Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Verschlüsselungstrojaner vom 29.05.2012

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.05.2012, 14:26   #1
GaMaVa
 
Verschlüsselungstrojaner vom 29.05.2012 - Standard

Verschlüsselungstrojaner vom 29.05.2012



Mein Rechner wurde am 29.05. befallen von dem Mahnbescheid-Trojaner. Die 100-Euro-Variante mit der 256 Bit AES-Verschlüsselung.

- habe Win XP Prof Serv Pack 3

- kann nicht Booten im abgesicherten Modus und komme nicht weiter

Wie muß ich bitte vorgehen um in das System zu kommen?

Wer kann mir da bitte helfen?

Danke Gabriel

Alt 30.05.2012, 16:38   #2
markusg
/// Malware-holic
 
Verschlüsselungstrojaner vom 29.05.2012 - Standard

Verschlüsselungstrojaner vom 29.05.2012



hi,
falls du bereits an die infektionsquelle kommst:
an solchen mails mit rechnung, mahnung und sonstigen anhängen, von unbekannten absendern bin ich interessiert.
wenn du ein mail programm nutzt, dann mail markieren, rechtsklick, speichern unter, typ:
.eml einstellen.
dann bitte lesen:
markusg - trojaner-board.de
und mir die soeben erstellte datei zukommen lassen.
wenn du deine mails über den browser abrufst, sag mir mal welchen anbieter du nutzt, dann geht das ein bisschen anders.
bitte warne freunde, bekannte, verwante etc vor dieser masche, und lasse ihnen ruhig diese mail adresse zukommen.
sie können dann dorthin solche verdächtigen mails senden.
diese helfen uns dann, angemessen auf neue bedrohungen zu reagieren, da diese schadsoftware auch updates erhält ist das wichtig.

danach:
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.


Lade OTLpe Download OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD


Bebilderte Anleitung: OTLpe-Scan
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.
__________________

__________________

Alt 30.05.2012, 16:59   #3
GaMaVa
 
Verschlüsselungstrojaner vom 29.05.2012 - Standard

Verschlüsselungstrojaner vom 29.05.2012



Habe nun die OTL Datei aber Probleme Sie hier einzustellen. Sie ist zu Groß mit 130 kb für ein Anhang

Blöde Frage wo ist bitte die Testbox?

Danke

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 5/30/2012 6:43:58 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 116.41 Gb Total Space | 29.90 Gb Free Space | 25.69% Space Free | Partition Type: NTFS
Drive D: | 66.90 Gb Total Space | 0.44 Gb Free Space | 0.65% Space Free | Partition Type: NTFS
Drive E: | 8.55 Gb Total Space | 2.57 Gb Free Space | 30.03% Space Free | Partition Type: FAT32
Drive G: | 1.89 Gb Total Space | 1.15 Gb Free Space | 60.84% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet006
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled] --  -- (HidServ)
SRV - [2012/05/04 03:05:05 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/29 19:09:18 | 000,071,024 | ---- | M] () [Auto] -- C:\Programme\Haufe\iDesk\iDeskService\iDeskService.exe -- (HRService)
SRV - [2012/03/22 13:29:08 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/03/20 07:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto] -- C:\WINDOWS\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 07:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2012/03/20 07:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV - [2012/02/26 19:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/01/27 13:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 13:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 13:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 13:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 13:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 13:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/01/26 07:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/03/18 10:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/11/23 03:17:21 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/03/28 23:42:42 | 000,029,704 | ---- | M] (TuneUp Software GmbH) [Auto] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006/11/03 14:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto] -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/04/07 13:40:10 | 000,204,800 | ---- | M] (Acronis) [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2005/11/21 06:34:24 | 000,081,920 | ---- | M] (AVM Berlin) [Auto] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service)
SRV - [2005/11/21 05:48:06 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv)
SRV - [2005/10/28 15:54:18 | 000,114,784 | ---- | M] () [Auto] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005/10/28 15:54:16 | 000,258,146 | ---- | M] () [Auto] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005/10/28 15:53:38 | 001,081,344 | ---- | M] (Cyberlink) [Auto] -- C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/07/24 18:35:00 | 000,053,248 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/05/13 12:11:14 | 000,869,888 | ---- | M] (Nero AG) [Auto] -- C:\Programme\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2004/10/21 21:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2001/11/12 08:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (upperdev)
DRV - File not found [Kernel | Boot] --  -- (sptd)
DRV - File not found [Kernel | Boot] --  -- (rseb)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2012/02/22 07:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 07:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 07:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 07:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 07:29:46 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/02/22 07:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 07:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2012/02/22 07:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2012/02/22 07:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 07:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/02/15 07:23:20 | 000,021,504 | ---- | M] (hxxp://www.atmel.com) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/08/13 10:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/08/26 04:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/12/31 10:18:03 | 000,387,520 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2007/12/31 10:18:03 | 000,032,224 | ---- | M] (Acronis) [File_System | Auto] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/12/31 10:17:57 | 000,099,776 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2007/01/05 12:21:06 | 000,093,056 | ---- | M] (C-Media Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmiucr.SYS -- (CMISTOR)
DRV - [2007/01/05 09:51:36 | 000,023,208 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\grmn0200.sys -- (grmn0200) grmn0200.Sys Garmin USB DCP driver (install)
DRV - [2005/11/21 05:41:50 | 000,367,104 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETFWDSL.SYS -- (NETFWDSL)
DRV - [2005/11/21 05:41:50 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netdsl.sys -- (NETDSL)
DRV - [2005/10/21 13:52:52 | 000,016,800 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hppaufd0.sys -- (dot4ufd)
DRV - [2005/10/17 09:52:58 | 000,826,112 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2005/08/18 19:35:04 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/07/14 15:58:38 | 000,241,536 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (RT2500USB)
DRV - [2005/05/19 11:52:58 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2005/05/13 12:03:54 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2005/05/13 12:03:52 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/05/13 11:03:25 | 000,028,160 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/23 03:33:10 | 000,010,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2000/07/17 09:57:16 | 000,012,169 | R--- | M] (GARMIN Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\grmn1200.sys -- (grmn1200)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.yahoo.de
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\Gabriel_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=fp-yie8
IE - HKU\Gabriel_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*hxxp://www.yahoo.com
IE - HKU\Gabriel_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Gabriel_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.de/
IE - HKU\Gabriel_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Gabriel_ON_C\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Programme\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\Gabriel_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\Gabriel_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\Gabriel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Gabriel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: C:\Programme\McAfee\MSC\npMcSnFFPl.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Programme\McAfee\SiteAdvisor\NPMcFFPlg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2910: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Programme\McAfee\SiteAdvisor [2012/02/26 08:04:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Programme\Gemeinsame Dateien\McAfee\SystemCore [2012/05/29 09:44:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/05/17 13:07:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/05/17 13:07:53 | 000,000,000 | ---D | M]
 
[2012/02/16 07:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\mozilla\Extensions
[2012/02/16 07:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\mozilla\Extensions\ideskbrowser@haufe.de
[2012/05/18 14:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\mozilla\Firefox\Profiles\n4votnje.default\extensions
[2012/05/18 14:35:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\mozilla\Firefox\Profiles\n4votnje.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/21 11:45:09 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\mozilla\Firefox\Profiles\n4votnje.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/03/19 02:13:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/02/13 10:26:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012/02/13 10:26:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) -- C:\PROGRAMME\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}
[2012/05/04 03:05:04 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011/04/14 08:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\mozilla firefox\components\Scriptff.dll
[2012/02/25 12:01:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/13 13:45:11 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/13 13:45:11 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/02/13 13:45:11 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/13 13:45:11 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/22 16:25:35 | 000,002,027 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/02/13 13:45:11 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/13 13:45:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/10/11 10:28:31 | 000,000,934 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Gemeinsame Dateien\Mcafee\SystemCore\ScriptSn.20120428083128.dll (McAfee, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\Gabriel_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Gabriel_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Gabriel_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageServer\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCREye.exe ()
O4 - HKLM..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\aol\1195753421\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [mcui_exe] C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MedionVFD] C:\Programme\Medion Info Display\MdionLCM.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCMService] C:\Programme\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [POINTER]  File not found
O4 - HKLM..\Run: [RemoteControl] C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TransferManager] C:\Programme\Gemeinsame Dateien\Lexware\Internettransfer\LxTrans.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageServer\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UserFaultCheck]  File not found
O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YMailAdvisor] C:\Programme\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Programme\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\Gabriel_ON_C..\Run: [180EC79D] C:\WINDOWS\system32\153BEA48180EC79D980E.exe (Sporopo po po)
O4 - HKU\Gabriel_ON_C..\Run: [Search Protection] C:\Programme\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\Gabriel_ON_C..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Gabriel_ON_C..\Run: [TuneUp MemOptimizer] C:\Programme\TuneUp Utilities 2007\MemOptimizer.exe (TuneUp Software GmbH)
O4 - HKU\Gabriel_ON_C..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\LocalService_ON_C..\Run: [rundll32.exe]  File not found
O4 - HKU\NetworkService_ON_C..\Run: [rundll32.exe]  File not found
O4 - HKU\systemprofile_ON_C..\Run: [Nokia.PCSync]  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Symantec Fax Starter Edition-Anschluss.lnk = C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Gabriel\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O4 - Startup: C:\Dokumente und Einstellungen\Gabriel\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Gabriel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Gabriel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 03 F0 FF 03  [binary data]
O7 - HKU\Gabriel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments =  [binary data]
O7 - HKU\Gabriel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\Gabriel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\Gabriel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Gabriel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\Gabriel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\FRITZ!DSL\SARAH.DLL (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1231786570218 (MUCatalogWebControl Class)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} hxxp://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - C:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\153BEA48180EC79D980E.exe) - C:\WINDOWS\system32\153BEA48180EC79D980E.exe (Sporopo po po)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/29 14:30:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee
[2012/05/29 08:37:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\Qhvytzpw
[2012/05/29 08:36:13 | 000,098,304 | -H-- | C] (Sporopo po po) -- C:\WINDOWS\System32\153BEA48180EC79D980E.exe
[2012/05/27 11:46:42 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Gabriel\Recent
[2012/05/17 13:06:37 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2012/05/16 03:18:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabriel\Eigene Dateien\Zeppelin Air Programmer
[2012/05/04 09:02:36 | 000,000,000 | ---D | C] -- C:\Programme\Citrix
[2012/05/04 03:05:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla
[2012/05/04 03:05:40 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service
[2012/05/02 12:12:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple Computer
[2012/05/02 12:00:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2012/05/02 12:00:05 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\NetworkService\IETldCache
[2010/12/05 14:13:38 | 000,070,553 | ---- | C] (Open Source Software community project) -- C:\Dokumente und Einstellungen\Gabriel\pthreadGC2.dll
[1999/03/11 20:22:04 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Programme\Gemeinsame Dateien\IRAABOUT.DLL
[1998/12/09 05:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\IRAREG.DLL
[1998/12/09 05:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\IRAMDMTR.DLL
[1998/12/09 05:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\IRALPTTR.DLL
[1998/12/09 05:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\IRAWEBTR.DLL
[1998/12/09 05:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Programme\Gemeinsame Dateien\IRASRIAL.DLL
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/30 07:52:42 | 000,181,956 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/05/30 07:52:39 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/30 07:52:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/30 03:27:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/29 15:51:29 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/05/29 14:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee
[2012/05/29 14:26:11 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/29 11:16:50 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk
[2012/05/29 11:14:56 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/29 08:36:13 | 000,098,304 | -H-- | M] (Sporopo po po) -- C:\WINDOWS\System32\153BEA48180EC79D980E.exe
[2012/05/29 08:32:26 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2012/05/29 08:05:01 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/05/26 10:27:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Lexware
[2012/05/25 17:46:19 | 000,003,688 | ---- | M] () -- C:\NOrOrOrgrgNgNg
[2012/05/24 16:47:58 | 000,015,297 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/05/24 12:33:04 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/22 12:28:38 | 000,094,720 | ---- | M] () -- C:\yslelsDslsDsleDeDeDeD
[2012/05/19 07:59:15 | 003,092,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Gabriel\Eigene Dateien\Heizeinsaetze_Profi_Serie_Montage-Tipps_.pdf
[2012/05/17 13:07:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
[2012/05/16 03:18:12 | 000,002,495 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Zeppelin Air Programmer.lnk
[2012/05/13 09:44:11 | 004,801,404 | ---- | M] () -- C:\Schubert.pdf
[2012/05/13 09:44:06 | 001,230,539 | ---- | M] () -- C:\Kaufvertrag_Haus.pdf
[2012/05/11 15:50:50 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323
[2012/05/11 15:50:40 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322
[2012/05/11 15:50:32 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321
[2012/05/11 15:50:22 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320
[2012/05/11 14:32:19 | 000,598,706 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/05/11 14:32:19 | 000,544,630 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/11 14:32:19 | 000,097,606 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/11 14:32:18 | 000,127,970 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/05/11 14:28:47 | 000,140,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/11 13:27:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/11 13:16:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight
[2012/05/09 15:41:51 | 004,381,412 | ---- | M] () -- C:\Dokumente und Einstellungen\Gabriel\Eigene Dateien\16_EPDVBEUE_DEU.pdf
[2012/05/05 08:16:41 | 000,009,620 | ---- | M] () -- C:\JANA STAUDTE _ Rechtsanwältin & Mediatorin _ Hannover.pdf
[2012/05/04 10:12:28 | 000,001,379 | ---- | M] () -- C:\Dokumente und Einstellungen\Gabriel\Eigene Dateien\ChatLog 907 _ Organisatorische Online_Schulung des Lohnsteuerhilfeverein Fuldatal e_ V_ 2012_05_04 16_12.rtf
[2012/05/04 09:04:10 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/04 08:56:03 | 000,060,304 | ---- | M] () -- C:\Dokumente und Einstellungen\Gabriel\g2mdlhlpx.exe
[2012/05/04 08:50:50 | 000,089,357 | ---- | M] () -- C:\Dokumente und Einstellungen\Gabriel\Eigene Dateien\Skript Orga Beraterschulung am 04. und 05.05.12.pdf
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/05/29 09:38:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/29 08:47:27 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325
[2012/05/29 08:47:27 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/05/29 08:47:27 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/05/29 08:47:27 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/05/29 08:47:27 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/05/29 08:47:27 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2012/05/19 07:57:41 | 003,092,816 | ---- | C] () -- C:\Dokumente und Einstellungen\Gabriel\Eigene Dateien\Heizeinsaetze_Profi_Serie_Montage-Tipps_.pdf
[2012/05/13 09:44:10 | 004,801,404 | ---- | C] () -- C:\Schubert.pdf
[2012/05/13 09:44:06 | 001,230,539 | ---- | C] () -- C:\Kaufvertrag_Haus.pdf
[2012/05/09 15:41:49 | 004,381,412 | ---- | C] () -- C:\Dokumente und Einstellungen\Gabriel\Eigene Dateien\16_EPDVBEUE_DEU.pdf
[2012/05/05 08:16:41 | 000,009,620 | ---- | C] () -- C:\JANA STAUDTE _ Rechtsanwältin & Mediatorin _ Hannover.pdf
[2012/05/04 10:12:28 | 000,001,379 | ---- | C] () -- C:\Dokumente und Einstellungen\Gabriel\Eigene Dateien\ChatLog 907 _ Organisatorische Online_Schulung des Lohnsteuerhilfeverein Fuldatal e_ V_ 2012_05_04 16_12.rtf
[2012/05/04 08:55:24 | 000,060,304 | ---- | C] () -- C:\Dokumente und Einstellungen\Gabriel\g2mdlhlpx.exe
[2012/05/04 08:50:49 | 000,089,357 | ---- | C] () -- C:\Dokumente und Einstellungen\Gabriel\Eigene Dateien\Skript Orga Beraterschulung am 04. und 05.05.12.pdf
[2012/04/17 09:58:12 | 000,207,728 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2012/04/17 09:58:12 | 000,138,608 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvmc100.dll
[2012/04/17 09:58:10 | 000,074,608 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvm100.dll
[2012/04/17 09:58:08 | 000,309,616 | ---- | C] () -- C:\WINDOWS\System32\LxDNT100.dll
[2012/03/21 16:11:57 | 000,000,437 | ---- | C] () -- C:\WINDOWS\BHPrintHelper.INI
[2012/02/15 04:50:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/07 07:57:43 | 000,000,179 | ---- | C] () -- C:\Dokumente und Einstellungen\Gabriel\default.pls
[2011/05/13 04:03:16 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll
[2011/05/13 04:01:22 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll
[2011/05/13 04:01:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
[2011/01/30 14:00:23 | 000,000,055 | ---- | C] () -- C:\WINDOWS\System32\everest_cpl.ini
[2010/12/05 14:13:39 | 000,320,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Gabriel\SDL.dll
[2010/12/05 14:13:38 | 005,794,304 | ---- | C] () -- C:\Dokumente und Einstellungen\Gabriel\ffmpeg.exe
[2010/12/05 14:13:38 | 005,763,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Gabriel\ffplay.exe
[2010/09/22 06:30:01 | 000,000,107 | ---- | C] () -- C:\WINDOWS\Formular.INI
[2009/12/29 07:09:47 | 000,000,019 | ---- | C] () -- C:\WINDOWS\BHStdCompany.INI
[2009/12/29 04:36:18 | 000,024,804 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/01/23 06:36:46 | 000,000,019 | ---- | C] () -- C:\WINDOWS\LxContextHelpSrv20.INI
[2009/01/17 11:29:26 | 000,015,297 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/14 05:52:19 | 000,000,019 | ---- | C] () -- C:\WINDOWS\BHFirmAssi.INI
[2008/12/14 05:29:30 | 000,000,176 | ---- | C] () -- C:\WINDOWS\LFOInterChangeServer.INI
[2008/11/01 15:16:35 | 000,010,143 | ---- | C] () -- C:\Dokumente und Einstellungen\Gabriel\GabrielValentin_GaMaVa_elster_2048.pfx
[2008/10/03 14:10:27 | 000,000,231 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/06/19 18:00:56 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\HPEPCEnm.dll
[2008/05/26 16:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 16:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 16:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 15:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 15:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/09 01:03:26 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\BH_DATA110VC8.dll
[2008/05/06 06:28:50 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/04/17 05:33:50 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2008/03/13 08:07:27 | 000,001,142 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/01/19 17:15:50 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/01/16 08:50:44 | 000,000,062 | ---- | C] () -- C:\WINDOWS\FAStdCompany.INI
[2008/01/16 08:50:20 | 000,000,043 | ---- | C] () -- C:\WINDOWS\FAFirmAssi.INI
[2007/12/04 20:41:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/12/04 20:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/11/26 17:26:29 | 000,003,400 | ---- | C] () -- C:\WINDOWS\tm.ini
[2007/11/25 13:54:43 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2007/11/25 13:54:43 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2007/11/25 13:28:32 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007/11/24 14:07:50 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Gabriel\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007/11/24 13:58:33 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/11/24 13:14:52 | 000,000,011 | ---- | C] () -- C:\WINDOWS\nextsteps.ini
[2007/11/24 12:38:58 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/23 12:34:01 | 000,100,352 | ---- | C] () -- C:\Dokumente und Einstellungen\Gabriel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/23 12:20:58 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2007/11/23 12:20:10 | 000,012,818 | ---- | C] () -- C:\WINDOWS\hplj42504350.ini
[2007/11/23 12:19:48 | 000,005,400 | ---- | C] () -- C:\WINDOWS\mariner.ini
[2007/11/23 05:09:21 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/23 02:56:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2007/11/22 16:59:38 | 000,015,627 | ---- | C] () -- C:\WINDOWS\System32\WBROLLRS.DLL
[2007/11/22 16:59:37 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\W32MKDE.EXE
[2007/11/22 16:59:37 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[2007/11/22 16:59:36 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\LxImport50VC7.dll
[2007/11/22 16:59:36 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\LxImport40VC7.dll
[2007/11/22 16:59:36 | 000,192,592 | ---- | C] () -- C:\WINDOWS\System32\LxImport30.dll
[2007/11/22 16:59:36 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\LXDasi10VC7.dll
[2007/11/22 16:59:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PXTToolVC7.dll
[2007/11/22 16:51:27 | 000,000,250 | ---- | C] () -- C:\WINDOWS\LXfoIn54.INI
[2007/11/22 16:49:24 | 000,000,081 | ---- | C] () -- C:\WINDOWS\loge.dat
[2007/11/22 16:34:06 | 000,000,031 | ---- | C] () -- C:\WINDOWS\LxTrans.INI
[2007/11/22 16:29:56 | 000,300,032 | ---- | C] () -- C:\WINDOWS\System32\LE50as.dll
[2007/11/22 16:29:56 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\KSCB532.DLL
[2007/11/22 16:29:36 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\MMedia10VC7.dll
[2007/11/22 16:29:36 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\BH_DATA100VC7.dll
[2007/11/22 16:29:36 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\LxUtl10.dll
[2007/11/22 14:20:37 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Install2500USB.dll
[2007/11/22 14:20:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DEDriverDLL.dll
[2007/11/22 14:20:37 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\WRLSetup.exe
[2007/11/22 14:16:53 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2007/11/22 14:16:38 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/11/22 14:07:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/11/22 13:53:40 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\CmUCRRm.exe
[2007/11/22 13:53:40 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\CmUCREye.exe
[2007/11/22 13:53:40 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\CmUCRRm.Dll
[2007/11/22 13:53:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CmiUCRUninstall.exe
[2007/11/22 13:53:40 | 000,000,066 | ---- | C] () -- C:\WINDOWS\CMICARDREADER.INI
[2007/11/22 12:40:21 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/11/22 12:23:14 | 000,000,614 | ---- | C] () -- C:\WINDOWS\System32\ChkFiles.dat
[2007/11/22 11:18:59 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/11/22 10:49:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/11/22 10:45:00 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/11/22 10:38:36 | 000,004,359 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/11/22 10:37:45 | 000,140,440 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/07/06 09:52:08 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/07/06 09:52:08 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/07/06 09:52:08 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/07/06 09:52:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/07/06 09:52:05 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/07/06 09:52:05 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/07/06 09:52:03 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/11/13 11:03:58 | 000,409,600 | ---- | C] () -- C:\WINDOWS\System32\BH_DATA100VC8.dll
[2006/09/21 08:53:28 | 000,282,679 | ---- | C] () -- C:\WINDOWS\System32\dnt27.dll
[2006/09/21 08:52:24 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27.dll
[2006/09/21 08:52:14 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dntvm27.dll
[2005/11/09 07:13:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC7.dll
[2005/11/09 07:11:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC7.dll
[2005/11/09 07:11:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC7.dll
[2005/10/18 09:01:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2004/09/01 11:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(96).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(95).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(94).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(93).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(92).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(91).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(90).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(9).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(89).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(88).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(87).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(86).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(85).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(84).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(83).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(82).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(81).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(80).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(8).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(79).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(78).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(77).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(76).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(75).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(74).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(73).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(72).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(71).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(70).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(7).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(69).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(68).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(67).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(66).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(65).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(64).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(63).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(62).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(61).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(60).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(6).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(59).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(58).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(57).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(56).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(55).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(54).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(53).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(52).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(51).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(50).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(5).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(49).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(48).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(47).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(46).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(45).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(44).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(43).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(42).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(41).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(40).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(4).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(39).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(38).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(37).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(36).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(35).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(34).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(33).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(32).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(31).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(30).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(3).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(29).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(28).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(27).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(26).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(25).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(24).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(23).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(22).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(21).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(20).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(2).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(19).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(18).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(17).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(16).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(15).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(14).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(13).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(12).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(11).DLL
[2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR(10).DLL
[2002/08/29 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 08:00:00 | 000,598,706 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2002/08/29 08:00:00 | 000,544,630 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2002/08/29 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 08:00:00 | 000,127,970 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2002/08/29 08:00:00 | 000,097,606 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2002/08/29 08:00:00 | 000,030,464 | ---- | C] () -- C:\WINDOWS\System32\bxytz.exe
[2002/08/29 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/12/12 06:41:36 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\W32btstp.dll
[2001/12/12 06:41:36 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\W32btxlt.dll
[2001/10/10 03:57:58 | 000,073,786 | ---- | C] () -- C:\WINDOWS\System32\dntvmc23.dll
[2001/10/10 03:57:58 | 000,061,497 | ---- | C] () -- C:\WINDOWS\System32\dntvm23.dll
[2001/09/04 05:05:32 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/09/04 05:04:04 | 000,004,678 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/03/07 03:02:30 | 000,229,431 | ---- | C] () -- C:\WINDOWS\System32\dnt23.dll
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
 
========== LOP Check ==========
 
[2009/11/28 04:12:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SACore
[2009/11/21 13:04:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Viewpoint
[2007/11/22 14:17:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander
[2012/02/11 09:44:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\bowers-wilkins.dlm.8336D9976F9EA57B9953BCD80947775C45DF3256.1
[2007/11/22 13:38:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\Buhl Data Service
[2011/10/28 12:05:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\Buhl Data Service GmbH
[2012/05/25 03:27:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\Canon
[2007/11/22 13:39:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\DataDesign
[2012/02/23 15:05:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\DVDVideoSoft
[2012/02/23 14:06:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011/10/07 10:21:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\elsterformular
[2012/05/29 08:46:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\FRITZ!
[2009/11/07 16:06:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\FRITZ!fax für FRITZ!Box
[2007/12/18 06:43:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\Haufe
[2010/12/02 11:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\Haufe Mediengruppe
[2008/07/09 08:24:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\Hentrich-Software
[2010/02/02 06:20:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\LetsTrade
[2012/05/26 12:51:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\Lexware
[2009/11/22 08:59:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\Nokia
[2009/11/22 08:58:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\Nokia Ovi Suite
[2008/01/17 08:00:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\PC Suite
[2012/05/17 16:43:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\PriceGong
[2010/07/07 12:54:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\Puegta
[2012/05/29 08:37:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\Qhvytzpw
[2011/12/31 09:02:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\QuickScan
[2007/11/22 12:23:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\Steuersoft
[2012/03/24 08:42:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\TeamViewer
[2007/11/22 11:13:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\TuneUp Software
[2008/12/18 09:10:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\Uniblue
[2008/04/11 06:01:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\Viewpoint
[2008/08/18 06:36:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\Windows Desktop Search
[2008/08/19 04:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriel\Anwendungsdaten\Windows Search
[2009/03/17 12:45:32 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\SACore
[2007/12/31 10:21:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2010/06/27 08:32:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avery
[2012/05/29 09:25:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2007/11/22 13:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2012/05/29 09:25:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2008/02/04 03:30:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fun communications
[2009/04/24 10:30:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe
[2009/11/22 05:21:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2009/11/07 16:06:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch
[2012/05/29 09:25:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2007/11/23 02:54:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\muvee Technologies
[2009/11/22 08:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2010/03/19 09:05:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OviInstallerCache
[2008/01/17 07:56:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2007/11/22 12:15:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Steuersoft
[2007/11/22 11:12:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2007/11/22 12:41:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2012/02/11 11:48:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zeppelin Air Programmer
[2009/03/23 05:18:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/01/08 07:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
[2010/03/31 12:08:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 15:09:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/14 10:03:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/05/29 08:32:26 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2012/05/29 15:51:29 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2010/04/29 04:02:54 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\ࠐе
[2010/04/29 04:02:54 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\ࠐе
< End of report >
         
--- --- ---

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 5/31/2012 3:48:22 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 116.41 Gb Total Space | 29.90 Gb Free Space | 25.69% Space Free | Partition Type: NTFS
Drive D: | 66.90 Gb Total Space | 0.44 Gb Free Space | 0.65% Space Free | Partition Type: NTFS
Drive E: | 8.55 Gb Total Space | 2.57 Gb Free Space | 30.03% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet006
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung 
"80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend) 
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Programme\Gemeinsame Dateien\aol\1195753421\ee\aolsoftware.exe" = C:\Programme\Gemeinsame Dateien\aol\1195753421\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (America Online, Inc.)
"C:\Programme\Home Cinema\PowerCinema\PowerCinema.exe" = C:\Programme\Home Cinema\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema -- (CyberLink Corp.)
"C:\Programme\Home Cinema\PowerCinema\PCMService.exe" = C:\Programme\Home Cinema\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX-Diagnoseprogramm -- (Microsoft Corporation)
"F:\fsetup.exe" = F:\fsetup.exe:*:Enabled:AVM FSetup Application
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- (AVM Berlin)
"C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Programme\FRITZ!\igd_finder.exe" = C:\Programme\FRITZ!\igd_finder.exe:LocalSubNet:Enabled:AVM FRITZ!fax for FRITZ!Box - igd_finder.exe -- ()
"C:\Programme\FRITZ!\FriFax32.exe" = C:\Programme\FRITZ!\FriFax32.exe:*:Enabled:FRITZ!fax -- (AVM Berlin)
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process  -- (Nokia Corporation)
"C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 -- (Nokia)
"C:\Programme\Steuersoft\EstPlusNX\DatabaseTool.exe" = C:\Programme\Steuersoft\EstPlusNX\DatabaseTool.exe:*:Enabled:Databasetool -- (Steuersoft GmbH)
"C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe" = C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\Steuersoft\EstPlusNX\EPUpdate.exe" = C:\Programme\Steuersoft\EstPlusNX\EPUpdate.exe:*:Enabled:Epupdate -- (Steuersoft GmbH)
"C:\Programme\Steuersoft\EstPlusNX\EPStart.exe" = C:\Programme\Steuersoft\EstPlusNX\EPStart.exe:*:Enabled:Epstart -- (Steuersoft GmbH)
"C:\Programme\Steuersoft\EstPlusNX\EStPlus.exe" = C:\Programme\Steuersoft\EstPlusNX\EStPlus.exe:*:Enabled:Estplus -- (Steuersoft GmbH)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{01BDFB08-EE88-4E5E-94A6-AE9EDCFA40C5}" = Microsoft IntelliPoint 4.0
"{02F8147C-43A3-4FBC-9C39-7264BB0FE52C}" = Lexware anlagenverwaltung 2011
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A7353C1-0C5C-45E8-BCE0-1559916CC7E8}" = Lexware financial office 2007
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{102C0111-5FEA-425C-88AC-B0BB6E60EC33}" = Lexware financial office 2008
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{20ACA1B0-8043-11D4-AEB1-00C04F590412}" = MapSource
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{235211CA-D0E3-4EC8-95D4-C024CE37537C}" = WISO Mein Geld 2012 Professional
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{261D0486-9127-4071-BA1D-FE784310752E}" = videon
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216010F0}" = Java(TM) 6 Update 10
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2C9A62F0-D1B3-4E2C-A7D9-24F38FF2A379}" = GEAR driver installer for x86 and x64
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{375A1916-8B44-402A-88DE-084F2930CDD6}" = Acronis*True*Image*Server
"{3AE2891D-969E-4BB6-9348-B120BD250DA6}" = Lexware financial office Juli 2008
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{488F82BC-0432-4538-9DF1-0997D2428102}" = Lexware anlagenverwaltung 2006
"{496BE58C-60E9-4203-AC5E-F076222A242B}" = Lexware financial office 2007
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CFB3821-1582-4F3B-BF8D-30986923B36B}" = Nokia Multimedia Factory
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}" = RT2500 USB Wireless LAN Card
"{555022FC-04EE-4B2F-A07C-4F92330F35D2}" = Lexware Elster
"{57851A94-F57F-4CE2-8FF7-A790A08B7D13}" = Lexware anlagenverwaltung 2006
"{5DB88ED8-3487-4BDE-A8C5-7F4D016BE737}" = Lexware financial office Aktualisierung Februar 2008, Version 12.20
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{61AF34EF-B0A4-4664-975B-81904824EB1C}" = WISO Mein Geld 2011 Professional
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{64D5E9DE-7890-4FB0-8865-8B24BE1773F7}" = LightScribe  1.4.42.1
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142130}" = Java 2 Runtime Environment, SE v1.4.2_13
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80364245-BC33-41EF-9FEF-3A64C2F1682C}" = Haufe Steuer Office
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C207B26-0D5F-40F5-B1B0-6A7292E1F8ED}" = MapSource - European City Navigator v4.00
"{8D67D425-A6C2-4405-8B8A-163C299360E5}" = Zeppelin Air Programmer
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB2F7E36-3D87-457D-8162-26583CF49AC1}" = hp LaserJet Toolbox
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BF73B032-8D89-49D0-80F8-6C73DC1B0C20}" = Lexware financial office 2007
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{C8E7F63E-2854-4E60-AD28-2B4A25AF814B}" = Lexware financial office Aktualisierung Januar 2008, Version 12.10
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7F2CA3-ADA3-4907-9013-8B61C370B6E4}" = Haufe Formular-Manager
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5842AC3-59C7-4DDD-BB33-54FE544DB3DA}" = Komponenten der Betriebssystemkommunikation
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D6BCB0B1-9AC8-407B-B679-F925A01F2B2C}" = Bonjour-Druckdienste
"{D717B492-4D2A-4EFC-9E34-F54248205A86}" = Lexware financial office Aktualisierung AfA-Rechner August 2008
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{E063B3E2-6641-4375-9F09-ADA9E589EB90}" = hp LaserJet 4250/4350/4240
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F43C08E9-1084-4796-9728-D1C0D33ED2C0}" = Lexware anlagenverwaltung 2006
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F99898C4-4620-404A-915B-01292FA1A657}" = Lexware financial office 2007
"{FA6F3900-79FF-11E1-97DC-005056B12123}" = Haufe iDesk-Service
"{FB369C20-81C1-4D86-B82F-C9B0815D1B9E}" = Lexware financial office 2012
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF748561-FFFE-11D3-A06B-00E02939A7B1}" = dakota.ag
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem  (10/05/2009 4.2)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.4)
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"ClearProg" = ClearProg 1.6.0 Final
"C-Media USB2.0 Card Reader" = C-Media USB2.0 Card Reader
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ElsterFormular 12.4.1.7699k" = ElsterFormular
"ElsterFormular 13.0.0.8086u" = ElsterFormular
"ElsterFormular für Unternehmer 12.0.0.5880u" = ElsterFormular für Unternehmer
"EstPlusNX" = Steuersoft EStPlus NX
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Audio Converter_is1" = Free Audio Converter version 5.0.6.221
"Free Studio_is1" = Free Studio version 5.3.3
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.10.17.221
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"hp LaserJet 4250 4350 4240" = hp LaserJet 4250/4350/4240
"LetsTrade" = LetsTrade Komponenten
"LSI Soft Modem" = LSI PCI-SV92PP Soft Modem
"McAfee Security Scan" = McAfee Security Scan Plus
"MedionVFD" = Medion Info Display
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee AntiVirus Plus
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"RealPlayer 6.0" = RealPlayer
"StreetPlugin" = Learn2 Player (Uninstall Only)
"sv.net" = sv.net
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WISO Mein Geld 2012 Professional" = WISO Mein Geld 2012 Professional
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"X10Hardware" = X10 Hardware(TM)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Search Defender" = Yahoo! Suche Schutzvorkehrung
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Gabriel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.874
 
< End of report >
         
--- --- ---
__________________

Antwort

Themen zu Verschlüsselungstrojaner vom 29.05.2012
256 bit, abgesicherte, abgesicherten, abgesicherten modus, befallen, booten, modus, rechner, system, verschlüsselungs, verschlüsselungstrojaner, vorgehen, win, win xp, win xp prof



Ähnliche Themen: Verschlüsselungstrojaner vom 29.05.2012


  1. Kaspersky findet 2 trojanische Programme (Windows 7): HEUR:Exploit.Java.CVE-2012-1723.gen und Exploit.Java.CVE-2012-1723.nh
    Plagegeister aller Art und deren Bekämpfung - 18.09.2013 (14)
  2. Exp/cve-2012-1723.a1
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (13)
  3. Exp/cve-2012-1723.pb
    Plagegeister aller Art und deren Bekämpfung - 11.07.2013 (9)
  4. Exp/cve-2012-1723.a1
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (28)
  5. GVU Trojaner 12/2012
    Plagegeister aller Art und deren Bekämpfung - 24.12.2012 (3)
  6. EXP/2012-1723.FY.1, EXP/2012-1723.FX.1 gefunden, was tun?
    Plagegeister aller Art und deren Bekämpfung - 20.12.2012 (3)
  7. HEUR:Exploit.Java.CVE-2012-4681.gen" sowie mehrfach Exploit.Java.CVE-2012-0507.ou mit kaspersky gefunden in C:Dokumente und Einstellungen ge
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (11)
  8. Win32/Trustezeb.C - Verschlüsselungstrojaner 2.0 - seit Mai 2012 - windows 7
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (1)
  9. Trojaner TR/Agent.464.4 , EXP/2012-0507.CX, EXP/2012-0507.DV, JS/Expack-ZG
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (9)
  10. Verschlüsselungstrojaner 06.08.2012
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (1)
  11. Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.**
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (21)
  12. Verschlüsselungstrojaner 11. Juni 2012
    Plagegeister aller Art und deren Bekämpfung - 15.06.2012 (1)
  13. Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.**
    Mülltonne - 11.06.2012 (0)
  14. Verschlüsselungstrojaner (23.05.2012) TROJAN.AGENTR.RNSGEN ... Dateien nicht entschlüsselbar ...
    Log-Analyse und Auswertung - 06.06.2012 (5)
  15. Verschlüsselungstrojaner vom 9.5.2012: Was wird für zukünftige entschlüsselung gebraucht?
    Plagegeister aller Art und deren Bekämpfung - 01.06.2012 (8)
  16. Verschlüsselungstrojaner 25.05.2012
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (1)
  17. Win 7 Antispyware 2012, Vista Antivirus 2012, XP Security 2012 entfernen
    Anleitungen, FAQs & Links - 07.06.2011 (2)

Zum Thema Verschlüsselungstrojaner vom 29.05.2012 - Mein Rechner wurde am 29.05. befallen von dem Mahnbescheid-Trojaner. Die 100-Euro-Variante mit der 256 Bit AES-Verschlüsselung. - habe Win XP Prof Serv Pack 3 - kann nicht Booten im abgesicherten - Verschlüsselungstrojaner vom 29.05.2012...
Archiv
Du betrachtest: Verschlüsselungstrojaner vom 29.05.2012 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.