| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojanerfund TR/Eyestye.n.763 , Datei: C:\System Volume Information\_restore{E5C0502A-7E6B-48C6-820FWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.08.2011, 22:19
| #31 |
 |  Trojanerfund TR/Eyestye.n.763 , Datei: C:\System Volume Information\_restore{E5C0502A-7E6B-48C6-820F So jetzt bin ich wirklich mal gespannt auf deine Antwort  HIer erst mal das Log-File von OTL: Code:
ATTFilter OTL logfile created on: 30.08.2011 23:11:00 - Run 5 OTL by OldTimer - Version 3.2.26.2 Folder = C:\Dokumente und Einstellungen\ich\Eigene Dateien\Trojaner-Board\OTL Reports Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,36 Mb Total Physical Memory | 479,17 Mb Available Physical Memory | 46,82% Memory free 2,41 Gb Paging File | 1,98 Gb Available in Paging File | 82,43% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 105,48 Gb Total Space | 19,91 Gb Free Space | 18,87% Space Free | Partition Type: NTFS Drive D: | 1,47 Gb Total Space | 0,59 Gb Free Space | 40,41% Space Free | Partition Type: FAT32 Computer Name: KEVIN87 | User Name: ich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.22 00:52:49 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.08.14 22:11:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\ich\Eigene Dateien\Trojaner-Board\OTL Reports\OTL.exe PRC - [2011.07.01 16:36:24 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011.07.01 16:36:23 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe PRC - [2011.07.01 16:36:23 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.02 20:09:56 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.02.18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.12.13 09:45:50 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 22:12:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.07.17 14:21:24 | 000,173,056 | ---- | M] (MSI) -- C:\Programme\System Control Manager\MGSysCtrl.exe PRC - [2006.03.22 11:07:22 | 000,040,960 | ---- | M] () -- C:\Programme\System Control Manager\edd.exe PRC - [2005.08.17 15:57:30 | 000,090,112 | ---- | M] (sonix) -- C:\WINDOWS\tsnp2std.exe PRC - [2005.08.16 21:54:10 | 000,339,968 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe PRC - [2005.04.06 16:03:28 | 000,110,592 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe PRC - [2005.01.27 16:33:58 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe PRC - [2003.02.11 13:58:36 | 000,196,608 | ---- | M] () -- C:\Programme\DeTeMedien\Das Telefonbuch für Deutschland\OMAlarm.exe ========== Modules (SafeList) ========== MOD - [2011.08.27 13:37:20 | 001,626,490 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aescript.dll MOD - [2011.08.27 13:37:19 | 003,641,720 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aeheur.dll MOD - [2011.08.27 13:37:19 | 000,684,407 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aepack.dll MOD - [2011.08.27 13:37:17 | 000,401,780 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aegen.dll MOD - [2011.08.27 13:37:17 | 000,196,983 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aecore.dll MOD - [2011.08.22 00:52:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll MOD - [2011.08.22 00:52:49 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe MOD - [2011.08.22 00:52:49 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\freebl3.dll MOD - [2011.08.22 00:52:48 | 001,846,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.08.22 00:52:48 | 000,719,832 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\mozcpp19.dll MOD - [2011.08.22 00:52:48 | 000,715,736 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\mozcrt19.dll MOD - [2011.08.22 00:52:48 | 000,015,832 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\mozalloc.dll MOD - [2011.08.22 00:52:47 | 000,785,368 | ---- | M] (sqlite.org) -- C:\Programme\Mozilla Firefox\mozsqlite3.dll MOD - [2011.08.22 00:52:47 | 000,646,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\nss3.dll MOD - [2011.08.22 00:52:47 | 000,351,192 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\nssckbi.dll MOD - [2011.08.22 00:52:47 | 000,203,736 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\nspr4.dll MOD - [2011.08.22 00:52:47 | 000,105,432 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\nssdbm3.dll MOD - [2011.08.22 00:52:47 | 000,089,048 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\nssutil3.dll MOD - [2011.08.22 00:52:46 | 000,021,976 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\plc4.dll MOD - [2011.08.22 00:52:46 | 000,019,416 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\plds4.dll MOD - [2011.08.22 00:52:45 | 000,166,872 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\softokn3.dll MOD - [2011.08.22 00:52:45 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\ssl3.dll MOD - [2011.08.22 00:52:45 | 000,109,528 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\smime3.dll MOD - [2011.08.22 00:52:44 | 015,494,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\xul.dll MOD - [2011.08.22 00:52:44 | 000,019,416 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\xpcom.dll MOD - [2011.08.16 19:46:21 | 000,556,392 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avbb.dll MOD - [2011.08.14 22:11:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\ich\Eigene Dateien\Trojaner-Board\OTL Reports\OTL.exe MOD - [2011.08.11 18:50:16 | 000,280,232 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avsda.dll MOD - [2011.07.28 16:45:04 | 000,201,083 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aeoffice.dll MOD - [2011.07.28 16:45:02 | 000,254,327 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aehelp.dll MOD - [2011.07.17 20:34:55 | 000,639,349 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aerdl.dll MOD - [2011.07.01 16:36:24 | 000,873,832 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccgen.dll MOD - [2011.07.01 16:36:24 | 000,595,816 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccmguard.dll MOD - [2011.07.01 16:36:24 | 000,511,336 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccwgrd.dll MOD - [2011.07.01 16:36:24 | 000,446,312 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccguard.dll MOD - [2011.07.01 16:36:24 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe MOD - [2011.07.01 16:36:24 | 000,322,920 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\cchips.dll MOD - [2011.07.01 16:36:24 | 000,304,488 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccmsg.dll MOD - [2011.07.01 16:36:24 | 000,290,664 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccupdate.dll MOD - [2011.07.01 16:36:24 | 000,174,440 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\cclic.dll MOD - [2011.07.01 16:36:24 | 000,121,704 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\ccupdw.dll MOD - [2011.07.01 16:36:24 | 000,103,272 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\mgrs.dll MOD - [2011.07.01 16:36:24 | 000,044,904 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avpref.dll MOD - [2011.07.01 16:36:24 | 000,021,352 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccwgrdrc.dll MOD - [2011.07.01 16:36:23 | 002,633,064 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\rcimage.dll MOD - [2011.07.01 16:36:23 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe MOD - [2011.07.01 16:36:23 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe MOD - [2011.07.01 16:36:23 | 000,203,112 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avevtlog.dll MOD - [2011.07.01 16:36:23 | 000,089,960 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgio.dll MOD - [2011.06.06 12:55:32 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.06.06 12:55:30 | 000,394,136 | ---- | M] (Adobe Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.dll MOD - [2011.06.06 12:55:30 | 000,064,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll MOD - [2011.06.01 23:50:42 | 000,323,957 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aesbx.dll MOD - [2011.05.02 20:09:56 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe MOD - [2011.05.02 20:09:56 | 000,039,784 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccgenrc.dll MOD - [2011.04.06 16:20:16 | 000,152,864 | ---- | M] (Apple Inc.) -- C:\Programme\Bonjour\mdnsNSP.dll MOD - [2011.03.21 17:30:02 | 014,021,920 | ---- | M] (IBM Corporation and others) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\icudt40.dll MOD - [2011.03.21 17:30:02 | 001,041,696 | ---- | M] (IBM Corporation and others) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\icuin40.dll MOD - [2011.03.21 17:30:02 | 000,922,912 | ---- | M] (IBM Corporation and others) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\icuuc40.dll MOD - [2011.02.18 17:37:16 | 000,173,344 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll MOD - [2011.02.18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe MOD - [2011.02.06 12:32:00 | 000,124,192 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\objc.dll MOD - [2011.02.06 12:31:58 | 000,042,784 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libdispatch.dll MOD - [2011.02.06 12:31:50 | 000,828,704 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\CoreFoundation.dll MOD - [2010.12.24 23:01:30 | 000,077,569 | ---- | M] (ACE Compression Software) -- C:\Programme\Avira\AntiVir Desktop\unacev2.dll MOD - [2010.12.13 09:46:14 | 000,037,224 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\guardmsg.dll MOD - [2010.12.13 09:46:14 | 000,029,032 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccmgrdrc.dll MOD - [2010.12.13 09:46:14 | 000,025,448 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccupdrc.dll MOD - [2010.12.13 09:46:14 | 000,025,448 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccgrdrc.dll MOD - [2010.12.13 09:46:14 | 000,009,576 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\cchipsrc.dll MOD - [2010.12.13 09:46:14 | 000,008,552 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\schedr.dll MOD - [2010.12.13 09:46:14 | 000,008,552 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccmainrc.dll MOD - [2010.12.13 09:46:14 | 000,005,480 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccmsgrc.dll MOD - [2010.12.13 09:46:14 | 000,005,480 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\cclicrc.dll MOD - [2010.12.13 09:45:59 | 000,104,296 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\msgclient.dll MOD - [2010.12.13 09:45:59 | 000,016,744 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\onlcfg.dll MOD - [2010.12.13 09:45:58 | 000,288,616 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\ccwkrlib.dll MOD - [2010.12.13 09:45:58 | 000,054,120 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\cfglib.dll MOD - [2010.12.13 09:45:57 | 000,075,112 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccwgrdw.dll MOD - [2010.12.13 09:45:53 | 000,092,520 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccgrdw.dll MOD - [2010.12.13 09:45:52 | 000,019,304 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwinll.dll MOD - [2010.12.13 09:45:51 | 000,063,848 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avsmtp.dll MOD - [2010.12.13 09:45:50 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe MOD - [2010.12.13 09:45:49 | 000,122,216 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avesvc.dll MOD - [2010.11.22 14:01:40 | 000,127,349 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aescn.dll MOD - [2010.11.22 14:01:02 | 000,393,589 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aeemu.dll MOD - [2010.11.17 14:16:14 | 000,075,040 | ---- | M] (Apple, Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\ASL.dll MOD - [2010.08.13 20:16:07 | 000,106,868 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aevdf.dll MOD - [2010.08.10 00:00:48 | 000,053,024 | ---- | M] (Open Source Software community project) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\pthreadVC2.dll MOD - [2010.06.17 15:30:17 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2010.06.17 15:30:16 | 000,767,488 | ---- | M] (Sleepycat Software) -- C:\Programme\Avira\AntiVir Desktop\libdb44.dll MOD - [2010.06.17 15:30:13 | 000,062,312 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avipc.dll MOD - [2010.06.17 15:07:03 | 000,010,088 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avesvcr.dll MOD - [2010.05.10 09:23:00 | 000,053,618 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aebb.dll MOD - [2010.03.18 17:47:22 | 000,017,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\aspnet_counters.dll MOD - [2010.03.18 14:16:28 | 000,771,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr100_clr0400.dll MOD - [2010.03.18 11:09:00 | 000,049,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netfxperf.dll MOD - [2010.02.19 15:54:38 | 000,167,784 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\webcat.dll MOD - [2010.01.14 22:12:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe MOD - [2009.10.22 05:29:56 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll MOD - [2009.08.12 21:18:48 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Java\jre6\bin\msvcr71.dll MOD - [2009.08.06 19:24:18 | 000,327,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wucltui.dll MOD - [2009.08.06 19:24:10 | 000,044,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wups2.dll MOD - [2009.08.06 19:23:54 | 000,575,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuapi.dll MOD - [2009.07.12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll MOD - [2009.07.12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll MOD - [2009.07.12 00:02:02 | 003,780,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll MOD - [2009.07.12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll MOD - [2009.07.12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll MOD - [2009.07.12 00:02:00 | 000,063,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll MOD - [2008.07.06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll MOD - [2008.04.14 07:53:08 | 000,129,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ksproxy.ax MOD - [2008.04.14 07:53:08 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kswdmcap.ax MOD - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe MOD - [2008.04.14 07:52:34 | 000,531,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemcore.dll MOD - [2008.04.14 07:52:34 | 000,437,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvsd.dll MOD - [2008.04.14 07:52:34 | 000,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wzcdlg.dll MOD - [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemess.dll MOD - [2008.04.14 07:52:34 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemcomn.dll MOD - [2008.04.14 07:52:34 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32spl.dll MOD - [2008.04.14 07:52:34 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winscard.dll MOD - [2008.04.14 07:52:34 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiutils.dll MOD - [2008.04.14 07:52:34 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiaprpl.dll MOD - [2008.04.14 07:52:34 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll MOD - [2008.04.14 07:52:34 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wzcsapi.dll MOD - [2008.04.14 07:52:34 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemsvc.dll MOD - [2008.04.14 07:52:34 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winipsec.dll MOD - [2008.04.14 07:52:34 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll MOD - [2008.04.14 07:52:34 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wshtcpip.dll MOD - [2008.04.14 07:52:34 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemprox.dll MOD - [2008.04.14 07:52:34 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll MOD - [2008.04.14 07:52:32 | 000,715,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sxs.dll MOD - [2008.04.14 07:52:32 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tapi32.dll MOD - [2008.04.14 07:52:32 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\upnp.dll MOD - [2008.04.14 07:52:32 | 000,117,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\t2embed.dll MOD - [2008.04.14 07:52:32 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpmon.dll MOD - [2008.04.14 07:52:32 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ssdpapi.dll MOD - [2008.04.14 07:52:32 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\usbmon.dll MOD - [2008.04.14 07:52:26 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolss.dll MOD - [2008.04.14 07:52:26 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shfolder.dll MOD - [2008.04.14 07:52:26 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sensapi.dll MOD - [2008.04.14 07:52:24 | 001,441,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\query.dll MOD - [2008.04.14 07:52:24 | 000,687,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasdlg.dll MOD - [2008.04.14 07:52:24 | 000,429,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samsrv.dll MOD - [2008.04.14 07:52:24 | 000,328,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scesrv.dll MOD - [2008.04.14 07:52:24 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pdh.dll MOD - [2008.04.14 07:52:24 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbc32.dll MOD - [2008.04.14 07:52:24 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasapi32.dll MOD - [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll MOD - [2008.04.14 07:52:24 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\repdrvfs.dll MOD - [2008.04.14 07:52:24 | 000,151,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rastls.dll MOD - [2008.04.14 07:52:24 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\onex.dll MOD - [2008.04.14 07:52:24 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psbase.dll MOD - [2008.04.14 07:52:24 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\raschap.dll MOD - [2008.04.14 07:52:24 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\qutil.dll MOD - [2008.04.14 07:52:24 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasman.dll MOD - [2008.04.14 07:52:24 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\resutils.dll MOD - [2008.04.14 07:52:24 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\regapi.dll MOD - [2008.04.14 07:52:24 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtutils.dll MOD - [2008.04.14 07:52:24 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfctrs.dll MOD - [2008.04.14 07:52:24 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pstorsvc.dll MOD - [2008.04.14 07:52:24 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\profmap.dll MOD - [2008.04.14 07:52:24 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfdisk.dll MOD - [2008.04.14 07:52:24 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfos.dll MOD - [2008.04.14 07:52:24 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbcbcp.dll MOD - [2008.04.14 07:52:24 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfnet.dll MOD - [2008.04.14 07:52:24 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\powrprof.dll MOD - [2008.04.14 07:52:24 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pjlmon.dll MOD - [2008.04.14 07:52:24 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasadhlp.dll MOD - [2008.04.14 07:52:22 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oakley.dll MOD - [2008.04.14 07:52:22 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll MOD - [2008.04.14 07:52:22 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll MOD - [2008.04.14 07:52:22 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll MOD - [2008.04.14 07:52:20 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netcfgx.dll MOD - [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netlogon.dll MOD - [2008.04.14 07:52:20 | 000,196,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msutb.dll MOD - [2008.04.14 07:52:20 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mtxclu.dll MOD - [2008.04.14 07:52:20 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\ncprov.dll MOD - [2008.04.14 07:52:20 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ncobjapi.dll MOD - [2008.04.14 07:52:20 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mspatcha.dll MOD - [2008.04.14 07:52:20 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\nddeapi.dll MOD - [2008.04.14 07:52:20 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll MOD - [2008.04.14 07:52:18 | 001,005,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msgina.dll MOD - [2008.04.14 07:52:18 | 000,539,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msftedit.dll MOD - [2008.04.14 07:52:18 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mscms.dll MOD - [2008.04.14 07:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008.04.14 07:52:18 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msidle.dll MOD - [2008.04.14 07:52:16 | 001,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll MOD - [2008.04.14 07:52:16 | 000,735,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsasrv.dll MOD - [2008.04.14 07:52:16 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mlang.dll MOD - [2008.04.14 07:52:16 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mprapi.dll MOD - [2008.04.14 07:52:16 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll MOD - [2008.04.14 07:52:14 | 000,345,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\localspl.dll MOD - [2008.04.14 07:52:14 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\loadperf.dll MOD - [2008.04.14 07:52:14 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll MOD - [2008.04.14 07:52:14 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetpp.dll MOD - [2008.04.14 07:52:14 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ksuser.dll MOD - [2008.04.14 07:52:12 | 001,094,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\esent.dll MOD - [2008.04.14 07:52:12 | 000,472,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\fastprox.dll MOD - [2008.04.14 07:52:12 | 000,348,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hnetcfg.dll MOD - [2008.04.14 07:52:12 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\esscli.dll MOD - [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll MOD - [2008.04.14 07:52:12 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\feclient.dll MOD - [2008.04.14 07:52:12 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll MOD - [2008.04.14 07:52:10 | 001,267,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comsvcs.dll MOD - [2008.04.14 07:52:10 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dbghelp.dll MOD - [2008.04.14 07:52:10 | 000,367,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dsound.dll MOD - [2008.04.14 07:52:10 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\duser.dll MOD - [2008.04.14 07:52:10 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\credui.dll MOD - [2008.04.14 07:52:10 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eappcfg.dll MOD - [2008.04.14 07:52:10 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\colbact.dll MOD - [2008.04.14 07:52:10 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\devenum.dll MOD - [2008.04.14 07:52:10 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eappprxy.dll MOD - [2008.04.14 07:52:10 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptdll.dll MOD - [2008.04.14 07:52:10 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eapolqec.dll MOD - [2008.04.14 07:52:10 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dot3api.dll MOD - [2008.04.14 07:52:10 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll MOD - [2008.04.14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll MOD - [2008.04.14 07:52:10 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dot3dlg.dll MOD - [2008.04.14 07:52:08 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll MOD - [2008.04.14 07:52:08 | 000,198,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\certcli.dll MOD - [2008.04.14 07:52:08 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\activeds.dll MOD - [2008.04.14 07:52:08 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\adsldpc.dll MOD - [2008.04.14 07:52:08 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\asycfilt.dll MOD - [2008.04.14 07:52:08 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll MOD - [2008.04.14 07:52:08 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clusapi.dll MOD - [2008.04.14 07:52:08 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cnbjmon.dll MOD - [2008.04.14 07:52:08 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acadproc.dll MOD - [2008.04.14 07:52:08 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\batmeter.dll MOD - [2008.04.14 07:50:40 | 000,545,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hhctrl.ocx MOD - [2008.04.14 07:50:12 | 001,724,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll MOD - [2008.04.14 07:50:12 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008.04.14 07:22:36 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\browselc.dll MOD - [2008.04.13 23:07:58 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dssenh.dll MOD - [2008.04.13 21:53:32 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msprivs.dll MOD - [2008.03.25 21:27:34 | 000,188,416 | ---- | M] (Hewlett-Packard Co.) -- c:\Programme\HP\Digital Imaging\bin\hpqddcmn.dll MOD - [2007.11.05 19:07:56 | 000,118,272 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\hpz3l5mu.dll MOD - [2007.11.05 19:06:06 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll MOD - [2007.03.28 18:21:54 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbcint.dll MOD - [2006.10.27 16:26:40 | 016,870,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSO.DLL MOD - [2006.10.26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll MOD - [2006.10.26 20:56:10 | 000,032,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msonpmon.dll MOD - [2006.07.17 14:21:24 | 000,173,056 | ---- | M] (MSI) -- C:\Programme\System Control Manager\MGSysCtrl.exe MOD - [2006.07.12 16:14:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\MGHwCtrl.dll MOD - [2006.03.22 11:07:22 | 000,040,960 | ---- | M] () -- C:\Programme\System Control Manager\edd.exe MOD - [2005.11.15 12:07:16 | 001,802,240 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll MOD - [2005.08.26 11:41:14 | 000,010,752 | ---- | M] () -- C:\Programme\System Control Manager\MGKBHook.dll MOD - [2005.08.25 22:27:16 | 000,073,728 | ---- | M] (Sonix) -- C:\WINDOWS\system32\vsnp2std.dll MOD - [2005.08.17 15:57:30 | 000,090,112 | ---- | M] (sonix) -- C:\WINDOWS\tsnp2std.exe MOD - [2005.08.16 21:54:10 | 000,339,968 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe MOD - [2005.04.06 16:03:28 | 000,110,592 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe MOD - [2005.01.27 16:33:58 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe MOD - [2004.08.04 13:00:00 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wiavusd.dll MOD - [2004.08.04 13:00:00 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mui\0007\hhctrlui.dll MOD - [2004.08.04 13:00:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll MOD - [2004.08.04 13:00:00 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\traffic.dll MOD - [2004.08.04 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\utildll.dll MOD - [2004.08.04 13:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfts.dll MOD - [2004.08.04 13:00:00 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pschdprf.dll MOD - [2004.08.04 13:00:00 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsvpperf.dll MOD - [2004.08.04 13:00:00 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tapiperf.dll MOD - [2004.08.04 13:00:00 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lz32.dll MOD - [2004.07.06 15:12:00 | 000,290,816 | ---- | M] () -- C:\Programme\System Control Manager\CmSuppX.dll MOD - [2003.03.19 07:20:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\MFC71.dll MOD - [2003.03.19 07:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\msvcp71.dll MOD - [2003.03.18 22:44:34 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71DEU.DLL MOD - [2003.02.21 15:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\msvcr71.dll MOD - [2003.02.11 13:58:36 | 000,196,608 | ---- | M] () -- C:\Programme\DeTeMedien\Das Telefonbuch für Deutschland\OMAlarm.exe MOD - [2003.02.11 08:10:00 | 000,020,552 | ---- | M] (WinZip Computing, Inc.) -- C:\Programme\WinZip\WZSHLSTB.DLL MOD - [2002.09.30 05:00:00 | 000,087,552 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CNMLM47.DLL MOD - [2002.09.30 05:00:00 | 000,013,824 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD47.DLL MOD - [2002.09.09 07:53:22 | 000,401,462 | ---- | M] (Microsoft Corporation) -- C:\Programme\System Control Manager\msvcp60.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.07.01 16:36:24 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.07.01 16:36:23 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011.07.01 16:36:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.02 20:09:56 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.02.18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.07.11 11:13:08 | 000,118,880 | ---- | M] () [Disabled | Stopped] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2006.07.11 11:13:06 | 000,266,338 | ---- | M] () [Disabled | Stopped] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2006.07.11 11:12:22 | 001,073,152 | ---- | M] (Cyberlink) [Disabled | Stopped] -- C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service) SRV - [2006.03.22 11:07:22 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\System Control Manager\edd.exe -- (NishService) SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS) SRV - [2005.04.06 16:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service) SRV - [2005.01.27 16:33:58 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash) SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011.07.01 16:36:24 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.01 16:36:24 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 15:30:17 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2006.07.19 16:58:00 | 000,081,920 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006.07.19 16:56:00 | 000,011,136 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu) DRV - [2006.07.03 10:31:26 | 000,009,088 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MGHwCtrl.sys -- (MGHwCtrl) DRV - [2006.06.18 23:38:18 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006.06.14 11:04:12 | 004,299,264 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006.03.28 17:55:20 | 000,036,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK) DRV - [2006.02.28 00:11:10 | 000,117,906 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500) DRV - [2006.02.27 15:00:50 | 000,034,880 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR) DRV - [2006.02.20 16:01:06 | 000,029,056 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR) DRV - [2005.09.07 15:49:56 | 000,243,200 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500) DRV - [2005.08.26 19:06:28 | 000,660,992 | R--- | M] (Animation Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVHybrid.sys -- (LVHybrid) DRV - [2005.08.25 22:55:04 | 008,807,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD) DRV - [2005.07.12 21:58:00 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50) DRV - [2005.05.31 15:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2005.05.31 09:42:28 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2005.05.24 16:00:37 | 000,052,384 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM) DRV - [2005.04.30 14:50:24 | 000,011,736 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VHIDMini.sys -- (VHidMinidrv) DRV - [2005.04.30 14:50:20 | 000,011,860 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum) DRV - [2005.04.30 14:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2005.04.30 14:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT) DRV - [2005.03.25 17:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr) DRV - [2004.10.19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm) DRV - [2002.06.14 07:40:22 | 000,021,276 | ---- | M] (Micronas GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\uacbflt.sys -- (UacFlt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://warofdragons.de/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.29 21:02:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.08.22 00:52:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.08.09 19:16:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Programme\Mozilla Sunbird\components [2011.03.11 14:42:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Programme\Mozilla Sunbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.29 21:02:05 | 000,000,000 | ---D | M] [2011.03.11 14:42:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Extensions [2011.03.11 14:42:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2011.08.22 13:49:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\o10n2j4t.default\extensions [2011.08.22 00:32:44 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\o10n2j4t.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.08.25 15:14:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\o10n2j4t.default\searchplugins\icqplugin-1.xml [2011.08.18 18:55:48 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\o10n2j4t.default\searchplugins\icqplugin-4.xml [2011.08.22 00:53:47 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\o10n2j4t.default\searchplugins\icqplugin-5.xml [2011.08.22 13:54:57 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\o10n2j4t.default\searchplugins\icqplugin.xml [2011.08.22 13:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.01.14 12:07:29 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2007.07.14 13:44:14 | 000,000,000 | ---D | M] (WhenU) -- C:\Programme\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34} [2011.07.08 21:30:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- [2009.08.12 21:18:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.08.22 00:52:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] File not found O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix) O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe (sonix) O4 - HKCU..\Run: [4Y3Y0C3A9F7XWA6ESGWQ] File not found O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Programme\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OfficeManager Terminerinnerung.lnk = C:\Programme\DeTeMedien\Das Telefonbuch für Deutschland\OMAlarm.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177 O8 - Extra context menu item: &Google Search - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Backward &Links - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Cac&hed Snapshot of Page - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\ich\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Si&milar Pages - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O16 - DPF: {2EF98DE5-183F-11D4-83EC-EC6A1DB6E213} hxxp://www.dynageo.de/download/dynageoviewer.cab (DynaGeoX Element) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153483820703 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.07.19 12:12:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.30 23:05:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2011.08.30 22:40:56 | 000,023,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui [2011.08.30 22:40:53 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui [2011.08.22 13:49:39 | 000,000,000 | ---D | C] -- C:\_OTL [2011.08.22 13:21:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\ich\Recent [2011.08.22 13:17:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ich\Eigene Dateien\Trojaner-Board [2011.08.14 22:22:05 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.08.14 19:40:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Malwarebytes [2011.08.14 19:40:10 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.08.14 19:40:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.08.14 19:40:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.08.14 19:40:04 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.08.14 19:40:03 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.08.13 22:25:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2011.08.13 22:21:10 | 000,209,736 | ---- | C] (Comfort Software Group) -- C:\Dokumente und Einstellungen\ich\Desktop\FreeVK.exe [2011.08.13 16:43:25 | 000,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TweakUI.exe [2011.08.13 16:43:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Powertoys for Windows XP [2011.08.07 20:58:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\go [2011.08.07 20:58:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO [2006.07.21 12:51:28 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll [2006.07.21 12:51:28 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll [1 C:\Dokumente und Einstellungen\ich\*.tmp files -> C:\Dokumente und Einstellungen\ich\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.30 23:03:55 | 000,023,470 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.08.30 23:02:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.08.30 22:50:46 | 000,089,088 | ---- | M] () -- C:\WINDOWS\System32\mbr.exe [2011.08.28 21:32:43 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011.08.28 15:04:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.08.26 18:23:41 | 000,026,682 | ---- | M] () -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\wklnhst.dat [2011.08.23 23:02:31 | 000,041,555 | ---- | M] () -- C:\Dokumente und Einstellungen\ich\Desktop\mm0310.zip [2011.08.22 13:00:45 | 000,000,227 | RHS- | M] () -- C:\boot.ini [2011.08.16 20:48:52 | 000,000,165 | ---- | M] () -- C:\Dokumente und Einstellungen\ich\Desktop\FreeVK.ini [2011.08.14 22:09:46 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011.08.14 22:07:04 | 000,329,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.08.13 22:21:11 | 000,209,736 | ---- | M] (Comfort Software Group) -- C:\Dokumente und Einstellungen\ich\Desktop\FreeVK.exe [2011.08.13 21:22:20 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\ich\defogger_reenable [2011.08.13 16:44:25 | 000,120,832 | ---- | M] () -- C:\Dokumente und Einstellungen\ich\Desktop\tweakui.exe [1 C:\Dokumente und Einstellungen\ich\*.tmp files -> C:\Dokumente und Einstellungen\ich\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.30 22:50:42 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\mbr.exe [2011.08.23 23:02:28 | 000,041,555 | ---- | C] () -- C:\Dokumente und Einstellungen\ich\Desktop\mm0310.zip [2011.08.13 22:21:17 | 000,000,165 | ---- | C] () -- C:\Dokumente und Einstellungen\ich\Desktop\FreeVK.ini [2011.08.13 21:22:20 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\ich\defogger_reenable [2011.08.13 16:44:24 | 000,120,832 | ---- | C] () -- C:\Dokumente und Einstellungen\ich\Desktop\tweakui.exe [2011.08.13 16:43:24 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf [2011.08.09 19:16:16 | 000,002,299 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk [2011.06.10 11:51:16 | 000,000,268 | ---- | C] () -- C:\WINDOWS\ht2.ini [2011.06.10 11:49:12 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI [2011.03.14 22:44:42 | 000,186,000 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011.02.18 22:34:22 | 000,312,482 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.01.26 16:50:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.05.28 15:45:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.04.29 21:01:14 | 000,023,666 | ---- | C] () -- C:\WINDOWS\hpqins15.dat [2010.04.29 20:57:33 | 000,078,165 | ---- | C] () -- C:\WINDOWS\hpqins05.dat [2009.07.22 19:10:09 | 000,119,460 | ---- | C] () -- C:\WINDOWS\hpqins00.dat [2009.07.14 18:51:23 | 000,000,872 | ---- | C] () -- C:\WINDOWS\uninst.ini [2009.07.13 19:30:18 | 000,010,563 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat [2009.07.13 19:28:03 | 000,202,585 | ---- | C] () -- C:\WINDOWS\hpwins19.dat [2009.07.13 19:28:03 | 000,000,997 | R--- | C] () -- C:\WINDOWS\hpwmdl19.dat [2009.07.08 20:16:32 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS47.DLL [2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2006.10.05 19:46:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\psfind.dll [2006.10.05 19:23:08 | 000,003,230 | ---- | C] () -- C:\WINDOWS\mozver.dat [2006.10.05 19:10:24 | 000,082,432 | ---- | C] () -- C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.10.05 18:56:32 | 000,129,024 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE [2006.10.05 18:53:54 | 000,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006.10.05 14:52:08 | 000,026,682 | ---- | C] () -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\wklnhst.dat [2006.10.05 14:46:52 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006.10.05 13:42:50 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.07.25 12:26:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.07.25 12:09:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.07.25 10:08:25 | 000,000,207 | ---- | C] () -- C:\WINDOWS\WISO.INI [2006.07.25 09:57:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2006.07.24 17:09:26 | 000,000,742 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.07.24 16:51:39 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll [2006.07.21 13:27:07 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\MGHwCtrl.dll [2006.07.21 13:27:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MGFPCtrl.dll [2006.07.21 13:27:07 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\MGPwrShm.dll [2006.07.21 12:59:31 | 000,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll [2006.07.21 12:59:17 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2006.07.21 12:51:32 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini [2006.07.21 12:51:31 | 008,807,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys [2006.07.21 12:51:28 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnp2std.exe [2006.07.21 12:04:26 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006.07.21 12:04:26 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2006.07.21 09:47:32 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2006.07.21 09:43:26 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.07.21 09:43:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.07.21 09:36:16 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.07.21 09:32:14 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.07.21 09:31:06 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2006.07.21 09:30:24 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2006.07.21 09:30:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.07.21 09:25:12 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2006.07.19 13:05:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.07.19 13:05:13 | 000,329,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006.07.19 12:20:43 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006.07.19 12:14:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006.07.19 12:11:08 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006.07.19 11:58:44 | 000,000,854 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006.07.19 11:58:31 | 000,530,122 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006.07.19 11:58:31 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006.07.19 11:58:31 | 000,105,716 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006.07.19 11:58:31 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006.07.19 11:58:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.07.19 11:58:20 | 000,504,726 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006.07.19 11:58:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006.07.19 11:58:20 | 000,088,190 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006.07.19 11:58:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006.07.19 11:58:19 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006.07.19 11:58:18 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006.07.19 11:58:17 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006.07.19 11:58:14 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006.07.19 11:58:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006.07.19 11:58:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006.07.19 11:58:05 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2005.07.29 14:08:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\WlanInstallDll.dll [2005.07.05 20:32:00 | 000,011,863 | ---- | C] () -- C:\WINDOWS\System32\Wlan.ini [2005.04.30 14:50:20 | 000,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys [2005.01.27 16:33:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\o2flash.exe [2005.01.21 12:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll [2004.12.16 16:32:54 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys [2004.09.01 17:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll [2002.10.04 08:01:42 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2002.03.26 21:18:22 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll ========== LOP Check ========== [2006.07.21 12:44:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth [2011.08.29 22:21:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO [2011.05.03 17:50:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2010.04.29 20:56:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2010.09.18 10:13:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.11.17 18:09:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\ChessBase [2011.04.04 23:48:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.08.29 21:11:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\go [2011.08.07 21:11:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\ICQ [2011.06.01 00:01:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\ITTerritory [2011.01.28 18:13:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\JAM Software [2010.04.29 20:56:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\MAGIX [2011.03.14 22:20:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\MediaProSoft Free YouTube to AVI MPEG Converter [2011.02.03 17:12:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\PriceGong [2009.05.18 19:56:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\PTC [2009.05.12 16:33:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\TeamViewer [2011.02.15 19:03:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Uniblue [2011.02.21 22:27:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Xilisoft ========== Purity Check ========== < End of report > |
|
30.08.2011, 22:20
| #32 |
| | Trojanerfund TR/Eyestye.n.763 , Datei: C:\System Volume Information\_restore{E5C0502A-7E6B-48C6-820F Und noch das Extra Log-File:
__________________Code:
ATTFilter OTL Extras logfile created on: 30.08.2011 23:11:00 - Run 5
OTL by OldTimer - Version 3.2.26.2 Folder = C:\Dokumente und Einstellungen\ich\Eigene Dateien\Trojaner-Board\OTL Reports
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,36 Mb Total Physical Memory | 479,17 Mb Available Physical Memory | 46,82% Memory free
2,41 Gb Paging File | 1,98 Gb Available in Paging File | 82,43% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 105,48 Gb Total Space | 19,91 Gb Free Space | 18,87% Space Free | Partition Type: NTFS
Drive D: | 1,47 Gb Total Space | 0,59 Gb Free Space | 40,41% Space Free | Partition Type: FAT32
Computer Name: KEVIN87 | User Name: ich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Disabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Disabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Disabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Disabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Disabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Connect
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1420:TCP" = 1420:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Software Update\hpwucli.exe" = C:\Programme\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)
"C:\Programme\Cyberlink\PowerCinema\PowerCinema.exe" = C:\Programme\Cyberlink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema -- (CyberLink Corp.)
"C:\Programme\Cyberlink\PowerCinema\PCMService.exe" = C:\Programme\Cyberlink\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Disabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Disabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Disabled:AOL 9.0
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Programme\Valve\Steam\steamapps\hoh_underworld\counter-strike\hl.exe" = C:\Programme\Valve\Steam\steamapps\hoh_underworld\counter-strike\hl.exe:*:Enabled:Half-Life Launcher
"C:\Programme\PokerStars\PokerStarsUpdate.exe" = C:\Programme\PokerStars\PokerStarsUpdate.exe:*:Enabled:PokerStars -- (PokerStars)
"C:\Programme\PokerStars\Tracer.exe" = C:\Programme\PokerStars\Tracer.exe:*:Enabled:Network Status -- (PokerStars)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Programme\Agnitum\Outpost Firewall\outpost.exe" = C:\Programme\Agnitum\Outpost Firewall\outpost.exe:*:Enabled:Outpost Firewall main module
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Disabled:ICQ Lite
"C:\Programme\ProENGINEER Schools Edition\i486_nt\nms\nmsd.exe" = C:\Programme\ProENGINEER Schools Edition\i486_nt\nms\nmsd.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC -- (PTC)
"C:\Programme\ProENGINEER Schools Edition\i486_nt\obj\xtop.exe" = C:\Programme\ProENGINEER Schools Edition\i486_nt\obj\xtop.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC -- (PTC)
"C:\Programme\Avira\AntiVir Desktop\avcenter.exe" = C:\Programme\Avira\AntiVir Desktop\avcenter.exe:*:Enabled:AntiVir starten -- (Avira GmbH)
"C:\Programme\ProENGINEER Schools Edition\i486_nt\obj\pro_comm_msg.exe" = C:\Programme\ProENGINEER Schools Edition\i486_nt\obj\pro_comm_msg.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC -- (PTC)
"C:\Programme\ITTerritory\DragonsDe\DwarClientDe.exe" = C:\Programme\ITTerritory\DragonsDe\DwarClientDe.exe:*:Enabled:DRACHENKRIEG
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Software Update\hpwucli.exe" = C:\Programme\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Disabled:ICQ6
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Disabled:ICQ6
"C:\Programme\CA\Etrust Antivirus\Realmon.exe" = C:\Programme\CA\Etrust Antivirus\Realmon.exe:*:Disabled:Realmon
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06100048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta 2006 Enzyklopädie Standard
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20FD5B04-CE35-4F5B-A2F3-6D9FD644EB70}" = WISO Mein Geld 2006 Professional
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 26
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{434BB0D6-F2CE-47EA-8703-D30EA455F8D8}" = Fingerprint Sensor Minimum Install
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Foto 2006 Standard Edition Editor
"{5E977DEC-5BB4-44C7-9FE5-9357D2DB4FCB}" = Disc2Phone
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Foto 2006 Standard Edition Bibliothek
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202)
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}" = Microsoft AutoRoute 2006
"{843B6370-4102-4FE9-9519-C0206A0A27DF}" = BlueSoleil
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5161BBC5-B3B1-4C54-9442-4D8977A18488}" =
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{902C0D79-8D7F-4956-9DCB-A223D5BF55B3}" = IEEE802.11a/b/g Wireless LAN Software
"{90F1DDBF-0C56-44B0-A920-72CC90C51565}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{9862024D-996D-4C80-90BA-0339B9DB1031}" = Nero 7 Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6871F03-E140-4559-8940-AD1CC3D58CEE}" = Sony Ericsson PC Suite
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A70500000002}" = Adobe Reader 7.0.5 - Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE28E6F5-4A03-4DED-B954-D0779B47FFBF}" = Works Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D96ED789-9A41-4A89-99A4-3CE466A80DF2}" = MAGIX Screenshare
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DF2C5F25-5736-4388-964A-92FBE3DD8197}" = Das Telefonbuch für Deutschland
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}" = KhalSetup
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F000DE4C-B6CB-4181-BAFF-EC5DA2A9C156}" = RuntimeLibsVC90
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Mythology 1.0" = Age of Mythology
"Avira AntiVir Desktop" = Avira AntiVir Premium
"bwin" = bwin Poker (remove only)
"CCleaner" = CCleaner
"DivX 5.0.2 Pro Bundle" = DivX 5.0.2 Pro Bundle
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Drachenkrieg_is1" = Drachenkrieg (with media and plugins), version 1.1.29
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426
"Gadwin PrintScreen" = Gadwin PrintScreen
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"IrfanView" = IrfanView (remove only)
"Italienisch - In 30 Tagen zum Erfolg" = Italienisch - In 30 Tagen zum Erfolg
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"Mp3 Codec" = Mpeg Layer3 Codec FHG-Radium v1.263
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItPrem_v11" = Microsoft Foto 2006 Standard Edition
"PlayChess" = PlayChess
"PokerStars" = PokerStars
"Pro/ENGINEER Schools Edition Release Wildfire 4.0 Datecode M030" = Pro/ENGINEER Schools Edition Release Wildfire 4.0 Datecode M030
"RealPlayer 6.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"Startup TOOLS WF4 Student Download" = Startup TOOLS WF4 Student Download
"Steam" = Steam
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ThePlaya" = The Playa
"Trillian" = Trillian
"Tweak UI 2.10" = Tweak UI
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.5
"Winamp3" = Winamp3 (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"WMCSetup" = Windows Media Connect
"Works2006Setup" = Setup-Start von Microsoft Works Suite 2006
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XviD" = XviD Video Codec 04102002-1 (Koepi's build with EPSZ ME)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.07.2011 17:32:13 | Computer Name = KEVIN87 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung dwarclientde.exe, Version 1.1.0.29, fehlgeschlagenes
Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 29.07.2011 17:46:48 | Computer Name = KEVIN87 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 30.07.2011 10:24:27 | Computer Name = KEVIN87 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 09.08.2011 13:15:32 | Computer Name = KEVIN87 | Source = MsiInstaller | ID = 10005
Description = Produkt: Adobe Reader 7.0.5 - Deutsch -- Interner Fehler 2329. 32,
C:\Config.Msi\16f2b4.rbf
Error - 13.08.2011 08:31:22 | Computer Name = KEVIN87 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 13.08.2011 16:25:35 | Computer Name = KEVIN87 | Source = MsiInstaller | ID = 10005
Description = Product: Skype™ 5.1 -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2329. The arguments are: 32, C:\Config.Msi\1b27658.rbf,
Error - 17.08.2011 14:56:01 | Computer Name = KEVIN87 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 22.08.2011 07:43:10 | Computer Name = KEVIN87 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 30.08.2011 17:05:15 | Computer Name = KEVIN87 | Source = ESENT | ID = 490
Description = svchost (1336) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 30.08.2011 17:05:17 | Computer Name = KEVIN87 | Source = ESENT | ID = 490
Description = svchost (1336) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
[ OSession Events ]
Error - 25.10.2010 21:49:11 | Computer Name = KEVIN87 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 51
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 30.08.2011 16:59:57 | Computer Name = KEVIN87 | Source = Service Control Manager | ID = 7034
Description = Dienst "BlueSoleil Hid Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 30.08.2011 16:59:57 | Computer Name = KEVIN87 | Source = Service Control Manager | ID = 7034
Description = Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 30.08.2011 16:59:58 | Computer Name = KEVIN87 | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 30.08.2011 16:59:58 | Computer Name = KEVIN87 | Source = Service Control Manager | ID = 7034
Description = Dienst "SCM Driver Daemon" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 30.08.2011 16:59:59 | Computer Name = KEVIN87 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 30.08.2011 16:59:59 | Computer Name = KEVIN87 | Source = Service Control Manager | ID = 7034
Description = Dienst "O2Micro Flash Memory" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 30.08.2011 16:59:59 | Computer Name = KEVIN87 | Source = Service Control Manager | ID = 7034
Description = Dienst "Cyberlink RichVideo Service(CRVS)" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 30.08.2011 17:05:03 | Computer Name = KEVIN87 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
gestartet.
Error - 30.08.2011 17:05:24 | Computer Name = KEVIN87 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 30.08.2011 17:05:25 | Computer Name = KEVIN87 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
< End of report >
|
|
31.08.2011, 07:53
| #33 |
| /// Helfer-Team    | Trojanerfund TR/Eyestye.n.763 , Datei: C:\System Volume Information\_restore{E5C0502A-7E6B-48C6-820F 1.
__________________Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
[2011.08.18 18:55:48 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\o10n2j4t.default\searchplugins\icqplugin-4.xml
[2011.08.22 00:53:47 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\o10n2j4t.default\searchplugins\icqplugin-5.xml
[2011.08.22 13:54:57 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\o10n2j4t.default\searchplugins\icqplugin.xml
[2007.07.14 13:44:14 | 000,000,000 | ---D | M] (WhenU) -- C:\Programme\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}
O4 - HKCU..\Run: [4Y3Y0C3A9F7XWA6ESGWQ] File not found
[2011.02.15 19:03:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Uniblue
:Commands
[purity]
[emptytemp]
2. reinige dein System mit Ccleaner:
3.
4. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 5. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ |
|
31.08.2011, 12:03
| #34 |
| | Trojanerfund TR/Eyestye.n.763 , Datei: C:\System Volume Information\_restore{E5C0502A-7E6B-48C6-820F OTL Log file, benutzer definierter Scan Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\o10n2j4t.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\o10n2j4t.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\o10n2j4t.default\searchplugins\icqplugin.xml moved successfully.
C:\Programme\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34} folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\4Y3Y0C3A9F7XWA6ESGWQ deleted successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Uniblue\RegistryBooster\history folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Uniblue\RegistryBooster folder moved successfully.
C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Uniblue folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
User: ich
->Temp folder emptied: 4432257 bytes
->Temporary Internet Files folder emptied: 18196885 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7993963 bytes
->Flash cache emptied: 3536 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4119046 bytes
RecycleBin emptied: 13823991 bytes
Total Files Cleaned = 46,00 mb
OTL by OldTimer - Version 3.2.26.2 log created on 08312011_130022
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
31.08.2011, 14:33
| #35 |
| | Trojanerfund TR/Eyestye.n.763 , Datei: C:\System Volume Information\_restore{E5C0502A-7E6B-48C6-820FCode:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/31/2011 at 02:56 PM
Application Version : 5.0.1118
Core Rules Database Version : 7624
Trace Rules Database Version: 5436
Scan type : Complete Scan
Total Scan Time : 01:37:19
Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 520
Memory threats detected : 0
Registry items scanned : 40277
Registry threats detected : 56
File items scanned : 61238
File threats detected : 1
Adware.GAIN/Gator
HKLM\Software\Gator.com
HKLM\Software\Gator.com\Gator
HKLM\Software\Gator.com\Gator\dyn
HKLM\Software\Gator.com\Gator\dyn#PdpFirstStart
HKLM\Software\Gator.com\Gator\stat
HKLM\Software\Gator.com\Gator\stat#Guid
HKLM\Software\Gator.com\GInternet
HKLM\Software\Gator.com\GInternet\Proxy
HKLM\Software\Gator.com\GInternet\Proxy#Enabled
HKLM\Software\Gator.com\Trickler
HKLM\Software\Gator.com\Trickler#AppPath
HKLM\Software\Gator.com\Trickler#FirstStartValue
HKLM\Software\Gator.com\Trickler#StartTime
HKLM\Software\Gator.com\Trickler#FirstStartSent
HKLM\Software\Gator.com\Trickler#Deleting
HKLM\Software\Gator.com\Trickler\Files
HKLM\Software\Gator.com\Trickler\Files\Bundle
HKLM\Software\Gator.com\Trickler\Files\Bundle\chk
HKLM\Software\Gator.com\Trickler\Files\Bundle\chk#CheckFailures
HKLM\Software\Gator.com\Trickler\Files\Bundle\chk#Attempts
HKLM\Software\Gator.com\Trickler\Files\Bundle\chk#Errors
HKLM\Software\Gator.com\Trickler\Files\Bundle\dl
HKLM\Software\Gator.com\Trickler\Files\Bundle\dl#Attempts
HKLM\Software\Gator.com\Trickler\Files\Bundle\dl#Errors
HKLM\Software\Gator.com\Trickler\Files\Bundle\dl#FileDones
HKLM\Software\Gator.com\Trickler\Files\Bundle\dl#UrlTime
HKLM\Software\Gator.com\Trickler\Files\Bundle\dl#UrlSize
HKLM\Software\Gator.com\Trickler\Files\Bundle\dl#StoredFile
HKLM\Software\Gator.com\Trickler\Files\OemResDll
HKLM\Software\Gator.com\Trickler\Files\OemResDll\chk
HKLM\Software\Gator.com\Trickler\Files\OemResDll\chk#CheckFailures
HKLM\Software\Gator.com\Trickler\Files\OemResDll\chk#Attempts
HKLM\Software\Gator.com\Trickler\Files\OemResDll\chk#Errors
HKLM\Software\Gator.com\Trickler\Files\OemResDll\dl
HKLM\Software\Gator.com\Trickler\Files\OemResDll\dl#Attempts
HKLM\Software\Gator.com\Trickler\Files\OemResDll\dl#Errors
HKLM\Software\Gator.com\Trickler\Files\OemResDll\dl#FileDones
HKLM\Software\Gator.com\Trickler\Files\OemResDll\dl#UrlTime
HKLM\Software\Gator.com\Trickler\Files\OemResDll\dl#UrlSize
HKLM\Software\Gator.com\Trickler\Files\OemResDll\dl#StoredFile
HKLM\Software\Gator.com\Trickler\Files\SilentSetup
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\chk
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\chk#CheckFailures
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\chk#Attempts
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\chk#Errors
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\dl
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\dl#Attempts
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\dl#Errors
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\dl#FileDones
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\dl#UrlTime
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\dl#UrlSize
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\dl#StoredFile
HKLM\Software\Gator.com\Trickler\Files\TricklerInf
HKLM\Software\Gator.com\Trickler\Files\TricklerInf#Attempts
HKLM\Software\Gator.com\Trickler\Files\TricklerInf#Errors
HKLM\Software\Gator.com\Trickler\Files\TricklerInf#FileDones
Adware.Tracking Cookie
.yadro.ru [ C:\DOKUMENTE UND EINSTELLUNGEN\ICH\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\O10N2J4T.DEFAULT\COOKIES.SQLITE ]
|
|
31.08.2011, 19:33
| #36 |
| | Trojanerfund TR/Eyestye.n.763 , Datei: C:\System Volume Information\_restore{E5C0502A-7E6B-48C6-820FCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=25c40bcb2f9910429020ca36c9f61695
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-31 06:34:04
# local_time=2011-08-31 08:34:04 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777191 100 0 67219787 67219787 0 0
# compatibility_mode=8192 67108863 100 0 136 136 0 0
# scanned=195461
# found=3
# cleaned=3
# scan_time=17295
C:\Dokumente und Einstellungen\ich\Eigene Dateien\Downloads\registrybooster.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Dokumente und Einstellungen\ich\Eigene Dateien\internet\winfuture.de_winxpsp2_updatepack_v2.12.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C
G:\Eigene Dateien Notebook\internet\winfuture.de_winxpsp2_updatepack_v2.12.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C
|
|
01.09.2011, 05:43
| #37 |
| /// Helfer-Team | Trojanerfund TR/Eyestye.n.763 , Datei: C:\System Volume Information\_restore{E5C0502A-7E6B-48C6-820F Posting #33 - Punkt 5. fehlt noch! ► berichte auch erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
01.09.2011, 13:50
| #38 |
| | Trojanerfund TR/Eyestye.n.763 , Datei: C:\System Volume Information\_restore{E5C0502A-7E6B-48C6-820F Das Posting hat gestern nicht funktioniert, ebenso wie die suchfunktion meine beiträge manchmal anzeigt und manchmal nicht, und wenn ich auf "meine beiträge" klicke bleibt der browser auf der weiterleitungsseite stehen, irgendwas stimmt hier nicht ^^... jedenfalls findet kein scan mehr irgendwelche viren oder Trojaner... Allerdings bin ich noch misstrauisch, weil ich bei der Definition über den Trojaner gelesen habe, dass er sich mit irgendwelchen codes schlafen legt und sich dann irgendwann wieder aktivieren kann... Und leider habe ich absolut keine Ahnung wie diese ganzen Scans zu deuten sind. für mich ist das chinesisch ^^ OTL file von punkt 5 folgt gleich, danke für die vielen Tipps und Ratschläge. Hat mich sehr gefreut.. |
|
01.09.2011, 14:09
| #39 |
| | Trojanerfund TR/Eyestye.n.763 , Datei: C:\System Volume Information\_restore{E5C0502A-7E6B-48C6-820F Fatal error: Maximum execution time of 90 seconds exceeded in /www/htdocs/tbcom/includes/functions.php on line 1838 Zur Zeit kann ich keine logs posten, kommt jedes mal der fehler  |
|
02.09.2011, 04:44
| #40 | ||
| /// Helfer-Team | Trojanerfund TR/Eyestye.n.763 , Datei: C:\System Volume Information\_restore{E5C0502A-7E6B-48C6-820FZitat:
Zitat:
Daher ist ein Betriebssystem, bei dem eine Backdoor entdeckt worden ist, als *kompromittiert* anzusehen und sollte neu aufgesetzt werden!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (02.09.2011 um 04:57 Uhr) |
|
19.09.2011, 13:48
| #41 |
| | Trojanerfund TR/Eyestye.n.763 , Datei: C:\System Volume Information\_restore{E5C0502A-7E6B-48C6-820F Melde mich aus dem Urlaub zurück, hier das übefällige OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.09.2011 15:03:46 - Run 7 OTL by OldTimer - Version 3.2.26.2 Folder = C:\Dokumente und Einstellungen\ich\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,36 Mb Total Physical Memory | 350,63 Mb Available Physical Memory | 34,26% Memory free 2,41 Gb Paging File | 1,75 Gb Available in Paging File | 72,74% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 105,48 Gb Total Space | 17,82 Gb Free Space | 16,90% Space Free | Partition Type: NTFS Drive D: | 1,47 Gb Total Space | 0,59 Gb Free Space | 40,41% Space Free | Partition Type: FAT32 Computer Name: KEVIN87 | User Name: ich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.22 00:52:49 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.08.14 22:11:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\ich\Desktop\OTL.exe PRC - [2011.07.01 16:36:24 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011.07.01 16:36:23 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe PRC - [2011.07.01 16:36:23 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.02 20:09:56 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.02.18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.12.13 09:45:50 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.10.02 13:40:22 | 003,644,120 | ---- | M] (LLC Mail.Ru) -- C:\Programme\Mail.Ru\DragonsDe\DwarClientDe.exe PRC - [2010.01.14 22:12:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.07.17 14:21:24 | 000,173,056 | ---- | M] (MSI) -- C:\Programme\System Control Manager\MGSysCtrl.exe PRC - [2006.03.22 11:07:22 | 000,040,960 | ---- | M] () -- C:\Programme\System Control Manager\edd.exe PRC - [2005.08.16 21:54:10 | 000,339,968 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe PRC - [2005.04.06 16:03:28 | 000,110,592 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe PRC - [2005.01.27 16:33:58 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe ========== Modules (SafeList) ========== MOD - [2011.09.01 14:40:40 | 000,684,406 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aepack.dll MOD - [2011.08.27 13:37:20 | 001,626,490 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aescript.dll MOD - [2011.08.27 13:37:19 | 003,641,720 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aeheur.dll MOD - [2011.08.27 13:37:17 | 000,401,780 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aegen.dll MOD - [2011.08.27 13:37:17 | 000,196,983 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aecore.dll MOD - [2011.08.22 00:52:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll MOD - [2011.08.22 00:52:49 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe MOD - [2011.08.22 00:52:49 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\freebl3.dll MOD - [2011.08.22 00:52:48 | 001,846,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.08.22 00:52:48 | 000,719,832 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\mozcpp19.dll MOD - [2011.08.22 00:52:48 | 000,715,736 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\mozcrt19.dll MOD - [2011.08.22 00:52:48 | 000,015,832 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\mozalloc.dll MOD - [2011.08.22 00:52:47 | 000,785,368 | ---- | M] (sqlite.org) -- C:\Programme\Mozilla Firefox\mozsqlite3.dll MOD - [2011.08.22 00:52:47 | 000,646,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\nss3.dll MOD - [2011.08.22 00:52:47 | 000,351,192 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\nssckbi.dll MOD - [2011.08.22 00:52:47 | 000,203,736 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\nspr4.dll MOD - [2011.08.22 00:52:47 | 000,105,432 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\nssdbm3.dll MOD - [2011.08.22 00:52:47 | 000,089,048 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\nssutil3.dll MOD - [2011.08.22 00:52:46 | 000,021,976 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\plc4.dll MOD - [2011.08.22 00:52:46 | 000,019,416 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\plds4.dll MOD - [2011.08.22 00:52:45 | 000,166,872 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\softokn3.dll MOD - [2011.08.22 00:52:45 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\ssl3.dll MOD - [2011.08.22 00:52:45 | 000,109,528 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\smime3.dll MOD - [2011.08.22 00:52:44 | 015,494,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\xul.dll MOD - [2011.08.22 00:52:44 | 000,019,416 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\xpcom.dll MOD - [2011.08.16 19:46:21 | 000,556,392 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avbb.dll MOD - [2011.08.14 22:11:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\ich\Desktop\OTL.exe MOD - [2011.08.14 22:09:46 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MOD - [2011.08.11 18:50:16 | 000,280,232 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avsda.dll MOD - [2011.07.28 16:45:04 | 000,201,083 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aeoffice.dll MOD - [2011.07.28 16:45:02 | 000,254,327 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aehelp.dll MOD - [2011.07.17 20:34:55 | 000,639,349 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aerdl.dll MOD - [2011.07.01 16:36:24 | 000,873,832 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccgen.dll MOD - [2011.07.01 16:36:24 | 000,595,816 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccmguard.dll MOD - [2011.07.01 16:36:24 | 000,511,336 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccwgrd.dll MOD - [2011.07.01 16:36:24 | 000,446,312 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccguard.dll MOD - [2011.07.01 16:36:24 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe MOD - [2011.07.01 16:36:24 | 000,322,920 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\cchips.dll MOD - [2011.07.01 16:36:24 | 000,304,488 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccmsg.dll MOD - [2011.07.01 16:36:24 | 000,290,664 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccupdate.dll MOD - [2011.07.01 16:36:24 | 000,174,440 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\cclic.dll MOD - [2011.07.01 16:36:24 | 000,121,704 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccupdw.dll MOD - [2011.07.01 16:36:24 | 000,103,272 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\mgrs.dll MOD - [2011.07.01 16:36:24 | 000,044,904 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avpref.dll MOD - [2011.07.01 16:36:24 | 000,021,352 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccwgrdrc.dll MOD - [2011.07.01 16:36:23 | 002,633,064 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\rcimage.dll MOD - [2011.07.01 16:36:23 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe MOD - [2011.07.01 16:36:23 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe MOD - [2011.07.01 16:36:23 | 000,203,112 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avevtlog.dll MOD - [2011.07.01 16:36:23 | 000,089,960 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgio.dll MOD - [2011.06.06 12:55:32 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.06.06 12:55:30 | 000,394,136 | ---- | M] (Adobe Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.dll MOD - [2011.06.01 23:50:42 | 000,323,957 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aesbx.dll MOD - [2011.05.02 20:09:56 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe MOD - [2011.05.02 20:09:56 | 000,039,784 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccgenrc.dll MOD - [2011.04.06 16:20:16 | 000,152,864 | ---- | M] (Apple Inc.) -- C:\Programme\Bonjour\mdnsNSP.dll MOD - [2011.03.21 17:30:02 | 014,021,920 | ---- | M] (IBM Corporation and others) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\icudt40.dll MOD - [2011.03.21 17:30:02 | 001,041,696 | ---- | M] (IBM Corporation and others) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\icuin40.dll MOD - [2011.03.21 17:30:02 | 000,922,912 | ---- | M] (IBM Corporation and others) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\icuuc40.dll MOD - [2011.03.04 08:36:21 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\jscript.dll MOD - [2011.02.18 17:37:16 | 000,173,344 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll MOD - [2011.02.18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe MOD - [2011.02.08 15:33:28 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll MOD - [2011.02.06 12:32:00 | 000,124,192 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\objc.dll MOD - [2011.02.06 12:31:58 | 000,042,784 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libdispatch.dll MOD - [2011.02.06 12:31:50 | 000,828,704 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\CoreFoundation.dll MOD - [2010.12.24 23:01:30 | 000,077,569 | ---- | M] (ACE Compression Software) -- C:\Programme\Avira\AntiVir Desktop\unacev2.dll MOD - [2010.12.20 19:25:50 | 000,737,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsasrv.dll MOD - [2010.12.13 09:46:14 | 000,037,224 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\guardmsg.dll MOD - [2010.12.13 09:46:14 | 000,029,032 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccmgrdrc.dll MOD - [2010.12.13 09:46:14 | 000,025,448 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccupdrc.dll MOD - [2010.12.13 09:46:14 | 000,025,448 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccgrdrc.dll MOD - [2010.12.13 09:46:14 | 000,009,576 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\cchipsrc.dll MOD - [2010.12.13 09:46:14 | 000,008,552 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\schedr.dll MOD - [2010.12.13 09:46:14 | 000,008,552 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccmainrc.dll MOD - [2010.12.13 09:46:14 | 000,005,480 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccmsgrc.dll MOD - [2010.12.13 09:46:14 | 000,005,480 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\cclicrc.dll MOD - [2010.12.13 09:45:59 | 000,104,296 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\msgclient.dll MOD - [2010.12.13 09:45:59 | 000,016,744 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\onlcfg.dll MOD - [2010.12.13 09:45:58 | 000,288,616 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\ccwkrlib.dll MOD - [2010.12.13 09:45:58 | 000,054,120 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\cfglib.dll MOD - [2010.12.13 09:45:57 | 000,075,112 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccwgrdw.dll MOD - [2010.12.13 09:45:53 | 000,092,520 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccgrdw.dll MOD - [2010.12.13 09:45:51 | 000,063,848 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avsmtp.dll MOD - [2010.12.13 09:45:50 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe MOD - [2010.12.13 09:45:49 | 000,122,216 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avesvc.dll MOD - [2010.11.22 14:01:40 | 000,127,349 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aescn.dll MOD - [2010.11.22 14:01:02 | 000,393,589 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aeemu.dll MOD - [2010.11.17 14:16:14 | 000,075,040 | ---- | M] (Apple, Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\ASL.dll MOD - [2010.11.09 16:51:40 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbc32.dll MOD - [2010.10.23 02:50:50 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll MOD - [2010.10.02 13:40:22 | 003,866,528 | ---- | M] (Adobe Systems, Inc.) -- C:\Programme\Mail.Ru\DragonsDe\flash.ocx MOD - [2010.10.02 13:40:22 | 003,644,120 | ---- | M] (LLC Mail.Ru) -- C:\Programme\Mail.Ru\DragonsDe\DwarClientDe.exe MOD - [2010.10.02 13:40:16 | 001,371,864 | ---- | M] (LLC Mail.Ru) -- C:\Programme\Mail.Ru\DragonsDe\dwarcomplectDe.dll MOD - [2010.10.02 13:40:14 | 001,739,960 | ---- | M] (LLC Mail.Ru) -- C:\Programme\Mail.Ru\DragonsDe\dwarchatgadgetsDe.dll MOD - [2010.10.02 13:40:10 | 001,552,560 | ---- | M] (LLC Mail.Ru) -- C:\Programme\Mail.Ru\DragonsDe\dwarchatDe.dll MOD - [2010.10.02 13:40:06 | 001,153,720 | ---- | M] (LLC Mail.Ru) -- C:\Programme\Mail.Ru\DragonsDe\dwarsuperstrikeDe.dll MOD - [2010.10.02 13:40:04 | 001,060,528 | ---- | M] (LLC Mail.Ru) -- C:\Programme\Mail.Ru\DragonsDe\dwarfavoritesDe.dll MOD - [2010.10.02 13:40:00 | 000,998,056 | ---- | M] (LLC Mail.Ru) -- C:\Programme\Mail.Ru\DragonsDe\dwarloginDe.dll MOD - [2010.10.02 13:39:58 | 001,406,640 | ---- | M] (LLC Mail.Ru) -- C:\Programme\Mail.Ru\DragonsDe\dwarnotepadDe.dll MOD - [2010.10.02 13:39:54 | 001,051,832 | ---- | M] (LLC Mail.Ru) -- C:\Programme\Mail.Ru\DragonsDe\dwarscreenshotmakerDe.dll MOD - [2010.09.20 12:34:10 | 000,040,448 | ---- | M] (Embarcadero Technologies, Inc.) -- C:\Programme\Mail.Ru\DragonsDe\borlndmm.dll MOD - [2010.08.27 10:01:37 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\t2embed.dll MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2010.08.13 20:16:07 | 000,106,868 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aevdf.dll MOD - [2010.08.10 00:00:48 | 000,053,024 | ---- | M] (Open Source Software community project) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\pthreadVC2.dll MOD - [2010.06.17 15:30:17 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2010.06.17 15:30:16 | 000,767,488 | ---- | M] (Sleepycat Software) -- C:\Programme\Avira\AntiVir Desktop\libdb44.dll MOD - [2010.06.17 15:30:13 | 000,062,312 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avipc.dll MOD - [2010.06.17 15:07:03 | 000,010,088 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avesvcr.dll MOD - [2010.05.10 09:23:00 | 000,053,618 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aebb.dll MOD - [2010.03.18 17:47:22 | 000,017,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\aspnet_counters.dll MOD - [2010.03.18 14:16:28 | 000,771,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr100_clr0400.dll MOD - [2010.03.18 11:09:00 | 000,049,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netfxperf.dll MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.03.05 16:37:40 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\asycfilt.dll MOD - [2010.02.19 15:54:38 | 000,167,784 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\webcat.dll MOD - [2010.01.14 22:12:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe MOD - [2009.10.22 05:29:56 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll MOD - [2009.10.21 07:38:36 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\strmfilt.dll MOD - [2009.10.21 07:38:36 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\httpapi.dll MOD - [2009.10.13 12:32:34 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oakley.dll MOD - [2009.10.12 15:38:18 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rastls.dll MOD - [2009.10.12 15:38:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\raschap.dll MOD - [2009.08.12 21:18:48 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Java\jre6\bin\msvcr71.dll MOD - [2009.07.17 18:15:43 | 001,441,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\query.dll MOD - [2009.07.12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll MOD - [2009.07.12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll MOD - [2009.07.12 00:02:02 | 003,780,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll MOD - [2009.07.12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll MOD - [2009.07.12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll MOD - [2009.07.12 00:02:00 | 000,063,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll MOD - [2009.05.07 17:32:03 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\localspl.dll MOD - [2009.03.08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dxtmsft.dll MOD - [2009.03.08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dxtrans.dll MOD - [2009.03.08 04:31:38 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imgutil.dll MOD - [2009.03.08 04:31:36 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pngfilt.dll MOD - [2009.03.08 04:22:38 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msls31.dll MOD - [2009.03.06 16:19:00 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pdh.dll MOD - [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\fastprox.dll MOD - [2009.02.09 12:51:42 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvsd.dll MOD - [2008.07.06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll MOD - [2008.06.24 18:42:48 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mscms.dll MOD - [2008.06.12 16:20:47 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mtxclu.dll MOD - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe MOD - [2008.04.14 07:52:34 | 000,531,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemcore.dll MOD - [2008.04.14 07:52:34 | 000,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wzcdlg.dll MOD - [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemess.dll MOD - [2008.04.14 07:52:34 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemcomn.dll MOD - [2008.04.14 07:52:34 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprov.dll MOD - [2008.04.14 07:52:34 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32spl.dll MOD - [2008.04.14 07:52:34 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winscard.dll MOD - [2008.04.14 07:52:34 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiutils.dll MOD - [2008.04.14 07:52:34 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiaprpl.dll MOD - [2008.04.14 07:52:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemcons.dll MOD - [2008.04.14 07:52:34 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll MOD - [2008.04.14 07:52:34 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wzcsapi.dll MOD - [2008.04.14 07:52:34 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xmlprovi.dll MOD - [2008.04.14 07:52:34 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemsvc.dll MOD - [2008.04.14 07:52:34 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winipsec.dll MOD - [2008.04.14 07:52:34 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll MOD - [2008.04.14 07:52:34 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wshtcpip.dll MOD - [2008.04.14 07:52:34 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemprox.dll MOD - [2008.04.14 07:52:34 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll MOD - [2008.04.14 07:52:32 | 000,715,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sxs.dll MOD - [2008.04.14 07:52:32 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tapi32.dll MOD - [2008.04.14 07:52:32 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\upnp.dll MOD - [2008.04.14 07:52:32 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sti.dll MOD - [2008.04.14 07:52:32 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpmon.dll MOD - [2008.04.14 07:52:32 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ssdpapi.dll MOD - [2008.04.14 07:52:32 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\usbmon.dll MOD - [2008.04.14 07:52:26 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolss.dll MOD - [2008.04.14 07:52:26 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shfolder.dll MOD - [2008.04.14 07:52:26 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sensapi.dll MOD - [2008.04.14 07:52:24 | 000,687,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasdlg.dll MOD - [2008.04.14 07:52:24 | 000,429,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samsrv.dll MOD - [2008.04.14 07:52:24 | 000,328,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scesrv.dll MOD - [2008.04.14 07:52:24 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasapi32.dll MOD - [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll MOD - [2008.04.14 07:52:24 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\repdrvfs.dll MOD - [2008.04.14 07:52:24 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\onex.dll MOD - [2008.04.14 07:52:24 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psbase.dll MOD - [2008.04.14 07:52:24 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\qutil.dll MOD - [2008.04.14 07:52:24 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasman.dll MOD - [2008.04.14 07:52:24 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\resutils.dll MOD - [2008.04.14 07:52:24 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\regapi.dll MOD - [2008.04.14 07:52:24 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtutils.dll MOD - [2008.04.14 07:52:24 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfctrs.dll MOD - [2008.04.14 07:52:24 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pstorsvc.dll MOD - [2008.04.14 07:52:24 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\profmap.dll MOD - [2008.04.14 07:52:24 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfdisk.dll MOD - [2008.04.14 07:52:24 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfos.dll MOD - [2008.04.14 07:52:24 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbcbcp.dll MOD - [2008.04.14 07:52:24 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfnet.dll MOD - [2008.04.14 07:52:24 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\powrprof.dll MOD - [2008.04.14 07:52:24 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pjlmon.dll MOD - [2008.04.14 07:52:24 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasadhlp.dll MOD - [2008.04.14 07:52:22 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll MOD - [2008.04.14 07:52:22 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll MOD - [2008.04.14 07:52:22 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll MOD - [2008.04.14 07:52:20 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netcfgx.dll MOD - [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netlogon.dll MOD - [2008.04.14 07:52:20 | 000,196,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msutb.dll MOD - [2008.04.14 07:52:20 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\ncprov.dll MOD - [2008.04.14 07:52:20 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ncobjapi.dll MOD - [2008.04.14 07:52:20 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mspatcha.dll MOD - [2008.04.14 07:52:20 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\nddeapi.dll MOD - [2008.04.14 07:52:20 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll MOD - [2008.04.14 07:52:18 | 001,005,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msgina.dll MOD - [2008.04.14 07:52:18 | 000,539,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msftedit.dll MOD - [2008.04.14 07:52:18 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msimtf.dll MOD - [2008.04.14 07:52:18 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msidle.dll MOD - [2008.04.14 07:52:16 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mlang.dll MOD - [2008.04.14 07:52:16 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mprapi.dll MOD - [2008.04.14 07:52:16 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll MOD - [2008.04.14 07:52:16 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfcsubs.dll MOD - [2008.04.14 07:52:14 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\icm32.dll MOD - [2008.04.14 07:52:14 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\loadperf.dll MOD - [2008.04.14 07:52:14 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll MOD - [2008.04.14 07:52:14 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetpp.dll MOD - [2008.04.14 07:52:14 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ksuser.dll MOD - [2008.04.14 07:52:12 | 001,094,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\esent.dll MOD - [2008.04.14 07:52:12 | 000,348,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hnetcfg.dll MOD - [2008.04.14 07:52:12 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\esscli.dll MOD - [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll MOD - [2008.04.14 07:52:12 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\feclient.dll MOD - [2008.04.14 07:52:12 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll MOD - [2008.04.14 07:52:10 | 001,267,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comsvcs.dll MOD - [2008.04.14 07:52:10 | 000,824,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\d3dim700.dll MOD - [2008.04.14 07:52:10 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dbghelp.dll MOD - [2008.04.14 07:52:10 | 000,367,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dsound.dll MOD - [2008.04.14 07:52:10 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\duser.dll MOD - [2008.04.14 07:52:10 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ddraw.dll MOD - [2008.04.14 07:52:10 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\credui.dll MOD - [2008.04.14 07:52:10 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eappcfg.dll MOD - [2008.04.14 07:52:10 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\colbact.dll MOD - [2008.04.14 07:52:10 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eappprxy.dll MOD - [2008.04.14 07:52:10 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptdll.dll MOD - [2008.04.14 07:52:10 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dispex.dll MOD - [2008.04.14 07:52:10 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eapolqec.dll MOD - [2008.04.14 07:52:10 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ddrawex.dll MOD - [2008.04.14 07:52:10 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dot3api.dll MOD - [2008.04.14 07:52:10 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll MOD - [2008.04.14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll MOD - [2008.04.14 07:52:10 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dot3dlg.dll MOD - [2008.04.14 07:52:10 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dciman32.dll MOD - [2008.04.14 07:52:08 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll MOD - [2008.04.14 07:52:08 | 000,625,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\catsrvut.dll MOD - [2008.04.14 07:52:08 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\catsrv.dll MOD - [2008.04.14 07:52:08 | 000,198,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\certcli.dll MOD - [2008.04.14 07:52:08 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\activeds.dll MOD - [2008.04.14 07:52:08 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\adsldpc.dll MOD - [2008.04.14 07:52:08 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll MOD - [2008.04.14 07:52:08 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clusapi.dll MOD - [2008.04.14 07:52:08 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cnbjmon.dll MOD - [2008.04.14 07:52:08 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acadproc.dll MOD - [2008.04.14 07:52:08 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\batmeter.dll MOD - [2008.04.14 07:50:42 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\icmp.dll MOD - [2008.04.14 07:50:40 | 000,545,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hhctrl.ocx MOD - [2008.04.14 07:25:40 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shdoclc.dll MOD - [2008.04.14 07:24:36 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapres.dll MOD - [2008.04.14 07:22:36 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\browselc.dll MOD - [2008.04.13 23:07:58 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dssenh.dll MOD - [2008.04.13 21:53:32 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msprivs.dll MOD - [2008.03.25 21:27:34 | 000,188,416 | ---- | M] (Hewlett-Packard Co.) -- c:\Programme\HP\Digital Imaging\bin\hpqddcmn.dll MOD - [2007.11.05 19:07:56 | 000,118,272 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\hpz3l5mu.dll MOD - [2007.11.05 19:06:06 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll MOD - [2007.03.28 18:21:54 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbcint.dll MOD - [2006.10.27 16:26:40 | 016,870,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSO.DLL MOD - [2006.10.26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll MOD - [2006.10.26 20:56:10 | 000,032,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msonpmon.dll MOD - [2006.07.17 14:21:24 | 000,173,056 | ---- | M] (MSI) -- C:\Programme\System Control Manager\MGSysCtrl.exe MOD - [2006.07.12 16:14:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\MGHwCtrl.dll MOD - [2006.06.22 16:13:28 | 000,073,728 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 7\Nero BackItUp\NBShell.dll MOD - [2006.03.22 11:07:22 | 000,040,960 | ---- | M] () -- C:\Programme\System Control Manager\edd.exe MOD - [2005.08.26 11:41:14 | 000,010,752 | ---- | M] () -- C:\Programme\System Control Manager\MGKBHook.dll MOD - [2005.08.16 21:54:10 | 000,339,968 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe MOD - [2005.05.20 09:07:18 | 000,397,312 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programme\Sony Ericsson\Mobile\File Manager\fmgrgui.dll MOD - [2005.05.20 09:05:40 | 000,155,648 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programme\Sony Ericsson\Mobile\File Manager\fmgrguil.dll MOD - [2005.04.06 16:03:28 | 000,110,592 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe MOD - [2005.01.27 16:33:58 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe MOD - [2004.08.04 13:00:00 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wiavusd.dll MOD - [2004.08.04 13:00:00 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mui\0007\hhctrlui.dll MOD - [2004.08.04 13:00:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll MOD - [2004.08.04 13:00:00 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\traffic.dll MOD - [2004.08.04 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\utildll.dll MOD - [2004.08.04 13:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfts.dll MOD - [2004.08.04 13:00:00 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pschdprf.dll MOD - [2004.08.04 13:00:00 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsvpperf.dll MOD - [2004.08.04 13:00:00 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tapiperf.dll MOD - [2004.08.04 13:00:00 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lz32.dll MOD - [2004.07.06 15:12:00 | 000,290,816 | ---- | M] () -- C:\Programme\System Control Manager\CmSuppX.dll MOD - [2003.03.19 07:20:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\MFC71.dll MOD - [2003.03.19 07:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\msvcp71.dll MOD - [2003.03.18 22:44:34 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71DEU.DLL MOD - [2003.03.18 21:12:12 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\Programme\Nero\Nero 7\Nero BackItUp\mfc71u.dll MOD - [2003.02.21 15:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\msvcr71.dll MOD - [2003.02.11 08:10:00 | 000,020,552 | ---- | M] (WinZip Computing, Inc.) -- C:\Programme\WinZip\WZSHLSTB.DLL MOD - [2002.09.30 05:00:00 | 000,087,552 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CNMLM47.DLL MOD - [2002.09.30 05:00:00 | 000,013,824 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD47.DLL MOD - [2002.09.09 07:53:22 | 000,401,462 | ---- | M] (Microsoft Corporation) -- C:\Programme\System Control Manager\msvcp60.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.07.01 16:36:24 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.07.01 16:36:23 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011.07.01 16:36:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.02 20:09:56 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.02.18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.07.11 11:13:08 | 000,118,880 | ---- | M] () [Disabled | Stopped] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2006.07.11 11:13:06 | 000,266,338 | ---- | M] () [Disabled | Stopped] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2006.07.11 11:12:22 | 001,073,152 | ---- | M] (Cyberlink) [Disabled | Stopped] -- C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service) SRV - [2006.03.22 11:07:22 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\System Control Manager\edd.exe -- (NishService) SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS) SRV - [2005.04.06 16:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service) SRV - [2005.01.27 16:33:58 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash) SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Unknown | Running] -- -- (SASKUTIL) DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011.07.01 16:36:24 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.01 16:36:24 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 15:30:17 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2006.07.19 16:58:00 | 000,081,920 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006.07.19 16:56:00 | 000,011,136 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu) DRV - [2006.07.03 10:31:26 | 000,009,088 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MGHwCtrl.sys -- (MGHwCtrl) DRV - [2006.06.18 23:38:18 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006.06.14 11:04:12 | 004,299,264 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006.03.28 17:55:20 | 000,036,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK) DRV - [2006.02.28 00:11:10 | 000,117,906 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500) DRV - [2006.02.27 15:00:50 | 000,034,880 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR) DRV - [2006.02.20 16:01:06 | 000,029,056 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR) DRV - [2005.09.07 15:49:56 | 000,243,200 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500) DRV - [2005.08.26 19:06:28 | 000,660,992 | R--- | M] (Animation Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVHybrid.sys -- (LVHybrid) DRV - [2005.08.25 22:55:04 | 008,807,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD) DRV - [2005.07.12 21:58:00 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50) DRV - [2005.05.31 15:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2005.05.31 09:42:28 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2005.05.24 16:00:37 | 000,052,384 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM) DRV - [2005.04.30 14:50:24 | 000,011,736 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VHIDMini.sys -- (VHidMinidrv) DRV - [2005.04.30 14:50:20 | 000,011,860 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum) DRV - [2005.04.30 14:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2005.04.30 14:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT) DRV - [2005.03.25 17:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr) DRV - [2004.10.19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm) DRV - [2002.06.14 07:40:22 | 000,021,276 | ---- | M] (Micronas GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\uacbflt.sys -- (UacFlt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.targa.de IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.targa.de IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.targa.de IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.targa.de IE - HKU\S-1-5-21-4072879748-2439072875-3552137244-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-4072879748-2439072875-3552137244-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-4072879748-2439072875-3552137244-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php IE - HKU\S-1-5-21-4072879748-2439072875-3552137244-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com IE - HKU\S-1-5-21-4072879748-2439072875-3552137244-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://warofdragons.de/ IE - HKU\S-1-5-21-4072879748-2439072875-3552137244-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4072879748-2439072875-3552137244-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.29 21:02:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.08.22 00:52:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.08.09 19:16:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Programme\Mozilla Sunbird\components [2011.03.11 14:42:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Programme\Mozilla Sunbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.29 21:02:05 | 000,000,000 | ---D | M] [2011.03.11 14:42:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Extensions [2011.03.11 14:42:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2011.08.22 13:49:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\o10n2j4t.default\extensions [2011.08.22 00:32:44 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\o10n2j4t.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.08.25 15:14:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\o10n2j4t.default\searchplugins\icqplugin-1.xml [2011.08.22 13:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.01.14 12:07:29 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.07.08 21:30:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- [2009.08.12 21:18:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.09.01 03:01:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.08.22 00:52:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKU\S-1-5-21-4072879748-2439072875-3552137244-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] File not found O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix) O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe (sonix) O4 - HKU\S-1-5-21-4072879748-2439072875-3552137244-1006..\Run: [Gadwin PrintScreen] C:\Programme\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc) O4 - HKU\S-1-5-21-4072879748-2439072875-3552137244-1006..\Run: [SUPERAntiSpyware] File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OfficeManager Terminerinnerung.lnk = C:\Programme\DeTeMedien\Das Telefonbuch für Deutschland\OMAlarm.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4072879748-2439072875-3552137244-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177 O8 - Extra context menu item: &Google Search - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Backward &Links - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Cac&hed Snapshot of Page - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\ich\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Si&milar Pages - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O16 - DPF: {2EF98DE5-183F-11D4-83EC-EC6A1DB6E213} hxxp://www.dynageo.de/download/dynageoviewer.cab (DynaGeoX Element) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153483820703 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.07.19 12:12:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.31 13:13:45 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\ich\Recent [2011.08.31 13:10:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner [2011.08.31 00:32:47 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0 [2011.08.31 00:31:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2011.08.30 23:22:18 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2011.08.30 23:21:33 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2011.08.30 23:20:51 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2011.08.30 23:20:47 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2011.08.30 23:20:29 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2011.08.30 23:19:35 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2011.08.30 23:18:52 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys [2011.08.30 23:18:05 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll [2011.08.30 23:18:05 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll [2011.08.30 23:15:02 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys [2011.08.30 23:14:58 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys [2011.08.30 23:14:42 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll [2011.08.30 23:14:37 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys [2011.08.30 23:14:17 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll [2011.08.30 23:13:20 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2011.08.30 23:11:55 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2011.08.30 23:10:36 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2011.08.30 23:10:17 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll [2011.08.30 22:57:50 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys [2011.08.30 22:55:29 | 002,151,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2011.08.30 22:55:29 | 002,029,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2011.08.30 22:55:28 | 002,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2011.08.30 22:55:27 | 002,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2011.08.30 22:52:36 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2011.08.30 22:52:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2011.08.30 22:52:20 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2011.08.30 22:52:15 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2011.08.30 22:52:13 | 011,081,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2011.08.30 22:45:40 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe [2011.08.30 22:45:17 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll [2011.08.30 22:40:56 | 000,023,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui [2011.08.30 22:40:53 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui [2011.08.22 13:49:39 | 000,000,000 | ---D | C] -- C:\_OTL [2011.08.22 13:17:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ich\Eigene Dateien\Trojaner-Board [2011.08.14 22:22:05 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.08.14 22:11:51 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\ich\Desktop\OTL.exe [2011.08.14 19:40:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Malwarebytes [2011.08.14 19:40:10 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.08.14 19:40:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.08.14 19:40:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.08.14 19:40:04 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.08.14 19:40:03 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.08.13 22:25:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2011.08.13 22:21:10 | 000,209,736 | ---- | C] (Comfort Software Group) -- C:\Dokumente und Einstellungen\ich\Desktop\FreeVK.exe [2011.08.13 16:43:25 | 000,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TweakUI.exe [2011.08.13 16:43:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Powertoys for Windows XP [2006.07.21 12:51:28 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll [2006.07.21 12:51:28 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll [1 C:\Dokumente und Einstellungen\ich\*.tmp files -> C:\Dokumente und Einstellungen\ich\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.01 14:38:16 | 000,023,470 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.09.01 14:38:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.09.01 03:08:19 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.09.01 03:06:14 | 000,492,642 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.09.01 03:06:14 | 000,469,662 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.09.01 03:06:14 | 000,096,768 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.09.01 03:06:14 | 000,081,188 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.08.31 21:15:56 | 000,000,155 | ---- | M] () -- C:\Dokumente und Einstellungen\ich\Desktop\noautoplay.reg [2011.08.31 13:10:28 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2011.08.31 12:53:45 | 000,329,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.08.30 22:50:46 | 000,089,088 | ---- | M] () -- C:\WINDOWS\System32\mbr.exe [2011.08.28 21:32:43 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011.08.28 15:04:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.08.26 18:23:41 | 000,026,682 | ---- | M] () -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\wklnhst.dat [2011.08.23 23:02:31 | 000,041,555 | ---- | M] () -- C:\Dokumente und Einstellungen\ich\Desktop\mm0310.zip [2011.08.22 13:00:45 | 000,000,227 | RHS- | M] () -- C:\boot.ini [2011.08.16 20:48:52 | 000,000,165 | ---- | M] () -- C:\Dokumente und Einstellungen\ich\Desktop\FreeVK.ini [2011.08.14 22:11:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\ich\Desktop\OTL.exe [2011.08.14 22:09:46 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011.08.13 22:21:11 | 000,209,736 | ---- | M] (Comfort Software Group) -- C:\Dokumente und Einstellungen\ich\Desktop\FreeVK.exe [2011.08.13 21:22:20 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\ich\defogger_reenable [2011.08.13 16:44:25 | 000,120,832 | ---- | M] () -- C:\Dokumente und Einstellungen\ich\Desktop\tweakui.exe [1 C:\Dokumente und Einstellungen\ich\*.tmp files -> C:\Dokumente und Einstellungen\ich\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.01 03:01:16 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2011.08.31 21:15:56 | 000,000,155 | ---- | C] () -- C:\Dokumente und Einstellungen\ich\Desktop\noautoplay.reg [2011.08.31 13:10:27 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2011.08.30 22:50:42 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\mbr.exe [2011.08.23 23:02:28 | 000,041,555 | ---- | C] () -- C:\Dokumente und Einstellungen\ich\Desktop\mm0310.zip [2011.08.13 22:21:17 | 000,000,165 | ---- | C] () -- C:\Dokumente und Einstellungen\ich\Desktop\FreeVK.ini [2011.08.13 21:22:20 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\ich\defogger_reenable [2011.08.13 16:44:24 | 000,120,832 | ---- | C] () -- C:\Dokumente und Einstellungen\ich\Desktop\tweakui.exe [2011.08.13 16:43:24 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf [2011.08.09 19:16:16 | 000,002,299 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk [2011.06.10 11:51:16 | 000,000,268 | ---- | C] () -- C:\WINDOWS\ht2.ini [2011.06.10 11:49:12 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI [2011.02.18 22:34:22 | 000,312,482 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.01.26 16:50:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.05.28 15:45:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.04.29 21:01:14 | 000,023,666 | ---- | C] () -- C:\WINDOWS\hpqins15.dat [2010.04.29 20:57:33 | 000,078,165 | ---- | C] () -- C:\WINDOWS\hpqins05.dat [2009.07.22 19:10:09 | 000,119,460 | ---- | C] () -- C:\WINDOWS\hpqins00.dat [2009.07.14 18:51:23 | 000,000,872 | ---- | C] () -- C:\WINDOWS\uninst.ini [2009.07.13 19:30:18 | 000,010,563 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat [2009.07.13 19:28:03 | 000,202,585 | ---- | C] () -- C:\WINDOWS\hpwins19.dat [2009.07.13 19:28:03 | 000,000,997 | R--- | C] () -- C:\WINDOWS\hpwmdl19.dat [2009.07.08 20:16:32 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS47.DLL [2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2006.10.05 19:23:08 | 000,003,230 | ---- | C] () -- C:\WINDOWS\mozver.dat [2006.10.05 19:10:24 | 000,082,432 | ---- | C] () -- C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.10.05 18:56:32 | 000,129,024 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE [2006.10.05 18:53:54 | 000,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006.10.05 14:52:08 | 000,026,682 | ---- | C] () -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\wklnhst.dat [2006.10.05 14:46:52 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006.10.05 13:42:50 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.07.25 12:26:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.07.25 12:09:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.07.25 10:08:25 | 000,000,207 | ---- | C] () -- C:\WINDOWS\WISO.INI [2006.07.25 09:57:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2006.07.24 17:09:26 | 000,000,742 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.07.24 16:51:39 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll [2006.07.21 13:27:07 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\MGHwCtrl.dll [2006.07.21 13:27:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MGFPCtrl.dll [2006.07.21 13:27:07 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\MGPwrShm.dll [2006.07.21 12:59:31 | 000,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll [2006.07.21 12:59:17 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2006.07.21 12:51:32 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini [2006.07.21 12:51:31 | 008,807,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys [2006.07.21 12:51:28 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnp2std.exe [2006.07.21 12:04:26 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006.07.21 12:04:26 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2006.07.21 09:47:32 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2006.07.21 09:43:26 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.07.21 09:43:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.07.21 09:36:16 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.07.21 09:32:14 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.07.21 09:31:06 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2006.07.21 09:30:24 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2006.07.21 09:30:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.07.21 09:25:12 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2006.07.19 13:05:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.07.19 13:05:13 | 000,329,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006.07.19 12:20:43 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006.07.19 12:14:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006.07.19 12:11:08 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006.07.19 11:58:44 | 000,000,854 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006.07.19 11:58:31 | 000,492,642 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006.07.19 11:58:31 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006.07.19 11:58:31 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006.07.19 11:58:31 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006.07.19 11:58:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.07.19 11:58:20 | 000,469,662 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006.07.19 11:58:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006.07.19 11:58:20 | 000,081,188 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006.07.19 11:58:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006.07.19 11:58:19 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006.07.19 11:58:18 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006.07.19 11:58:17 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006.07.19 11:58:14 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006.07.19 11:58:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006.07.19 11:58:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006.07.19 11:58:05 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2005.07.29 14:08:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\WlanInstallDll.dll [2005.07.05 20:32:00 | 000,011,863 | ---- | C] () -- C:\WINDOWS\System32\Wlan.ini [2005.04.30 14:50:20 | 000,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys [2005.01.27 16:33:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\o2flash.exe [2005.01.21 12:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll [2004.12.16 16:32:54 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys [2004.09.01 17:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll [2002.10.04 08:01:42 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2002.03.26 21:18:22 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll ========== LOP Check ========== [2006.07.21 12:44:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth [2011.05.03 17:50:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2010.04.29 20:56:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2010.09.18 10:13:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.11.17 18:09:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\ChessBase [2011.04.04 23:48:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.08.07 21:11:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\ICQ [2011.06.01 00:01:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\ITTerritory [2011.01.28 18:13:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\JAM Software [2010.04.29 20:56:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\MAGIX [2011.03.14 22:20:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\MediaProSoft Free YouTube to AVI MPEG Converter [2011.02.03 17:12:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\PriceGong [2009.05.18 19:56:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\PTC [2009.05.12 16:33:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\TeamViewer [2011.02.21 22:27:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Xilisoft ========== Purity Check ========== < End of report > |
|
19.09.2011, 13:50
| #42 |
| | Trojanerfund TR/Eyestye.n.763 , Datei: C:\System Volume Information\_restore{E5C0502A-7E6B-48C6-820FCode:
ATTFilter OTL Extras logfile created on: 01.09.2011 15:03:46 - Run 7
OTL by OldTimer - Version 3.2.26.2 Folder = C:\Dokumente und Einstellungen\ich\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,36 Mb Total Physical Memory | 350,63 Mb Available Physical Memory | 34,26% Memory free
2,41 Gb Paging File | 1,75 Gb Available in Paging File | 72,74% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 105,48 Gb Total Space | 17,82 Gb Free Space | 16,90% Space Free | Partition Type: NTFS
Drive D: | 1,47 Gb Total Space | 0,59 Gb Free Space | 40,41% Space Free | Partition Type: FAT32
Computer Name: KEVIN87 | User Name: ich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Disabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Disabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Disabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Disabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Disabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Connect
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1420:TCP" = 1420:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Software Update\hpwucli.exe" = C:\Programme\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)
"C:\Programme\Cyberlink\PowerCinema\PowerCinema.exe" = C:\Programme\Cyberlink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema -- (CyberLink Corp.)
"C:\Programme\Cyberlink\PowerCinema\PCMService.exe" = C:\Programme\Cyberlink\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Disabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Disabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Disabled:AOL 9.0
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Programme\Valve\Steam\steamapps\hoh_underworld\counter-strike\hl.exe" = C:\Programme\Valve\Steam\steamapps\hoh_underworld\counter-strike\hl.exe:*:Enabled:Half-Life Launcher
"C:\Programme\PokerStars\PokerStarsUpdate.exe" = C:\Programme\PokerStars\PokerStarsUpdate.exe:*:Enabled:PokerStars -- (PokerStars)
"C:\Programme\PokerStars\Tracer.exe" = C:\Programme\PokerStars\Tracer.exe:*:Enabled:Network Status -- (PokerStars)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Programme\Agnitum\Outpost Firewall\outpost.exe" = C:\Programme\Agnitum\Outpost Firewall\outpost.exe:*:Enabled:Outpost Firewall main module
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Disabled:ICQ Lite
"C:\Programme\ProENGINEER Schools Edition\i486_nt\nms\nmsd.exe" = C:\Programme\ProENGINEER Schools Edition\i486_nt\nms\nmsd.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC -- (PTC)
"C:\Programme\ProENGINEER Schools Edition\i486_nt\obj\xtop.exe" = C:\Programme\ProENGINEER Schools Edition\i486_nt\obj\xtop.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC -- (PTC)
"C:\Programme\Avira\AntiVir Desktop\avcenter.exe" = C:\Programme\Avira\AntiVir Desktop\avcenter.exe:*:Enabled:AntiVir starten -- (Avira GmbH)
"C:\Programme\ProENGINEER Schools Edition\i486_nt\obj\pro_comm_msg.exe" = C:\Programme\ProENGINEER Schools Edition\i486_nt\obj\pro_comm_msg.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC -- (PTC)
"C:\Programme\ITTerritory\DragonsDe\DwarClientDe.exe" = C:\Programme\ITTerritory\DragonsDe\DwarClientDe.exe:*:Enabled:DRACHENKRIEG
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Software Update\hpwucli.exe" = C:\Programme\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Disabled:ICQ6
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Disabled:ICQ6
"C:\Programme\CA\Etrust Antivirus\Realmon.exe" = C:\Programme\CA\Etrust Antivirus\Realmon.exe:*:Disabled:Realmon
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06100048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta 2006 Enzyklopädie Standard
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20FD5B04-CE35-4F5B-A2F3-6D9FD644EB70}" = WISO Mein Geld 2006 Professional
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 26
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{434BB0D6-F2CE-47EA-8703-D30EA455F8D8}" = Fingerprint Sensor Minimum Install
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Foto 2006 Standard Edition Editor
"{5E977DEC-5BB4-44C7-9FE5-9357D2DB4FCB}" = Disc2Phone
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Foto 2006 Standard Edition Bibliothek
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202)
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}" = Microsoft AutoRoute 2006
"{843B6370-4102-4FE9-9519-C0206A0A27DF}" = BlueSoleil
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5161BBC5-B3B1-4C54-9442-4D8977A18488}" =
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{902C0D79-8D7F-4956-9DCB-A223D5BF55B3}" = IEEE802.11a/b/g Wireless LAN Software
"{90F1DDBF-0C56-44B0-A920-72CC90C51565}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{9862024D-996D-4C80-90BA-0339B9DB1031}" = Nero 7 Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6871F03-E140-4559-8940-AD1CC3D58CEE}" = Sony Ericsson PC Suite
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A70500000002}" = Adobe Reader 7.0.5 - Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE28E6F5-4A03-4DED-B954-D0779B47FFBF}" = Works Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D96ED789-9A41-4A89-99A4-3CE466A80DF2}" = MAGIX Screenshare
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DF2C5F25-5736-4388-964A-92FBE3DD8197}" = Das Telefonbuch für Deutschland
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}" = KhalSetup
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F000DE4C-B6CB-4181-BAFF-EC5DA2A9C156}" = RuntimeLibsVC90
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Mythology 1.0" = Age of Mythology
"Avira AntiVir Desktop" = Avira AntiVir Premium
"bwin" = bwin Poker (remove only)
"CCleaner" = CCleaner
"DivX 5.0.2 Pro Bundle" = DivX 5.0.2 Pro Bundle
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Drachenkrieg_is1" = Drachenkrieg (with media and plugins), version 1.1.29
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426
"Gadwin PrintScreen" = Gadwin PrintScreen
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"IrfanView" = IrfanView (remove only)
"Italienisch - In 30 Tagen zum Erfolg" = Italienisch - In 30 Tagen zum Erfolg
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"Mp3 Codec" = Mpeg Layer3 Codec FHG-Radium v1.263
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItPrem_v11" = Microsoft Foto 2006 Standard Edition
"PlayChess" = PlayChess
"PokerStars" = PokerStars
"Pro/ENGINEER Schools Edition Release Wildfire 4.0 Datecode M030" = Pro/ENGINEER Schools Edition Release Wildfire 4.0 Datecode M030
"RealPlayer 6.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"Startup TOOLS WF4 Student Download" = Startup TOOLS WF4 Student Download
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ThePlaya" = The Playa
"Trillian" = Trillian
"Tweak UI 2.10" = Tweak UI
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.5
"Winamp3" = Winamp3 (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"WMCSetup" = Windows Media Connect
"Works2006Setup" = Setup-Start von Microsoft Works Suite 2006
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XviD" = XviD Video Codec 04102002-1 (Koepi's build with EPSZ ME)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.07.2011 10:24:27 | Computer Name = KEVIN87 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 09.08.2011 13:15:32 | Computer Name = KEVIN87 | Source = MsiInstaller | ID = 10005
Description = Produkt: Adobe Reader 7.0.5 - Deutsch -- Interner Fehler 2329. 32,
C:\Config.Msi\16f2b4.rbf
Error - 13.08.2011 08:31:22 | Computer Name = KEVIN87 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 13.08.2011 16:25:35 | Computer Name = KEVIN87 | Source = MsiInstaller | ID = 10005
Description = Product: Skype™ 5.1 -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2329. The arguments are: 32, C:\Config.Msi\1b27658.rbf,
Error - 17.08.2011 14:56:01 | Computer Name = KEVIN87 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 22.08.2011 07:43:10 | Computer Name = KEVIN87 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 30.08.2011 17:05:15 | Computer Name = KEVIN87 | Source = ESENT | ID = 490
Description = svchost (1336) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 30.08.2011 17:05:17 | Computer Name = KEVIN87 | Source = ESENT | ID = 490
Description = svchost (1336) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 31.08.2011 06:56:05 | Computer Name = KEVIN87 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
Error - 01.09.2011 08:40:09 | Computer Name = KEVIN87 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
[ OSession Events ]
Error - 25.10.2010 21:49:11 | Computer Name = KEVIN87 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 51
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 01.09.2011 09:11:27 | Computer Name = KEVIN87 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 01.09.2011 09:11:27 | Computer Name = KEVIN87 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 01.09.2011 09:11:27 | Computer Name = KEVIN87 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 01.09.2011 09:11:28 | Computer Name = KEVIN87 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 01.09.2011 09:11:33 | Computer Name = KEVIN87 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 01.09.2011 09:11:38 | Computer Name = KEVIN87 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 01.09.2011 09:11:38 | Computer Name = KEVIN87 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 01.09.2011 09:11:38 | Computer Name = KEVIN87 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 01.09.2011 09:11:38 | Computer Name = KEVIN87 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 01.09.2011 09:11:43 | Computer Name = KEVIN87 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
< End of report >
|
|
20.09.2011, 07:49
| #43 | |
| /// Helfer-Team | Trojanerfund TR/Eyestye.n.763 , Datei: C:\System Volume Information\_restore{E5C0502A-7E6B-48C6-820FZitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
20.09.2011, 12:59
| #44 |
| | Trojanerfund TR/Eyestye.n.763 , Datei: C:\System Volume Information\_restore{E5C0502A-7E6B-48C6-820F Hi, das muss ich ausprobieren... Was sagst du zu dem Log File? Grüße |
|
10.10.2011, 19:49
| #45 |
| | Trojanerfund TR/Eyestye.n.763 , Datei: C:\System Volume Information\_restore{E5C0502A-7E6B-48C6-820F Hi Kira, wollte jetzt nochmal nachfragen wie das OTL Logfile aussieht? Ist noch was auffälliges dabei? |
|
| Themen zu Trojanerfund TR/Eyestye.n.763 , Datei: C:\System Volume Information\_restore{E5C0502A-7E6B-48C6-820F |
| 0x00000001, 4d36e972-e325-11ce-bfc1-08002be10318, 78.42.43.62, antivir, bho, bonjour, c:\windows\system32\rundll32.exe, converter, crypto, desktop, error, feedback, festplatte, firefox, fontcache, frage, home, kaspersky, logfile, mp3, nt.dll, object, plug-in, programm, realtek, registry, security, software, svchost.exe, system, version=1.0, virus, vista, windows |
.
Linear-Darstellung
