0250 3468        dmboot - ok
11:24:25.0296 3468        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
11:24:25.0406 3468        dmio - ok
11:24:25.0484 3468        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:24:25.0609 3468        dmload - ok
11:24:25.0656 3468        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:24:25.0781 3468        DMusic - ok
11:24:25.0796 3468        dpti2o - ok
11:24:25.0843 3468        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:24:25.0968 3468        drmkaud - ok
11:24:26.0015 3468        eabusb          (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
11:24:26.0046 3468        eabusb - ok
11:24:26.0140 3468        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:24:26.0265 3468        Fastfat - ok
11:24:26.0312 3468        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:24:26.0421 3468        Fdc - ok
11:24:26.0453 3468        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
11:24:26.0562 3468        Fips - ok
11:24:26.0593 3468        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:24:26.0703 3468        Flpydisk - ok
11:24:26.0750 3468        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:24:26.0859 3468        FltMgr - ok
11:24:26.0968 3468        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:24:27.0078 3468        Fs_Rec - ok
11:24:27.0125 3468        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:24:27.0234 3468        Ftdisk - ok
11:24:27.0281 3468        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:24:27.0390 3468        Gpc - ok
11:24:27.0437 3468        GTIPCI21        (cea72ac01892b12514d15e21ef1bc75d) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
11:24:27.0453 3468        GTIPCI21 ( UnsignedFile.Multi.Generic ) - warning
11:24:27.0453 3468        GTIPCI21 - detected UnsignedFile.Multi.Generic (1)
11:24:27.0531 3468        Hardlock        (9de9a7a19195c57ef38b4ee25422f2d7) C:\WINDOWS\system32\drivers\hardlock.sys
11:24:27.0593 3468        Hardlock - ok
11:24:27.0671 3468        Haspnt          (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
11:24:27.0687 3468        Haspnt ( UnsignedFile.Multi.Generic ) - warning
11:24:27.0687 3468        Haspnt - detected UnsignedFile.Multi.Generic (1)
11:24:27.0734 3468        HBtnKey        (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
11:24:27.0796 3468        HBtnKey - ok
11:24:27.0828 3468        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:24:27.0937 3468        HDAudBus - ok
11:24:28.0000 3468        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:24:28.0109 3468        HidUsb - ok
11:24:28.0187 3468        hpn - ok
11:24:28.0218 3468        HpqKbFiltr      (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
11:24:28.0328 3468        HpqKbFiltr - ok
11:24:28.0437 3468        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:24:28.0750 3468        HTTP - ok
11:24:28.0812 3468        i2omgmt - ok
11:24:28.0812 3468        i2omp - ok
11:24:28.0859 3468        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:24:28.0968 3468        i8042prt - ok
11:24:29.0234 3468        ialm            (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:24:29.0687 3468        ialm - ok
11:24:29.0843 3468        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:24:29.0937 3468        Imapi - ok
11:24:29.0953 3468        ini910u - ok
11:24:29.0984 3468        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:24:30.0093 3468        IntelIde - ok
11:24:30.0140 3468        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:24:30.0234 3468        intelppm - ok
11:24:30.0281 3468        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:24:30.0390 3468        Ip6Fw - ok
11:24:30.0437 3468        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:24:30.0562 3468        IpFilterDriver - ok
11:24:30.0656 3468        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:24:30.0765 3468        IpInIp - ok
11:24:30.0796 3468        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:24:30.0906 3468        IpNat - ok
11:24:30.0937 3468        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:24:31.0046 3468        IPSec - ok
11:24:31.0093 3468        irda            (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
11:24:31.0203 3468        irda - ok
11:24:31.0203 3468        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:24:31.0296 3468        IRENUM - ok
11:24:31.0328 3468        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:24:31.0421 3468        isapnp - ok
11:24:31.0531 3468        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:24:31.0640 3468        Kbdclass - ok
11:24:31.0671 3468        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:24:31.0781 3468        kbdhid - ok
11:24:31.0828 3468        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:24:31.0921 3468        kmixer - ok
11:24:31.0968 3468        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:24:32.0062 3468        KSecDD - ok
11:24:32.0140 3468        lbrtfdc - ok
11:24:32.0187 3468        massfilter      (09721f2c56681a83c93ecdfab8b102a9) C:\WINDOWS\system32\drivers\massfilter.sys
11:24:32.0234 3468        massfilter - ok
11:24:32.0281 3468        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
11:24:32.0296 3468        MBAMProtector - ok
11:24:32.0328 3468        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:24:32.0500 3468        mnmdd - ok
11:24:32.0578 3468        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
11:24:32.0765 3468        Modem - ok
11:24:32.0843 3468        motmodem        (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
11:24:32.0890 3468        motmodem - ok
11:24:32.0921 3468        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:24:33.0046 3468        Mouclass - ok
11:24:33.0093 3468        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:24:33.0203 3468        mouhid - ok
11:24:33.0218 3468        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:24:33.0328 3468        MountMgr - ok
11:24:33.0359 3468        mraid35x - ok
11:24:33.0406 3468        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:24:33.0515 3468        MRxDAV - ok
11:24:33.0656 3468        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:24:33.0765 3468        MRxSmb - ok
11:24:33.0875 3468        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:24:34.0062 3468        Msfs - ok
11:24:34.0093 3468        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:24:34.0218 3468        MSKSSRV - ok
11:24:34.0250 3468        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:24:34.0343 3468        MSPCLOCK - ok
11:24:34.0390 3468        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:24:34.0484 3468        MSPQM - ok
11:24:34.0531 3468        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:24:34.0640 3468        mssmbios - ok
11:24:34.0718 3468        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:24:34.0843 3468        MSTEE - ok
11:24:34.0906 3468        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:24:34.0921 3468        Mup - ok
11:24:34.0984 3468        mvusbews        (b9df137953a5280eddbd4a705ca093a2) C:\WINDOWS\system32\Drivers\mvusbews.sys
11:24:35.0031 3468        mvusbews - ok
11:24:35.0062 3468        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:24:35.0203 3468        NABTSFEC - ok
11:24:35.0296 3468        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:24:35.0437 3468        NDIS - ok
11:24:35.0468 3468        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:24:35.0656 3468        NdisIP - ok
11:24:35.0703 3468        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:24:35.0765 3468        NdisTapi - ok
11:24:35.0796 3468        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:24:35.0906 3468        Ndisuio - ok
11:24:36.0000 3468        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:24:36.0109 3468        NdisWan - ok
11:24:36.0140 3468        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:24:36.0234 3468        NDProxy - ok
11:24:36.0265 3468        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:24:36.0406 3468        NetBIOS - ok
11:24:36.0437 3468        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:24:36.0593 3468        NetBT - ok
11:24:36.0796 3468        NETw4x32        (d57258165aba8162de8e29d71487fc4b) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
11:24:37.0015 3468        NETw4x32 - ok
11:24:37.0109 3468        NetworkX        (5ef7dd401771693245d46f4b0b69fe2b) C:\WINDOWS\system32\ckldrv.sys
11:24:37.0156 3468        NetworkX ( UnsignedFile.Multi.Generic ) - warning
11:24:37.0156 3468        NetworkX - detected UnsignedFile.Multi.Generic (1)
11:24:37.0218 3468        nmwcd          (f6c40e0a565ee3ce5aeeb325e10054f2) C:\WINDOWS\system32\drivers\ccdcmb.sys
11:24:37.0781 3468        nmwcd - ok
11:24:37.0875 3468        nmwcdc          (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
11:24:38.0000 3468        nmwcdc - ok
11:24:38.0015 3468        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:24:38.0203 3468        Npfs - ok
11:24:38.0265 3468        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:24:38.0390 3468        Ntfs - ok
11:24:38.0421 3468        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:24:38.0531 3468        Null - ok
11:24:38.0640 3468        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:24:38.0750 3468        NwlnkFlt - ok
11:24:38.0765 3468        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:24:38.0875 3468        NwlnkFwd - ok
11:24:38.0906 3468        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
11:24:39.0015 3468        Parport - ok
11:24:39.0046 3468        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:24:39.0171 3468        PartMgr - ok
11:24:39.0218 3468        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
11:24:39.0343 3468        ParVdm - ok
11:24:39.0437 3468        pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
11:24:39.0484 3468        pccsmcfd - ok
11:24:39.0609 3468        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
11:24:39.0765 3468        PCI - ok
11:24:39.0781 3468        PCIDump - ok
11:24:39.0828 3468        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:24:40.0031 3468        PCIIde - ok
11:24:40.0093 3468        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:24:40.0218 3468        Pcmcia - ok
11:24:40.0234 3468        PDCOMP - ok
11:24:40.0250 3468        PDFRAME - ok
11:24:40.0265 3468        PDRELI - ok
11:24:40.0281 3468        PDRFRAME - ok
11:24:40.0296 3468        perc2 - ok
11:24:40.0296 3468        perc2hib - ok
11:24:40.0343 3468        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:24:40.0453 3468        PptpMiniport - ok
11:24:40.0515 3468        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:24:40.0640 3468        PSched - ok
11:24:40.0656 3468        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:24:40.0765 3468        Ptilink - ok
11:24:40.0812 3468        PxHelp20        (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
11:24:40.0828 3468        PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
11:24:40.0828 3468        PxHelp20 - detected UnsignedFile.Multi.Generic (1)
11:24:40.0875 3468        ql1080 - ok
11:24:40.0890 3468        Ql10wnt - ok
11:24:40.0906 3468        ql12160 - ok
11:24:40.0921 3468        ql1240 - ok
11:24:40.0937 3468        ql1280 - ok
11:24:40.0984 3468        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:24:41.0093 3468        RasAcd - ok
11:24:41.0140 3468        Rasirda        (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:24:41.0203 3468        Rasirda - ok
11:24:41.0265 3468        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:24:41.0375 3468        Rasl2tp - ok
11:24:41.0421 3468        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:24:41.0531 3468        RasPppoe - ok
11:24:41.0593 3468        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:24:41.0703 3468        Raspti - ok
11:24:41.0765 3468        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:24:41.0859 3468        Rdbss - ok
11:24:41.0906 3468        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:24:42.0031 3468        RDPCDD - ok
11:24:42.0078 3468        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:24:42.0187 3468        rdpdr - ok
11:24:42.0296 3468        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:24:42.0328 3468        RDPWD - ok
11:24:42.0375 3468        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:24:42.0484 3468        redbook - ok
11:24:42.0515 3468        ROOTMODEM      (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
11:24:42.0609 3468        ROOTMODEM - ok
11:24:42.0656 3468        sdbus          (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:24:42.0765 3468        sdbus - ok
11:24:42.0796 3468        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:24:42.0906 3468        Secdrv - ok
11:24:42.0968 3468        Serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:24:43.0078 3468        Serenum - ok
11:24:43.0109 3468        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
11:24:43.0218 3468        Serial - ok
11:24:43.0281 3468        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:24:43.0390 3468        Sfloppy - ok
11:24:43.0406 3468        Simbad - ok
11:24:43.0437 3468        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:24:43.0546 3468        SLIP - ok
11:24:43.0593 3468        SMCIRDA        (d03a4cdb1b089e3f6c23501339506e5e) C:\WINDOWS\system32\DRIVERS\smcirda.sys
11:24:43.0640 3468        SMCIRDA - ok
11:24:43.0656 3468        Sparrow - ok
11:24:43.0687 3468        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:24:43.0796 3468        splitter - ok
11:24:43.0906 3468        sptd            (a80cd850d69d996c832bea37e3a6aa1e) C:\WINDOWS\system32\Drivers\sptd.sys
11:24:43.0906 3468        Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
11:24:43.0906 3468        sptd ( LockedFile.Multi.Generic ) - warning
11:24:43.0906 3468        sptd - detected LockedFile.Multi.Generic (1)
11:24:43.0953 3468        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
11:24:44.0062 3468        sr - ok
11:24:44.0171 3468        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:24:44.0250 3468        Srv - ok
11:24:44.0359 3468        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:24:44.0453 3468        streamip - ok
11:24:44.0484 3468        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:24:44.0593 3468        swenum - ok
11:24:44.0625 3468        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:24:44.0718 3468        swmidi - ok
11:24:44.0765 3468        symc810 - ok
11:24:44.0765 3468        symc8xx - ok
11:24:44.0781 3468        sym_hi - ok
11:24:44.0796 3468        sym_u3 - ok
11:24:44.0843 3468        SynTP          (13e0d1974ce03e88c265a68325cb16de) C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:24:44.0906 3468        SynTP - ok
11:24:45.0000 3468        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:24:45.0125 3468        sysaudio - ok
11:24:45.0187 3468        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:24:45.0312 3468        Tcpip - ok
11:24:45.0343 3468        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:24:45.0468 3468        TDPIPE - ok
11:24:45.0578 3468        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:24:45.0687 3468        TDTCP - ok
11:24:45.0718 3468        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:24:45.0812 3468        TermDD - ok
11:24:45.0859 3468        tifm21          (c424f991494e5674f2e9b3cf9f5f55d1) C:\WINDOWS\system32\drivers\tifm21.sys
11:24:45.0875 3468        tifm21 ( UnsignedFile.Multi.Generic ) - warning
11:24:45.0875 3468        tifm21 - detected UnsignedFile.Multi.Generic (1)
11:24:45.0890 3468        TosIde - ok
11:24:45.0937 3468        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:24:46.0046 3468        Udfs - ok
11:24:46.0062 3468        ultra - ok
11:24:46.0125 3468        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:24:46.0281 3468        Update - ok
11:24:46.0375 3468        upperdev        (47f5f9d837d80ffd5882a14db9da0a67) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
11:24:46.0453 3468        upperdev - ok
11:24:46.0500 3468        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
11:24:46.0609 3468        usbaudio - ok
11:24:46.0640 3468        USBCamera      (2038824260efdffa6f78d9bef767622d) C:\WINDOWS\system32\Drivers\Bulk536.sys
11:24:46.0703 3468        USBCamera - ok
11:24:46.0750 3468        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:24:46.0843 3468        usbccgp - ok
11:24:46.0875 3468        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:24:46.0984 3468        usbehci - ok
11:24:47.0062 3468        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:24:47.0187 3468        usbhub - ok
11:24:47.0218 3468        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:24:47.0343 3468        usbprint - ok
11:24:47.0375 3468        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:24:47.0500 3468        usbscan - ok
11:24:47.0531 3468        usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
11:24:47.0640 3468        usbser - ok
11:24:47.0687 3468        UsbserFilt      (e44f0d17be0908b58dcc99ccb99c6c32) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
11:24:47.0750 3468        UsbserFilt - ok
11:24:47.0843 3468        usbstor        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:24:47.0953 3468        usbstor - ok
11:24:47.0984 3468        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:24:48.0078 3468        usbuhci - ok
11:24:48.0109 3468        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:24:48.0265 3468        VgaSave - ok
11:24:48.0281 3468        ViaIde - ok
11:24:48.0328 3468        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
11:24:48.0500 3468        VolSnap - ok
11:24:48.0546 3468        WacomPen        (aced8c149b30f8496c237bcba3727b48) C:\WINDOWS\system32\DRIVERS\wacompen.sys
11:24:48.0640 3468        WacomPen - ok
11:24:48.0671 3468        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:24:48.0781 3468        Wanarp - ok
11:24:48.0906 3468        Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:24:48.0921 3468        Wdf01000 - ok
11:24:48.0937 3468        WDICA - ok
11:24:48.0968 3468        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:24:49.0093 3468        wdmaud - ok
11:24:49.0156 3468        wisdpen        (dc2111b884ac9e942939e70869511526) C:\WINDOWS\system32\DRIVERS\wisdpen.sys
11:24:49.0156 3468        wisdpen - ok
11:24:49.0203 3468        WmiAcpi        (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:24:49.0359 3468        WmiAcpi - ok
11:24:49.0468 3468        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:24:49.0609 3468        WSTCODEC - ok
11:24:49.0656 3468        WudfPf          (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:24:49.0734 3468        WudfPf - ok
11:24:49.0781 3468        WudfRd          (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:24:49.0812 3468        WudfRd - ok
11:24:49.0875 3468        ZTEusbmdm6k    (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
11:24:49.0968 3468        ZTEusbmdm6k - ok
11:24:50.0031 3468        ZTEusbnmea      (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
11:24:50.0062 3468        ZTEusbnmea - ok
11:24:50.0093 3468        ZTEusbser6k    (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
11:24:50.0109 3468        ZTEusbser6k - ok
11:24:50.0140 3468        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
11:24:50.0375 3468        \Device\Harddisk0\DR0 - ok
11:24:50.0375 3468        MBR (0x1B8)    (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
11:24:50.0578 3468        \Device\Harddisk1\DR3 - ok
11:24:50.0593 3468        MBR (0x1B8)    (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR6
11:24:51.0968 3468        \Device\Harddisk3\DR6 - ok
11:24:51.0968 3468        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR13
11:24:52.0765 3468        \Device\Harddisk6\DR13 - ok
11:24:52.0781 3468        Boot (0x1200)  (70f4580ec94a70baa7ede7ac1354ed0d) \Device\Harddisk0\DR0\Partition0
11:24:52.0781 3468        \Device\Harddisk0\DR0\Partition0 - ok
11:24:52.0796 3468        Boot (0x1200)  (917615210f6554834d8803641b04cefd) \Device\Harddisk0\DR0\Partition1
11:24:52.0796 3468        \Device\Harddisk0\DR0\Partition1 - ok
11:24:52.0812 3468        Boot (0x1200)  (bffe8617e297d173e12ab9df2e50a3c2) \Device\Harddisk1\DR3\Partition0
11:24:52.0812 3468        \Device\Harddisk1\DR3\Partition0 - ok
11:24:52.0812 3468        Boot (0x1200)  (2d7fc1190cee36507815f5888cbb4c5f) \Device\Harddisk3\DR6\Partition0
11:24:52.0812 3468        \Device\Harddisk3\DR6\Partition0 - ok
11:24:52.0828 3468        Boot (0x1200)  (35e58e79ac486409f9c95ef4729b4eff) \Device\Harddisk6\DR13\Partition0
11:24:52.0828 3468        \Device\Harddisk6\DR13\Partition0 - ok
11:24:52.0828 3468        ============================================================
11:24:52.0828 3468        Scan finished
11:24:52.0828 3468        ============================================================
11:24:52.0937 3628        Detected object count: 11
11:24:52.0937 3628        Actual detected object count: 11
11:24:59.0687 3628        BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
11:24:59.0687 3628        BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:24:59.0687 3628        BTWDNDIS ( UnsignedFile.Multi.Generic ) - skipped by user
11:24:59.0687 3628        BTWDNDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:24:59.0687 3628        btwmodem ( UnsignedFile.Multi.Generic ) - skipped by user
11:24:59.0687 3628        btwmodem ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:24:59.0703 3628        BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
11:24:59.0703 3628        BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:24:59.0703 3628        CLEDX ( UnsignedFile.Multi.Generic ) - skipped by user
11:24:59.0703 3628        CLEDX ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:24:59.0703 3628        GTIPCI21 ( UnsignedFile.Multi.Generic ) - skipped by user
11:24:59.0703 3628        GTIPCI21 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:24:59.0703 3628        Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user
11:24:59.0703 3628        Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:24:59.0703 3628        NetworkX ( UnsignedFile.Multi.Generic ) - skipped by user
11:24:59.0703 3628        NetworkX ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:24:59.0718 3628        PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
11:24:59.0718 3628        PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:24:59.0718 3628        sptd ( LockedFile.Multi.Generic ) - skipped by user
11:24:59.0718 3628        sptd ( LockedFile.Multi.Generic ) - User select action: Skip
11:24:59.0718 3628        tifm21 ( UnsignedFile.Multi.Generic ) - skipped by user
11:24:59.0718 3628        tifm21 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 08.03.2012 11:41
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

bullahoch2 08.03.2012 13:57
Code:
ComboFix 12-03-08.01 - flo 08.03.2012  13:46:53.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2039.1650 [GMT 1:00]
ausgeführt von:: d:\downloads\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1
c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1\1&1 SmartFax\Settings.xml
c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\ContextMenuHandler.html
c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\que\notifyq.dqueue
c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\que\notifyq.lqueue
c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\SipClientSettings.xml
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\flo\Anwendungsdaten\1&1
c:\dokumente und einstellungen\flo\Anwendungsdaten\1&1\1&1 SmartFax\FaxNumberHistory.xml
c:\dokumente und einstellungen\flo\Anwendungsdaten\1&1\1&1 SmartFax\Settings.xml
c:\dokumente und einstellungen\flo\Anwendungsdaten\1&1\1&1 SoftPhone\CurrentLog.txt
c:\dokumente und einstellungen\flo\Anwendungsdaten\1&1\1&1 SoftPhone\QuickDial.xml
c:\dokumente und einstellungen\flo\Anwendungsdaten\1&1\1&1 SoftPhone\SipClientHistory.xml
c:\dokumente und einstellungen\flo\Anwendungsdaten\1&1\1&1 SoftPhone\SipClientSettings.xml
c:\dokumente und einstellungen\flo\Anwendungsdaten\1&1\1&1 SoftPhone\SipLog.cdb
c:\dokumente und einstellungen\flo\Anwendungsdaten\1&1\1&1 SoftPhone\SipLog.lck
c:\dokumente und einstellungen\flo\Anwendungsdaten\1&1\Common\Contacts.cdb
c:\dokumente und einstellungen\flo\Anwendungsdaten\1&1\Common\Contacts.lck
c:\windows\iun6002.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\sfklg.dat
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-08 bis 2012-03-08  ))))))))))))))))))))))))))))))
.
.
2012-03-08 05:22 . 2012-03-08 05:22        --------        d-----w-        c:\programme\MSXML 4.0
2012-03-07 10:21 . 2010-08-23 16:11        617472        -c----w-        c:\windows\system32\dllcache\comctl32.dll
2012-03-07 10:20 . 2010-11-02 15:17        40960        -c----w-        c:\windows\system32\dllcache\ndproxy.sys
2012-03-07 10:16 . 2011-12-19 08:53        449536        -c----w-        c:\windows\system32\dllcache\mshtmled.dll
2012-03-07 10:16 . 2011-12-19 08:53        37888        -c----w-        c:\windows\system32\dllcache\url.dll
2012-03-07 10:16 . 2011-12-19 08:53        532480        -c----w-        c:\windows\system32\dllcache\mstime.dll
2012-03-07 10:15 . 2010-02-12 10:03        293376        ------w-        c:\windows\system32\browserchoice.exe
2012-03-07 10:12 . 2011-04-29 19:07        852480        -c----w-        c:\windows\system32\dllcache\vgx.dll
2012-03-07 10:11 . 2011-07-08 14:02        10496        -c----w-        c:\windows\system32\dllcache\ndistapi.sys
2012-03-07 10:11 . 2012-01-11 19:06        3072        -c----w-        c:\windows\system32\dllcache\iacenc.dll
2012-03-07 10:11 . 2012-01-11 19:06        3072        ------w-        c:\windows\system32\iacenc.dll
2012-03-07 10:09 . 2010-10-11 14:59        45568        -c----w-        c:\windows\system32\dllcache\wab.exe
2012-03-06 12:31 . 2012-03-06 12:31        --------        d-----w-        c:\dokumente und einstellungen\flo\Anwendungsdaten\Malwarebytes
2012-03-06 12:31 . 2012-03-06 12:31        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-03-06 12:31 . 2012-03-06 12:31        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-03-06 12:31 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-06 11:35 . 2012-03-06 16:28        --------        d-----w-        c:\programme\rkfree
2012-03-06 11:35 . 2012-03-06 11:35        --------        d---a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\rkfree
2012-03-06 04:51 . 2011-07-13 02:55        2237440        ----a-r-        C:\OTLPE.exe
2012-03-06 04:48 . 2012-03-06 04:48        --------        d-----w-        C:\_OTL
2012-03-05 23:16 . 2012-03-05 23:16        --------        d-----w-        c:\programme\Gemeinsame Dateien\Java
2012-03-05 23:16 . 2012-03-05 23:16        73728        ----a-w-        c:\windows\system32\javacpl.cpl
2012-02-29 09:41 . 2012-02-29 09:41        --------        d-----w-        c:\dokumente und einstellungen\flo\Anwendungsdaten\Nokia Suite
2012-02-29 09:25 . 2012-02-29 09:29        --------        d-----w-        c:\dokumente und einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\Nokia
2012-02-29 09:24 . 2012-02-29 09:41        --------        d-----w-        c:\dokumente und einstellungen\flo\Anwendungsdaten\Nokia
2012-02-29 09:24 . 2012-02-29 09:36        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Suite
2012-02-29 09:24 . 2012-02-29 09:40        --------        d-----w-        c:\dokumente und einstellungen\flo\Anwendungsdaten\PC Suite
2012-02-29 09:23 . 2012-02-29 09:24        --------        d-----w-        c:\programme\Gemeinsame Dateien\Nokia
2012-02-29 09:23 . 2012-02-29 09:23        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Nokia
2012-02-28 12:18 . 2012-02-28 12:18        --------        d-----w-        c:\programme\Dropbox
2012-02-28 11:40 . 2008-08-26 08:26        18816        ----a-w-        c:\windows\system32\drivers\pccsmcfd.sys
2012-02-28 11:40 . 2012-02-28 11:40        --------        d-----w-        c:\programme\PC Connectivity Solution
2012-02-28 11:40 . 2011-11-01 09:07        8192        ----a-w-        c:\windows\system32\drivers\usbser_lowerfltj.sys
2012-02-28 11:40 . 2011-11-01 09:07        8192        ----a-w-        c:\windows\system32\drivers\usbser_lowerflt.sys
2012-02-28 11:40 . 2011-11-01 09:07        23168        ----a-w-        c:\windows\system32\drivers\ccdcmbo.sys
2012-02-28 11:40 . 2011-11-01 09:07        1461992        ----a-w-        c:\windows\system32\wdfcoinstaller01009.dll
2012-02-28 11:40 . 2011-11-01 09:07        18176        ----a-w-        c:\windows\system32\drivers\ccdcmb.sys
2012-02-28 11:40 . 2011-11-01 09:07        605696        ----a-w-        c:\windows\system32\nmwcdcocls.dll
2012-02-28 11:40 . 2011-11-01 09:07        123904        ----a-w-        c:\windows\system32\ccdcmbwu.dll
2012-02-28 11:40 . 2011-11-01 09:07        75264        ----a-w-        c:\windows\system32\nmwcdcls.dll
2012-02-28 11:38 . 2008-04-14 02:22        221184        ----a-w-        c:\windows\system32\wmpns.dll
2012-02-28 11:37 . 2012-02-29 09:37        --------        d-----w-        c:\windows\system32\drivers\UMDF
2012-02-28 11:35 . 2012-02-29 09:23        --------        d-----w-        c:\programme\Nokia
2012-02-14 11:30 . 2012-02-14 11:30        --------        d-----w-        c:\programme\ESET
2012-02-11 21:45 . 2012-02-11 21:45        715038        ----a-w-        c:\windows\unins002.exe
2012-02-11 21:45 . 2011-09-23 13:41        2557440        ----a-w-        c:\programme\Mozilla Firefox\plugins\NpFp530.dll
2012-02-11 21:27 . 2011-09-23 13:43        1623552        ----a-w-        c:\programme\Mozilla Firefox\plugins\NpFv530.dll
2012-02-11 21:27 . 2012-02-11 21:27        715038        ----a-w-        c:\windows\unins001.exe
2012-02-11 21:23 . 2009-09-21 10:00        1447328        ----a-w-        c:\programme\Mozilla Firefox\plugins\NpFv522.dll
2012-02-11 21:23 . 2012-02-11 21:23        --------        d-----w-        c:\dokumente und einstellungen\flo\Anwendungsdaten\Flatcast
2012-02-11 21:23 . 2012-02-11 21:23        695578        ----a-w-        c:\windows\unins000.exe
2012-02-11 10:29 . 2012-02-11 10:29        --------        d-----w-        c:\programme\Karaoke Anything!
2012-02-11 10:27 . 2012-02-11 10:27        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Sibelius Software
2012-02-11 10:27 . 2012-02-11 10:31        --------        d-----w-        c:\dokumente und einstellungen\flo\Anwendungsdaten\Sibelius Software
2012-02-10 11:59 . 2012-02-10 11:59        --------        d-----w-        c:\programme\Sibelius Software
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 23:16 . 2011-06-19 21:47        472808        -c--a-w-        c:\windows\system32\deployJava1.dll
2012-03-05 23:01 . 2012-03-05 23:01        883431        ----a-w-        C:\_OTL.zip
2012-01-14 15:58 . 2012-01-14 15:58        6656        ----a-w-        c:\windows\system32\haspvdd.dll
2012-01-14 15:58 . 2012-01-14 15:58        47616        ----a-w-        c:\windows\system32\drivers\Haspnt.sys
2012-01-12 17:20 . 2006-02-28 12:00        1860096        ----a-w-        c:\windows\system32\win32k.sys
2012-01-07 12:21 . 2012-01-07 12:21        1122304        ---h--w-        c:\windows\system32\wodfamop.dll
2012-01-07 12:19 . 2011-11-23 19:45        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-19 08:53 . 2006-02-28 12:00        81920        ----a-w-        c:\windows\system32\ieencode.dll
2011-12-19 08:53 . 2006-02-28 12:00        672768        ----a-w-        c:\windows\system32\wininet.dll
2011-12-19 08:53 . 2006-02-28 12:00        61952        ----a-w-        c:\windows\system32\tdc.ocx
2011-12-19 08:52 . 2006-02-28 12:00        371200        ----a-w-        c:\windows\system32\html.iec
2009-05-29 12:02 . 2011-04-02 16:11        818176        ----a-w-        c:\programme\Kopie von FL Studio VSTi.dll
2012-02-18 11:08 . 2012-01-12 21:38        134104        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
2007-02-21 12:47        31232        --sha-r-        c:\windows\system32\msfDX.dll
2008-03-16 14:30        216064        --sha-r-        c:\windows\system32\nbDX.dll
2010-01-06 23:00        107520        --sha-r-        c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\dokumente und einstellungen\flo\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\dokumente und einstellungen\flo\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\dokumente und einstellungen\flo\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\dokumente und einstellungen\flo\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384]
"TabletTip"="c:\programme\Gemeinsame Dateien\microsoft shared\ink\tabtip.exe" [2008-04-14 271872]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"QlbCtrl.exe"="c:\programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"UIExec"="c:\programme\Join Air\UIExec.exe" [2010-04-27 138072]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\dokumente und einstellungen\flo\Startmenü\Programme\Autostart\
Adobe Gamma.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\programme\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-27 581693]
Watch.lnk - c:\programme\4.0M MPEG4 DV\Console\Watch.exe [2011-4-6 208896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-14 02:22        47104        ----a-w-        c:\programme\Gemeinsame Dateien\Microsoft Shared\Ink\loginkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 02:43        11776        ----a-w-        c:\windows\system32\tabbtnwl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 02:22        32256        ----a-w-        c:\windows\system32\tpgwlnot.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programme\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programme\\1&1\\1&1 SoftPhone\\IPPHONEUI.EXE"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Sibelius Software\\Sibelius 6\\RegTool.exe"=
"c:\\Programme\\Sibelius Software\\Sibelius 6\\Sibelius.exe"=
"c:\\Dokumente und Einstellungen\\flo\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\WINDOWS\\system32\\WUAUCLT.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.03.2011 12:51 722416]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [28.07.2011 18:23 99896]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [06.03.2012 13:31 652360]
R2 UI Assistant Service;UI Assistant Service;c:\programme\Join Air\AssistantServices.exe [27.05.2011 13:34 247152]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [16.03.2011 11:21 33792]
R3 Com4QLBEx;Com4QLBEx;c:\programme\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21.04.2011 11:25 193840]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [09.05.2007 13:27 97280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06.03.2012 13:31 20464]
R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [22.01.2007 13:09 34736]
S2 Ca536av;4.0M MPEG4 DV Video Capture;c:\windows\system32\drivers\Ca536av.sys [06.04.2011 15:58 514155]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [31.05.2011 10:49 136176]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [31.05.2011 10:49 136176]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [27.05.2011 13:34 9216]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [28.07.2011 18:23 17408]
S3 WacomPen;Wacom HID-Treiber für seriellen Stift;c:\windows\system32\drivers\wacompen.sys [15.03.2011 00:44 14208]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 56877647
*Deregistered* - 56877647
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-05-31 09:49]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-05-31 09:49]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uDefault_Search_URL =
uInternet Settings,ProxyOverride = <local>
uSearchAssistant =
IE: &Download by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/202
IE: In 1&&1 SoftPhone wählen - c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\ContextMenuHandler.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Senden an &Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.ftp - 10.1.0.0
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 10.1.0.0
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 10.1.0.0
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 10.1.0.0
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Karaoke Anything!1.0 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-08 13:51
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:ae,a4,ff,78,f5,77,36,25,7b,67,5f,be,27,c5,3b,b8,27,30,d6,93,5d,
  be,af,75,29,08,7a,a4,4d,3d,36,88,b5,43,c4,03,2f,df,6b,b4,be,ee,6f,a2,76,2c,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:ae,a4,ff,78,f5,77,36,25,7b,67,5f,be,27,c5,3b,b8,27,30,d6,93,5d,
  be,af,75,29,08,7a,a4,4d,3d,36,88,b5,43,c4,03,2f,df,6b,b4,be,ee,6f,a2,76,2c,\
.
Zeit der Fertigstellung: 2012-03-08  13:56:32
ComboFix-quarantined-files.txt  2012-03-08 12:56
.
Vor Suchlauf: 1.080.221.696 Bytes frei
Nach Suchlauf: 1.107.738.624 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 07C82FC4D6B89D01CE18FD9FFFB2B514

cosinus 08.03.2012 14:39
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"=-
"1947:UDP"=-
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:21 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131