| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: gema-trojaner (100 euro-version) win xpWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.03.2012, 13:47
| #1 |
 |  gema-trojaner (100 euro-version) win xp hallo, habe auch seit einigen tagen den gema-trojaner, der den zugriff auf win xp blockiert. im abgesicherten modus zu starten geht nicht, es kommt für einen gaaaanz kurzen ein bluescreen, bevor der rechner neustartet. ich habe nun schon - angelegt an diesen fall - OTLPENet.exe geladen, damit gebootet und den scan laufen lassen. hier das logfile der OTL.txt: Code:
ATTFilter OTL logfile created on: 3/5/2012 1:25:30 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 18.62 Gb Total Space | 1.41 Gb Free Space | 7.55% Space Free | Partition Type: NTFS
Drive D: | 18.63 Gb Total Space | 5.47 Gb Free Space | 29.36% Space Free | Partition Type: NTFS
Drive F: | 999.63 Mb Total Space | 855.06 Mb Free Space | 85.54% Space Free | Partition Type: FAT
Drive G: | 3.78 Gb Total Space | 1.90 Gb Free Space | 50.08% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
========== Win32 Services (SafeList) ==========
SRV - [2012/01/04 07:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/03/18 04:06:49 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2010/04/27 09:57:32 | 000,247,152 | ---- | M] () [Auto] -- C:\Programme\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/04/07 07:57:42 | 000,099,896 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2008/05/07 18:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/04/24 07:40:56 | 002,562,048 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/10/26 13:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Adapter | On_Demand] -- -- (Mvhel3esepcw)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (appliandMP)
DRV - File not found [Kernel | On_Demand] -- -- (AgereSoftModem)
DRV - [2012/01/14 10:58:54 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2011/11/01 04:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 04:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/11/01 04:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 04:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/03/15 06:51:03 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/03/05 18:40:57 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2010/01/05 04:31:32 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/05 04:31:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/05 04:31:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/05 04:31:30 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/08/26 03:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/28 08:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/03/18 10:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/03/17 11:45:52 | 000,019,584 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2008/03/12 21:25:36 | 002,530,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2008/02/11 10:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007/12/14 03:21:56 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/08/28 09:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/06/18 10:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/06/18 07:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/05/09 07:27:00 | 000,097,280 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2007/01/22 07:09:38 | 000,034,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wisdpen.sys -- (wisdpen)
DRV - [2006/02/27 10:45:48 | 001,342,602 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/02/27 10:43:36 | 000,030,189 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/02/27 10:43:06 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/02/27 10:40:16 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/10/26 04:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/09/19 08:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/05/09 14:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2003/07/08 12:49:24 | 000,514,155 | ---- | M] (Digital Camera) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Ca536av.sys -- (Ca536av)
DRV - [2003/05/13 18:28:14 | 000,011,048 | ---- | M] (USB BULK) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Bulk536.sys -- (USBCamera)
DRV - [2001/08/17 22:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\flo_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKU\flo_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\flo_ON_C\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\flo_ON_C\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKU\flo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\flo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\flo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 121.204.0.2:80
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.1.7
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..network.proxy.backup.ftp: "10.1.0.0"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "10.1.0.0"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "10.1.0.0"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "192.168.1.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "192.168.1.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.1.1"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "192.168.1.1"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.Net\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\DOKUME~1\flo\ANWEND~1\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5FE7198A-5950-4068-9FBF-1A60395CC4E9}: C:\Programme\1&1\1&1 SoftPhone\Firefox [2011/03/16 07:01:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_10.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_10.0
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/02/18 06:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/02/11 16:45:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/02/29 04:24:00 | 000,000,000 | ---D | M]
[2011/03/15 06:42:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\mozilla\Extensions
[2012/03/01 14:58:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\mozilla\Firefox\Profiles\h2h6cuos.default\extensions
[2011/11/22 18:59:37 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/01/13 10:57:21 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/02/11 16:26:07 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/03/01 14:58:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\mozilla\Firefox\Profiles\h2h6cuos.default\extensions\staged
[2011/03/15 18:29:10 | 000,002,062 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\searchplugins\qip-search.xml
[2011/12/25 19:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FLO\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\H2H6CUOS.DEFAULT\EXTENSIONS\{AD48108D-92A6-4EB9-87E4-978ACA1DBAE4}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FLO\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\H2H6CUOS.DEFAULT\EXTENSIONS\ADD-TO-SEARCHBOX@MALTEKRAUS.DE.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FLO\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\H2H6CUOS.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012/02/18 06:08:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011/06/19 16:47:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/23 08:41:48 | 002,557,440 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFp530.dll
[2009/09/21 05:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFv522.dll
[2011/09/23 08:43:02 | 001,623,552 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFv530.dll
[2012/01/12 16:38:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/12 16:38:34 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/01/12 16:38:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/12 16:38:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/12 16:38:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/12 16:38:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKU\flo_ON_C\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKU\flo_ON_C\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TabletTip] C:\Programme\Gemeinsame Dateien\microsoft shared\ink\tabtip.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UIExec] C:\Programme\Join Air\UIExec.exe ()
O4 - HKU\flo_ON_C..\Run: [] File not found
O4 - HKU\LocalService_ON_C..\Run: [TabletWizard] File not found
O4 - HKU\NetworkService_ON_C..\Run: [TabletWizard] File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\cd-laufwerk.lnk = C:\map.bat ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Watch.lnk = C:\Programme\4.0M MPEG4 DV\Console\Watch.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\flo\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\flo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: In 1&&1 SoftPhone wählen - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\ContextMenuHandler.html ()
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (sfklg.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\E13521A1E0A0CC59F69D.exe) - C:\WINDOWS\system32\E13521A1E0A0CC59F69D.exe (Unizeto Sp. z o.o.)
O20 - Winlogon\Notify\loginkey: DllName - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\loginkey.dll - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\loginkey.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/14 19:12:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1b60351d-b14f-11e0-9fd0-0018debd900d}\Shell - "" = AutoRun
O33 - MountPoints2\{1b60351d-b14f-11e0-9fd0-0018debd900d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b60351d-b14f-11e0-9fd0-0018debd900d}\Shell\AutoRun\command - "" = F:\SISetup.exe
O33 - MountPoints2\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\Shell - "" = AutoRun
O33 - MountPoints2\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5e03cac2-9cc9-11e0-9f9a-0018debd900d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{9180a4e3-de0a-11e0-a065-0016d498d8af}\Shell\AutoRun\command - "" = F:\RunClubSanDisk.exe
O33 - MountPoints2\{ba2d366a-6dc5-11e0-9ebf-0018debd900d}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe
O33 - MountPoints2\{ef120711-b1f4-11e0-9fd3-0016d498d8af}\Shell\AutoRun\command - "" = IO90453\JJU294\fuiahjdfu.exe
O33 - MountPoints2\{ef120711-b1f4-11e0-9fd3-0016d498d8af}\Shell\open\command - "" = IO90453\JJU294\fuiahjdfu.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E30AC7CA-ED4A-48A8-A539-A711A256B163} - Vektorgrafik-Rendering (VML)
ActiveX: {E55010A4-6F00-201C-B8B3-80AE9A1744D6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
========== Files/Folders - Created Within 30 Days ==========
[2012/03/01 09:46:47 | 000,039,424 | -H-- | C] (Unizeto Sp. z o.o.) -- C:\WINDOWS\System32\E13521A1E0A0CC59F69D.exe
[2012/02/29 04:57:46 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Nokia Suite
[2012/02/29 04:41:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia Suite
[2012/02/29 04:40:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\NokiaAccount
[2012/02/29 04:37:18 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012/02/29 04:25:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\Nokia
[2012/02/29 04:24:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia
[2012/02/29 04:24:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2012/02/29 04:24:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\PC Suite
[2012/02/29 04:24:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nokia
[2012/02/29 04:23:58 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Nokia
[2012/02/29 04:23:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2012/02/28 07:18:11 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox
[2012/02/28 06:40:45 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2012/02/28 06:40:32 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2012/02/28 06:40:13 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2012/02/28 06:40:12 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2012/02/28 06:40:11 | 000,023,168 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2012/02/28 06:40:10 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll
[2012/02/28 06:40:10 | 000,605,696 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2012/02/28 06:40:10 | 000,123,904 | ---- | C] (Nokia) -- C:\WINDOWS\System32\ccdcmbwu.dll
[2012/02/28 06:40:10 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2012/02/28 06:40:09 | 000,075,264 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2012/02/28 06:37:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2012/02/28 06:35:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2012/02/28 06:35:23 | 000,000,000 | ---D | C] -- C:\Programme\Nokia
[2012/02/14 06:30:21 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012/02/11 16:23:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Flatcast
[2012/02/11 05:31:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012/02/11 05:29:17 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2012/02/11 05:29:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Karaoke Anything!
[2012/02/11 05:29:15 | 000,000,000 | ---D | C] -- C:\Programme\Karaoke Anything!
[2012/02/11 05:27:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sibelius Software
[2012/02/11 05:27:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Sibelius Software
[2012/02/10 07:02:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sibelius Software
[2012/02/10 07:02:59 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Scores
[2012/02/10 06:59:18 | 000,000,000 | ---D | C] -- C:\Programme\Sibelius Software
[2011/04/02 11:11:02 | 000,818,176 | ---- | C] (Image-Line) -- C:\Programme\Kopie von FL Studio VSTi.dll
[2011/03/16 07:36:36 | 000,092,064 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmmdm.sys
[2011/03/16 07:36:36 | 000,079,328 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmserd.sys
[2011/03/16 07:36:36 | 000,066,656 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmbus.sys
[2011/03/16 07:36:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\flo\usbsermptxp.sys
[2011/03/16 07:36:36 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\flo\usbsermpt.sys
[2011/03/16 07:36:36 | 000,009,232 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmmdfl.sys
[2011/03/16 07:36:36 | 000,006,208 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmcmnt.sys
[2011/03/16 07:36:36 | 000,005,936 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmwhnt.sys
[2011/03/16 07:36:36 | 000,004,048 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmcr.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/03/05 07:04:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/05 07:04:12 | 000,449,334 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/03/05 07:04:12 | 000,433,130 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/05 07:04:12 | 000,080,302 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/03/05 07:04:12 | 000,067,704 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/05 07:03:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/05 07:03:38 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/03 04:28:11 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/01 15:29:55 | 000,020,180 | ---- | M] () -- C:\WINDOWS\System32\sfklg.dat
[2012/03/01 13:31:52 | 000,002,507 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Microsoft Office OneNote 2007.lnk
[2012/03/01 13:08:34 | 000,000,536 | ---- | M] () -- C:\WINDOWS\Sam9_D.INI
[2012/03/01 09:46:47 | 000,039,424 | -H-- | M] (Unizeto Sp. z o.o.) -- C:\WINDOWS\System32\E13521A1E0A0CC59F69D.exe
[2012/03/01 08:03:34 | 000,186,368 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 06:51:43 | 000,002,555 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2012/02/29 04:37:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/02/29 04:37:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf
[2012/02/29 04:31:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012/02/29 04:31:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/29 04:31:41 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/02/29 04:24:21 | 000,001,717 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nokia Suite.lnk
[2012/02/29 04:24:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nokia
[2012/02/28 16:37:17 | 000,001,014 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Desktop\Dropbox.lnk
[2012/02/28 11:39:27 | 000,224,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/28 07:53:30 | 000,002,527 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/02/28 06:38:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/02/28 06:37:10 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012/02/23 13:44:58 | 001,440,054 | ---- | M] () -- C:\WINDOWS\System32\winsh324
[2012/02/19 21:27:58 | 000,002,439 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Power Tab Editor 1.7.lnk
[2012/02/19 10:01:47 | 000,002,241 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012/02/11 16:45:10 | 000,002,292 | ---- | M] () -- C:\WINDOWS\unins002.dat
[2012/02/11 16:45:08 | 000,715,038 | ---- | M] () -- C:\WINDOWS\unins002.exe
[2012/02/11 16:27:44 | 000,002,368 | ---- | M] () -- C:\WINDOWS\unins001.dat
[2012/02/11 16:27:42 | 000,715,038 | ---- | M] () -- C:\WINDOWS\unins001.exe
[2012/02/11 16:23:21 | 000,000,898 | ---- | M] () -- C:\WINDOWS\unins000.dat
[2012/02/11 16:23:18 | 000,695,578 | ---- | M] () -- C:\WINDOWS\unins000.exe
[2012/02/11 05:31:41 | 000,000,624 | -H-- | M] () -- C:\WINDOWS\System32\T4
[2012/02/11 05:29:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Karaoke Anything!
[2012/02/11 05:29:07 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2012/02/11 05:27:27 | 000,000,604 | -H-- | M] () -- C:\Programme\STLL Notifier
[2012/02/10 16:52:30 | 000,002,563 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2003.lnk
[2012/02/10 15:40:10 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei4
[2012/02/10 15:40:10 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei2
[2012/02/10 15:40:10 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei3
[2012/02/10 15:40:10 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei1
[2012/02/10 15:40:10 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei7
[2012/02/10 15:40:10 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei5
[2012/02/10 15:40:10 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\Datei0
[2012/02/10 15:40:10 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei9
[2012/02/10 15:40:10 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei8
[2012/02/10 15:40:10 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei10
[2012/02/10 15:40:10 | 000,000,465 | ---- | M] () -- C:\WINDOWS\System32\Datei6
[2012/02/10 07:03:12 | 000,000,444 | ---- | M] () -- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2012/02/10 07:02:59 | 000,001,786 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sibelius 6.lnk
[2012/02/10 07:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sibelius Software
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/03/01 09:47:17 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/03/01 09:47:17 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/03/01 09:47:17 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/03/01 09:47:17 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/03/01 09:47:16 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2012/02/29 04:37:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/02/29 04:37:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf
[2012/02/29 04:31:42 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012/02/29 04:31:41 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/02/29 04:24:21 | 000,001,717 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nokia Suite.lnk
[2012/02/28 06:37:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012/02/11 16:45:10 | 000,715,038 | ---- | C] () -- C:\WINDOWS\unins002.exe
[2012/02/11 16:45:10 | 000,002,292 | ---- | C] () -- C:\WINDOWS\unins002.dat
[2012/02/11 16:27:43 | 000,715,038 | ---- | C] () -- C:\WINDOWS\unins001.exe
[2012/02/11 16:27:43 | 000,002,368 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2012/02/11 16:23:20 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2012/02/11 16:23:20 | 000,000,898 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2012/02/11 05:31:41 | 000,000,624 | -H-- | C] () -- C:\WINDOWS\System32\T4
[2012/02/11 05:27:27 | 000,000,604 | -H-- | C] () -- C:\Programme\STLL Notifier
[2012/02/10 07:02:59 | 000,001,786 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sibelius 6.lnk
[2012/02/10 06:59:03 | 000,000,444 | ---- | C] () -- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2012/01/14 11:00:00 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2012/01/14 10:59:31 | 000,000,074 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2012/01/14 10:59:27 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2012/01/14 10:59:27 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2012/01/14 10:59:27 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2012/01/14 10:59:27 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2012/01/14 10:58:54 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2011/12/23 06:24:51 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/12/23 02:33:11 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2011/09/12 13:43:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011/09/12 13:43:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011/09/12 13:43:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2011/09/12 13:43:19 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2011/09/12 13:43:19 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2011/08/05 06:24:02 | 000,000,030 | ---- | C] () -- C:\Programme\Exiferupdate.ini
[2011/07/28 12:23:36 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
[2011/07/28 12:23:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2011/07/28 12:23:02 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\mvusbews.dll
[2011/07/28 12:22:57 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2011/07/18 10:14:01 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
[2011/04/11 14:56:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2011/04/06 10:01:20 | 000,030,461 | ---- | C] () -- C:\WINDOWS\snap099.dat
[2011/04/06 10:01:20 | 000,029,565 | ---- | C] () -- C:\WINDOWS\snap098.dat
[2011/04/06 10:01:20 | 000,028,669 | ---- | C] () -- C:\WINDOWS\snap097.dat
[2011/04/06 10:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap095.dat
[2011/04/06 10:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap094.dat
[2011/04/06 10:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap093.dat
[2011/04/06 10:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap090.dat
[2011/04/06 10:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap089.dat
[2011/04/06 10:01:20 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap096.dat
[2011/04/06 10:01:20 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap092.dat
[2011/04/06 10:01:20 | 000,025,981 | ---- | C] () -- C:\WINDOWS\snap091.dat
[2011/04/06 10:01:19 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap088.dat
[2011/04/06 10:01:19 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap087.dat
[2011/04/06 10:01:19 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap086.dat
[2011/04/06 10:01:19 | 000,025,981 | ---- | C] () -- C:\WINDOWS\snap085.dat
[2011/04/06 10:01:19 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap084.dat
[2011/04/06 10:01:19 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap083.dat
[2011/04/06 10:01:19 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap082.dat
[2011/04/06 10:01:19 | 000,022,397 | ---- | C] () -- C:\WINDOWS\snap081.dat
[2011/04/06 10:01:19 | 000,021,501 | ---- | C] () -- C:\WINDOWS\snap080.dat
[2011/04/06 10:01:19 | 000,020,605 | ---- | C] () -- C:\WINDOWS\snap079.dat
[2011/04/06 10:01:19 | 000,019,709 | ---- | C] () -- C:\WINDOWS\snap078.dat
[2011/04/06 10:01:19 | 000,019,709 | ---- | C] () -- C:\WINDOWS\snap077.dat
[2011/04/06 10:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap072.dat
[2011/04/06 10:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap069.dat
[2011/04/06 10:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap068.dat
[2011/04/06 10:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap067.dat
[2011/04/06 10:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap066.dat
[2011/04/06 10:01:18 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap073.dat
[2011/04/06 10:01:18 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap071.dat
[2011/04/06 10:01:18 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap070.dat
[2011/04/06 10:01:18 | 000,022,397 | ---- | C] () -- C:\WINDOWS\snap074.dat
[2011/04/06 10:01:18 | 000,021,501 | ---- | C] () -- C:\WINDOWS\snap075.dat
[2011/04/06 10:01:18 | 000,020,605 | ---- | C] () -- C:\WINDOWS\snap076.dat
[2011/04/06 10:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap061.dat
[2011/04/06 10:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap060.dat
[2011/04/06 10:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap059.dat
[2011/04/06 10:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap058.dat
[2011/04/06 10:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap057.dat
[2011/04/06 10:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap055.dat
[2011/04/06 10:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap053.dat
[2011/04/06 10:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap065.dat
[2011/04/06 10:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap064.dat
[2011/04/06 10:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap063.dat
[2011/04/06 10:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap062.dat
[2011/04/06 10:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap056.dat
[2011/04/06 10:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap054.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap052.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap051.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap050.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap049.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap048.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap047.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap046.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap045.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap044.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap043.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap042.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap041.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap040.dat
[2011/04/06 10:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap039.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap038.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap037.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap036.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap035.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap034.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap033.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap032.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap031.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap030.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap029.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap028.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap027.dat
[2011/04/06 10:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap026.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap025.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap024.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap023.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap022.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap021.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap020.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap019.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap018.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap017.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap016.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap015.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap014.dat
[2011/04/06 10:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap013.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap012.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap011.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap010.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap009.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap008.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap007.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap006.dat
[2011/04/06 10:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap005.dat
[2011/04/06 10:00:41 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap004.dat
[2011/04/06 10:00:41 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap003.dat
[2011/04/06 10:00:30 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap002.dat
[2011/04/06 10:00:29 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap001.dat
[2011/04/06 10:00:29 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap000.dat
[2011/04/06 09:58:29 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2011/04/06 09:58:25 | 000,002,042 | ---- | C] () -- C:\WINDOWS\Ca536a.ini
[2011/03/23 13:39:32 | 000,000,038 | -HS- | C] () -- C:\WINDOWS\camcodec100.ini
[2011/03/23 13:39:32 | 000,000,028 | -HS- | C] () -- C:\WINDOWS\lagarith.ini
[2011/03/23 13:39:18 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011/03/23 12:39:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2011/03/21 11:04:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kopie von musicmaker.INI
[2011/03/21 10:16:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\musicmaker.INI
[2011/03/21 10:13:46 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini
[2011/03/21 09:54:10 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\mgxasio.dll
[2011/03/19 17:57:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/18 03:55:30 | 000,000,536 | ---- | C] () -- C:\WINDOWS\Sam9_D.INI
[2011/03/18 03:51:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2011/03/18 03:51:19 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2011/03/18 03:48:46 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/03/17 12:46:25 | 000,020,180 | ---- | C] () -- C:\WINDOWS\System32\sfklg.dat
[2011/03/16 07:36:36 | 000,009,913 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\MCCI_MDM.INF
[2011/03/16 07:36:36 | 000,009,232 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USB_MOT_BRIT.INF
[2011/03/16 07:36:36 | 000,007,201 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USBMOT2000.INF
[2011/03/16 07:36:36 | 000,006,989 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\MCCI_BUS.INF
[2011/03/16 07:36:36 | 000,006,141 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USBMOT2000XP.INF
[2011/03/16 07:36:36 | 000,005,960 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USB_MOT_A1000.INF
[2011/03/16 07:36:36 | 000,005,880 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USB_CMCS_2000.INF
[2011/03/16 07:36:36 | 000,004,477 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\MCCI_SDM.INF
[2011/03/15 18:09:20 | 000,186,368 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/15 06:42:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/14 20:28:05 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2011/03/14 19:19:29 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011/03/14 19:14:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/14 19:04:58 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/14 18:41:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/14 18:40:35 | 000,224,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/01 03:48:16 | 000,053,478 | ---- | C] () -- C:\WINDOWS\mvtcpui.ini
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,449,334 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006/02/28 07:00:00 | 000,433,130 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,080,302 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006/02/28 07:00:00 | 000,067,704 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/02/27 10:51:36 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/03/06 01:06:02 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\sfklgcp.exe.vir
[2005/03/06 01:05:56 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\sfklg.dll.vir
[2004/01/13 12:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2001/11/14 06:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2011/10/31 05:21:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Application Updater
[2011/10/17 12:15:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\.oit
[2011/06/09 10:04:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\1&1
[2012/01/21 08:54:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\ASCOMP Software
[2011/07/21 05:33:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\avidemux
[2012/02/10 05:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Azureus
[2012/01/22 04:19:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DesktopIconForAmazon
[2011/07/02 14:44:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Downloadr
[2012/02/28 16:37:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Dropbox
[2011/10/31 05:41:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DVDVideoSoft
[2011/10/31 05:41:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012/02/11 16:23:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Flatcast
[2011/07/22 03:44:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\GARMIN
[2011/07/18 06:32:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\GetRightToGo
[2011/03/15 18:07:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\GrabPro
[2011/04/02 04:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Gutscheinmieze
[2011/03/21 11:23:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\MAGIX
[2012/02/29 04:41:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia
[2012/02/29 04:41:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Nokia Suite
[2011/11/26 06:40:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Opera
[2012/02/28 08:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Orbit
[2012/02/29 04:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\PC Suite
[2011/03/28 03:23:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\PDF Writer
[2011/03/15 18:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\ProgSense
[2011/03/15 18:11:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\QIP
[2011/03/15 18:29:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\QipGuard
[2011/07/21 11:17:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Vara Software
[2011/08/22 07:57:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Wirecast
[2011/06/09 10:02:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1&1
[2011/06/12 15:48:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Applian
[2011/03/21 16:47:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2011/03/25 17:52:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GARMIN
[2011/03/22 16:30:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2011/09/12 13:43:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Minnetonka Audio Software
[2012/02/29 04:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2012/02/28 06:35:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2012/02/29 04:36:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2011/03/28 03:23:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PDF Writer
[2012/01/17 16:20:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Stardraw.com Ltd
[2011/07/21 11:17:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Telestream
[2012/02/11 05:53:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2011/04/11 14:56:50 | 000,000,000 | -H-D | M] -- C:\BJPrinter
[2011/03/14 19:19:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2012/01/05 06:10:40 | 000,000,000 | ---D | M] -- C:\downloads
[2011/03/15 17:57:40 | 000,000,000 | ---D | M] -- C:\Garmin
[2011/03/14 20:27:57 | 000,000,000 | ---D | M] -- C:\Intel
[2011/03/15 07:34:45 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/05/27 01:09:38 | 000,000,000 | ---D | M] -- C:\Program Files
[2012/02/28 07:18:11 | 000,000,000 | R--D | M] -- C:\Programme
[2011/03/14 19:39:39 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011/04/21 06:03:15 | 000,000,000 | ---D | M] -- C:\SWSetup
[2012/03/01 18:15:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/03/14 21:03:24 | 000,000,000 | ---D | M] -- C:\Temp
[2012/03/05 07:03:40 | 000,000,000 | ---D | M] -- C:\WINDOWS
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2006/02/28 07:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011/03/19 17:47:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011/03/19 17:47:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2006/02/28 07:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011/03/19 17:47:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011/03/19 17:47:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 21:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 21:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2006/02/28 07:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 21:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/13 21:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
< MD5 for: NETLOGON.DLL >
[2008/04/13 21:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 21:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 13:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008/04/13 21:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 21:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2006/02/28 07:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: USER32.DLL >
[2006/02/28 07:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008/04/13 21:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 21:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008/04/13 21:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 21:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2006/02/28 07:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2006/02/28 07:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 21:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 21:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2006/02/28 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2006/02/28 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2011/03/14 19:39:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011/03/14 19:39:49 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011/03/14 19:39:49 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 12:46:10 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2008/04/13 21:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 21:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2010/04/16 11:06:44 | 001,509,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shdocvw.dll
[2008/06/17 14:00:59 | 008,502,272 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C8B8CEBD
< End of report >
danke schonmal + gruß, flo. |
| Themen zu gema-trojaner (100 euro-version) win xp |
| 0x00000001, adobe, alternate, bho, bluescreen, conduit, desktop, disabletaskmgr, downloader, einstellungen, error, excel, explorer, firefox, format, google, helper, logfile, microsoft office word, port, registry, rundll, scan, senden, services.exe, software, starten, studio, tablet, windows, windows xp, winlogon.exe |
Baum-Darstellung