Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows XP - Befall von BKA / Fedpol Virus - Hilfe bei der Auswertung OTLpe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 15.02.2014, 07:35   #1
Maleware200
 
Windows XP - Befall von BKA / Fedpol Virus - Hilfe bei der Auswertung OTLpe - Standard

Windows XP - Befall von BKA / Fedpol Virus - Hilfe bei der Auswertung OTLpe



Hallo zusammen

Leider wurde mein Windows XP Pc von dem im Titel genannten Virus befallen.

Der Neustart im abgesicherten Modus funktioniert nicht. Ich habe danach eine OTPle CD erstellt und eine Analyse erstellt.

Da sich auf dem Computer 2 Benutzer befinden, habe ich von beiden eine Analyse erstellt.

Besten Dank für eure Hilfe.

Freundliche Grüsse

Felix




Code Administrator:

Code:
ATTFilter
OTL logfile created on: 2/15/2014 8:26:53 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
509.00 Mb Total Physical Memory | 293.00 Mb Available Physical Memory | 57.00% Memory free
461.00 Mb Paging File | 315.00 Mb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 15.61 Gb Total Space | 2.87 Gb Free Space | 18.36% Space Free | Partition Type: NTFS
Drive D: | 21.65 Gb Total Space | 21.15 Gb Free Space | 97.68% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled] --  -- (HidServ)
SRV - File not found [On_Demand] --  -- (AppMgmt)
SRV - [2014/02/10 15:20:12 | 000,156,672 | ---- | M] () [Auto] -- C:\DOKUME~1\ALLUSE~1\ANWEND~1\lo4az8r.cpp -- (winmgmt)
SRV - [2014/02/04 17:57:54 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2009/05/14 11:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto] -- C:\Programme\Gemeinsame Dateien\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/09/11 09:13:56 | 000,020,480 | ---- | M] (Ralink Technology, Corp.) [Auto] -- C:\Programme\Motorola\802.11n Dualband USB Wireless Adapter\USB Wireless LAN\AutoInstSvc\MotoWLanSrv.exe -- (RaAutoInstSrv_RT2878)
SRV - [2003/06/02 20:45:58 | 000,045,056 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2009/04/28 11:02:02 | 000,719,616 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2003/06/02 20:46:10 | 000,624,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/06/02 20:46:00 | 000,092,904 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/06/02 20:45:58 | 001,807,568 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2003/06/02 20:45:58 | 000,418,752 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2003/06/02 20:45:58 | 000,195,048 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2003/06/02 20:45:58 | 000,161,976 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2003/06/02 20:45:58 | 000,084,720 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2003/06/02 20:45:58 | 000,039,348 | ---- | M] (Vireo Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2003/06/02 20:45:56 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation       ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003/06/02 20:45:40 | 000,730,092 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/03/13 09:39:12 | 000,093,305 | ---- | M] (VM) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2003/02/12 06:28:00 | 000,008,576 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wncpkt.sys -- (WNCPKT)
DRV - [2002/10/01 04:49:00 | 000,606,720 | ---- | M] ( Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EU3USB.sys -- (EU3_USB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\J._Meyerventer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\J._Meyerventer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\J._Meyerventer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
 
 
O1 HOSTS File: ([2002/08/29 07:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ShprRprts) - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} -  File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Hotbar) - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} -  File not found
O3 - HKU\J._Meyerventer_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\J._Meyerventer_ON_C\..\Toolbar\ShellBrowser: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No CLSID value found.
O3 - HKU\J._Meyerventer_ON_C\..\Toolbar\ShellBrowser: (Hotbar) - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} -  File not found
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [ALUAlert]  File not found
O4 - HKU\J._Meyerventer_ON_C..\Run: [data]  File not found
O4 - HKU\J._Meyerventer_ON_C..\Run: [EPSON SX218 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\J._Meyerventer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: SmartShopper - Compare product prices - {679B2A8D-B2FF-41ed-B3ED-C5CFB8564CB0} - Reg Error: Key error. File not found
O9 - Extra Button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} -  File not found
O9 - Extra Button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} -  File not found
O9 - Extra Button: SmartShopper - Compare travel rates - {9E4DF170-217F-4658-A11F-590664542B73} - Reg Error: Key error. File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} file://E:\content\include\XPPatchInstaller.CAB (PatchInstaller.Installer)
O16 - DPF: {660556AE-B17A-4FC5-9F01-75142673EF29} hxxp://dialup.tele-call.de/UniversalDialerWebControl.ocx (UniversalDialerWebControl)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} file://E:\Content\include\msSecUcd.cab (MSSecurityAdvisorCD Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/09/10 08:05:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/07 15:05:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2003/06/02 20:45:58 | 001,807,568 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2003/06/02 20:45:58 | 000,418,752 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2003/06/02 20:45:58 | 000,195,048 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2003/06/02 20:45:58 | 000,161,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2003/06/02 20:45:58 | 000,084,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2003/06/02 20:45:58 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\slserv.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/15 08:08:05 | 003,407,872 | -H-- | M] () -- C:\Dokumente und Einstellungen\J. Meyerventer\NTUSER.DAT
[2014/02/15 01:31:32 | 000,262,144 | -H-- | M] () -- C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT
[2014/02/15 01:31:32 | 000,262,144 | -H-- | M] () -- C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT
[2014/02/15 01:31:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/15 01:31:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2014/02/15 01:31:07 | 000,001,106 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/15 01:28:15 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\J. Meyerventer\ntuser.ini
[2014/02/15 01:27:38 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/15 01:27:36 | 095,027,928 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\r8za4ol.fee
[2014/02/14 13:56:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/14 13:55:27 | 000,012,648 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/10 15:20:20 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\J. Meyerventer\Startmenü\Programme\Autostart\r8za4ol.lnk
[2014/02/10 15:20:12 | 000,156,672 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lo4az8r.cpp
[2014/02/04 17:57:37 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/02/04 17:57:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/01/30 07:28:54 | 000,005,632 | ---- | M] () -- C:\einladung zum Geburtstag.wps
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/02/10 15:20:20 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\J. Meyerventer\Startmenü\Programme\Autostart\r8za4ol.lnk
[2014/02/10 15:20:14 | 095,027,928 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\r8za4ol.fee
[2014/02/10 15:20:12 | 000,156,672 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lo4az8r.cpp
[2014/01/30 07:28:54 | 000,005,632 | ---- | C] () -- C:\einladung zum Geburtstag.wps
[2014/01/08 07:38:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2013/01/17 14:25:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/17 05:20:56 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/01/06 12:17:14 | 000,176,210 | ---- | C] () -- C:\WINDOWS\System32\TCDPCDLR.dll
[2010/01/06 12:17:14 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tcdmodem.dll
[2010/01/06 12:17:13 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\modemdirect.dll
[2010/01/06 12:17:06 | 000,000,450 | ---- | C] () -- C:\WINDOWS\telcd.ini
[2008/07/18 10:22:38 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\J. Meyerventer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/03 02:40:27 | 003,184,656 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2007/04/03 02:40:25 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini
[2007/04/03 02:40:24 | 000,786,432 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT
[2006/06/29 07:58:52 | 000,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 07:53:56 | 000,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 08:39:28 | 000,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 08:39:28 | 000,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2004/09/14 08:33:04 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\J. Meyerventer\Anwendungsdaten\dm.ini
[2004/08/09 03:40:53 | 000,000,387 | ---- | C] () -- C:\WINDOWS\dcd.ini
[2004/08/02 07:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/05/17 17:43:15 | 000,034,032 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2004/05/17 17:43:09 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2004/05/17 17:43:07 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2004/05/17 17:43:06 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2004/05/17 17:43:04 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2004/04/24 02:59:01 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2003/12/19 12:23:29 | 000,038,720 | ---- | C] () -- C:\Dokumente und Einstellungen\J. Meyerventer\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2003/12/13 17:25:55 | 000,098,304 | ---- | C] () -- C:\WINDOWS\erotik2003.exe
[2003/11/04 15:51:53 | 000,000,542 | ---- | C] () -- C:\WINDOWS\HAFASWIN.INI
[2003/11/03 08:43:48 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2003/10/29 09:32:04 | 000,054,976 | ---- | C] () -- C:\WINDOWS\wizards.ini
[2003/10/20 08:16:08 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/17 04:52:10 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2003/10/17 01:50:56 | 000,192,512 | ---- | C] () -- C:\WINDOWS\RmDevice.exe
[2003/10/16 09:53:53 | 006,949,676 | -H-- | C] () -- C:\Dokumente und Einstellungen\J. Meyerventer\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2003/10/16 09:53:52 | 003,407,872 | -H-- | C] () -- C:\Dokumente und Einstellungen\J. Meyerventer\NTUSER.DAT
[2003/10/16 09:53:52 | 000,000,300 | -HS- | C] () -- C:\Dokumente und Einstellungen\J. Meyerventer\ntuser.ini
[2003/09/11 03:35:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/09/11 02:39:20 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/09/11 02:39:19 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2003/09/11 02:39:19 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2003/09/11 02:39:19 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2003/09/10 10:45:48 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/09/10 09:27:10 | 000,000,014 | ---- | C] () -- C:\WINDOWS\EnDisEU3.INI
[2003/09/10 08:41:23 | 000,000,912 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/09/10 08:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\amcap.exe
[2003/09/10 08:19:46 | 000,294,912 | R--- | C] () -- C:\WINDOWS\Record.exe
[2003/09/10 08:19:46 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2003/09/10 08:19:29 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2003/09/10 08:19:29 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2003/09/10 08:19:29 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SmCfg.exe
[2003/09/10 08:17:58 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2003/09/10 08:12:51 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/09/10 08:10:00 | 000,000,020 | -HS- | C] () -- C:\Dokumente und Einstellungen\LocalService\ntuser.ini
[2003/09/10 08:09:59 | 000,262,144 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT
[2003/09/10 08:09:59 | 000,000,020 | -HS- | C] () -- C:\Dokumente und Einstellungen\NetworkService\ntuser.ini
[2003/09/10 08:09:58 | 000,262,144 | -H-- | C] () -- C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT
[2003/09/10 08:07:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/09/10 08:05:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2003/09/10 08:03:32 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2003/09/10 08:03:24 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2003/09/10 08:01:50 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/09/10 08:01:33 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2003/09/10 08:01:33 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2003/09/10 08:00:16 | 000,027,055 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2003/09/10 08:00:14 | 000,003,999 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2003/09/10 07:53:50 | 001,060,790 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2003/09/10 07:53:48 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/09/10 07:52:32 | 000,164,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/06/02 20:46:10 | 000,249,941 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/06/02 20:46:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/06/02 20:45:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2003/06/02 20:45:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2003/06/02 20:45:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2003/06/02 20:45:58 | 000,024,576 | ---- | C] () -- C:\WINDOWS\slrundll.exe
[2002/09/25 09:16:31 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/25 09:16:31 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 07:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 07:00:00 | 000,455,300 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2002/08/29 07:00:00 | 000,439,026 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 07:00:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2002/08/29 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2002/08/29 07:00:00 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 07:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2002/08/29 07:00:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2002/08/29 07:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2002/08/29 07:00:00 | 000,083,398 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2002/08/29 07:00:00 | 000,071,022 | ---- | C] () -- C:\WINDOWS\System32\edit.com
[2002/08/29 07:00:00 | 000,070,550 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 07:00:00 | 000,054,128 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe
[2002/08/29 07:00:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2002/08/29 07:00:00 | 000,052,777 | ---- | C] () -- C:\WINDOWS\System32\command.com
[2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 07:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2002/08/29 07:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2002/08/29 07:00:00 | 000,039,546 | ---- | C] () -- C:\WINDOWS\System32\mem.exe
[2002/08/29 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2002/08/29 07:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2002/08/29 07:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2002/08/29 07:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2002/08/29 07:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 07:00:00 | 000,027,914 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2002/08/29 07:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2002/08/29 07:00:00 | 000,021,210 | ---- | C] () -- C:\WINDOWS\System32\debug.exe
[2002/08/29 07:00:00 | 000,019,726 | ---- | C] () -- C:\WINDOWS\System32\graphics.com
[2002/08/29 07:00:00 | 000,017,241 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2002/08/29 07:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2002/08/29 07:00:00 | 000,014,816 | ---- | C] () -- C:\WINDOWS\System32\kb16.com
[2002/08/29 07:00:00 | 000,014,060 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2002/08/29 07:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2002/08/29 07:00:00 | 000,013,026 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe
[2002/08/29 07:00:00 | 000,012,610 | ---- | C] () -- C:\WINDOWS\System32\append.exe
[2002/08/29 07:00:00 | 000,011,903 | ---- | C] () -- C:\WINDOWS\System32\setver.exe
[2002/08/29 07:00:00 | 000,009,032 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2002/08/29 07:00:00 | 000,008,584 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe
[2002/08/29 07:00:00 | 000,007,084 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe
[2002/08/29 07:00:00 | 000,006,287 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2002/08/29 07:00:00 | 000,004,992 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2002/08/29 07:00:00 | 000,004,438 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2002/08/29 07:00:00 | 000,004,233 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2002/08/29 07:00:00 | 000,003,358 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2002/08/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 07:00:00 | 000,001,783 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2002/08/29 07:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2002/08/29 07:00:00 | 000,001,273 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com
[2002/08/29 07:00:00 | 000,000,900 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/08/29 07:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe
[2002/08/29 07:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe
[2002/08/29 07:00:00 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe
[2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/08/29 07:00:00 | 000,000,369 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2002/08/29 07:00:00 | 000,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/08/17 23:54:50 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe
[2001/08/17 23:54:08 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
 
========== LOP Check ==========
 
[2010/03/15 11:14:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\J. Meyerventer\Anwendungsdaten\CoSoSys
[2010/02/22 15:02:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\J. Meyerventer\Anwendungsdaten\DirectoriesAG
[2014/01/08 07:26:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\J. Meyerventer\Anwendungsdaten\Epson
[2003/11/23 14:15:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\J. Meyerventer\Anwendungsdaten\HaCon
[2006/01/31 12:47:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\J. Meyerventer\Anwendungsdaten\v3.0
[2014/01/08 07:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2007/04/02 12:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fssg
[2010/01/06 12:21:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HaCon
[2012/04/17 02:42:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at
[2014/01/08 07:19:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2012/04/17 02:27:35 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3257C41-1D3A-407B-A943-682D251F5FD2}
 
========== Purity Check ==========
 
 
< End of report >
         
Extras Administrator

Code:
ATTFilter
OTL Extras logfile created on: 2/15/2014 8:26:53 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
509.00 Mb Total Physical Memory | 293.00 Mb Available Physical Memory | 57.00% Memory free
461.00 Mb Paging File | 315.00 Mb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 15.61 Gb Total Space | 2.87 Gb Free Space | 18.36% Space Free | Partition Type: NTFS
Drive D: | 21.65 Gb Total Space | 21.15 Gb Free Space | 97.68% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2C2E3DF0-5E32-48DA-AE35-2CC79E934AFA}" = SilentInstall
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}" = Camtel USB PC Camera
"{44591AF0-E852-426B-A291-4D6F0A071A3E}" = telinfo 5/10
"{49CC9E1E-114E-4957-BE54-3099D7E3BF96}" = Directories CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A1418F-9909-4DEA-9EC9-84058B487826}" = IEEE 802.11b WLAN Utility
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = RTLSetup for Realtek RTL8139/810x Family NIC 3.50 (OEM A)
"{9C18E568-8E10-491E-896E-EEFB3FF1A39A}" = TwixTel
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0BD89C0-D39D-11D5-BBEC-00D0B740900A}" = Multimedia / Internet Keyboard Driver VerR8.15
"{A2DCA403-664B-43F5-94E3-DB77416F2102}_is1" = Motorola 802.11n Dualband USB Wireless Adapter Setup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-7AD7-1031-7B44-A00000000001}" = Adobe Reader 6.0.1 - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)
"ATI Display Driver" = ATI Display Driver
"CANONBJ_Deinstall_CNMCP58.DLL" = Canon i560
"EPSON Scanner" = EPSON Scan
"EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall
"EPSON SX218 Series Manual" = EPSON SX218 Series Handbuch
"GoBluewin" = GoBluewin
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Picture It!" = Microsoft Picture It! 99
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Q903235" = Internet Explorer Q903235
"SilentInstall" = SilentInstall
"SLAMRNTV" = 56K MDC Modem
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"Works" = Microsoft Works 4.5
"Works Calendar" = Microsoft Works Kalender 1.0
"Works99Setup" = Microsoft Works Setup Launcher
 
< End of report >
         
OTL-Benutzer
Code:
ATTFilter
OTL logfile created on: 2/15/2014 8:29:35 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
509.00 Mb Total Physical Memory | 293.00 Mb Available Physical Memory | 58.00% Memory free
461.00 Mb Paging File | 317.00 Mb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 15.61 Gb Total Space | 2.87 Gb Free Space | 18.36% Space Free | Partition Type: NTFS
Drive D: | 21.65 Gb Total Space | 21.15 Gb Free Space | 97.68% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled] --  -- (HidServ)
SRV - File not found [On_Demand] --  -- (AppMgmt)
SRV - [2014/02/10 15:20:12 | 000,156,672 | ---- | M] () [Auto] -- C:\DOKUME~1\ALLUSE~1\ANWEND~1\lo4az8r.cpp -- (winmgmt)
SRV - [2014/02/04 17:57:54 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2009/05/14 11:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto] -- C:\Programme\Gemeinsame Dateien\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/09/11 09:13:56 | 000,020,480 | ---- | M] (Ralink Technology, Corp.) [Auto] -- C:\Programme\Motorola\802.11n Dualband USB Wireless Adapter\USB Wireless LAN\AutoInstSvc\MotoWLanSrv.exe -- (RaAutoInstSrv_RT2878)
SRV - [2003/06/02 20:45:58 | 000,045,056 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2009/04/28 11:02:02 | 000,719,616 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2003/06/02 20:46:10 | 000,624,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/06/02 20:46:00 | 000,092,904 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/06/02 20:45:58 | 001,807,568 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2003/06/02 20:45:58 | 000,418,752 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2003/06/02 20:45:58 | 000,195,048 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2003/06/02 20:45:58 | 000,161,976 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2003/06/02 20:45:58 | 000,084,720 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2003/06/02 20:45:58 | 000,039,348 | ---- | M] (Vireo Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2003/06/02 20:45:56 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation       ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003/06/02 20:45:40 | 000,730,092 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/03/13 09:39:12 | 000,093,305 | ---- | M] (VM) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2003/02/12 06:28:00 | 000,008,576 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wncpkt.sys -- (WNCPKT)
DRV - [2002/10/01 04:49:00 | 000,606,720 | ---- | M] ( Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EU3USB.sys -- (EU3_USB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\J._Meyerventer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\J._Meyerventer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\J._Meyerventer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
 
 
O1 HOSTS File: ([2002/08/29 07:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ShprRprts) - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} -  File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Hotbar) - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} -  File not found
O3 - HKU\J._Meyerventer_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\J._Meyerventer_ON_C\..\Toolbar\ShellBrowser: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No CLSID value found.
O3 - HKU\J._Meyerventer_ON_C\..\Toolbar\ShellBrowser: (Hotbar) - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} -  File not found
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [ALUAlert]  File not found
O4 - HKU\J._Meyerventer_ON_C..\Run: [data]  File not found
O4 - HKU\J._Meyerventer_ON_C..\Run: [EPSON SX218 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\J._Meyerventer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: SmartShopper - Compare product prices - {679B2A8D-B2FF-41ed-B3ED-C5CFB8564CB0} - Reg Error: Key error. File not found
O9 - Extra Button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} -  File not found
O9 - Extra Button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} -  File not found
O9 - Extra Button: SmartShopper - Compare travel rates - {9E4DF170-217F-4658-A11F-590664542B73} - Reg Error: Key error. File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} file://E:\content\include\XPPatchInstaller.CAB (PatchInstaller.Installer)
O16 - DPF: {660556AE-B17A-4FC5-9F01-75142673EF29} hxxp://dialup.tele-call.de/UniversalDialerWebControl.ocx (UniversalDialerWebControl)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} file://E:\Content\include\msSecUcd.cab (MSSecurityAdvisorCD Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/09/10 08:05:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/07 15:05:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2003/06/02 20:45:58 | 001,807,568 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2003/06/02 20:45:58 | 000,418,752 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2003/06/02 20:45:58 | 000,195,048 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2003/06/02 20:45:58 | 000,161,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2003/06/02 20:45:58 | 000,084,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2003/06/02 20:45:58 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\slserv.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/15 08:08:05 | 003,407,872 | -H-- | M] () -- C:\Dokumente und Einstellungen\J. Meyerventer\NTUSER.DAT
[2014/02/15 01:31:32 | 000,262,144 | -H-- | M] () -- C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT
[2014/02/15 01:31:32 | 000,262,144 | -H-- | M] () -- C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT
[2014/02/15 01:31:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/15 01:31:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2014/02/15 01:31:07 | 000,001,106 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/15 01:28:15 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\J. Meyerventer\ntuser.ini
[2014/02/15 01:27:38 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/15 01:27:36 | 095,027,928 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\r8za4ol.fee
[2014/02/14 13:56:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/14 13:55:27 | 000,012,648 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/10 15:20:20 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\J. Meyerventer\Startmenü\Programme\Autostart\r8za4ol.lnk
[2014/02/10 15:20:12 | 000,156,672 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lo4az8r.cpp
[2014/02/04 17:57:37 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/02/04 17:57:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/01/30 07:28:54 | 000,005,632 | ---- | M] () -- C:\einladung zum Geburtstag.wps
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/02/10 15:20:20 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\J. Meyerventer\Startmenü\Programme\Autostart\r8za4ol.lnk
[2014/02/10 15:20:14 | 095,027,928 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\r8za4ol.fee
[2014/02/10 15:20:12 | 000,156,672 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lo4az8r.cpp
[2014/01/30 07:28:54 | 000,005,632 | ---- | C] () -- C:\einladung zum Geburtstag.wps
[2014/01/08 07:38:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2013/01/17 14:25:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/17 05:20:56 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/01/06 12:17:14 | 000,176,210 | ---- | C] () -- C:\WINDOWS\System32\TCDPCDLR.dll
[2010/01/06 12:17:14 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tcdmodem.dll
[2010/01/06 12:17:13 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\modemdirect.dll
[2010/01/06 12:17:06 | 000,000,450 | ---- | C] () -- C:\WINDOWS\telcd.ini
[2008/07/18 10:22:38 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\J. Meyerventer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/03 02:40:27 | 003,184,656 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2007/04/03 02:40:25 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini
[2007/04/03 02:40:24 | 000,786,432 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT
[2006/06/29 07:58:52 | 000,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 07:53:56 | 000,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 08:39:28 | 000,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 08:39:28 | 000,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2004/09/14 08:33:04 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\J. Meyerventer\Anwendungsdaten\dm.ini
[2004/08/09 03:40:53 | 000,000,387 | ---- | C] () -- C:\WINDOWS\dcd.ini
[2004/08/02 07:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/05/17 17:43:15 | 000,034,032 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2004/05/17 17:43:09 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2004/05/17 17:43:07 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2004/05/17 17:43:06 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2004/05/17 17:43:04 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2004/04/24 02:59:01 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2003/12/19 12:23:29 | 000,038,720 | ---- | C] () -- C:\Dokumente und Einstellungen\J. Meyerventer\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2003/12/13 17:25:55 | 000,098,304 | ---- | C] () -- C:\WINDOWS\erotik2003.exe
[2003/11/04 15:51:53 | 000,000,542 | ---- | C] () -- C:\WINDOWS\HAFASWIN.INI
[2003/11/03 08:43:48 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2003/10/29 09:32:04 | 000,054,976 | ---- | C] () -- C:\WINDOWS\wizards.ini
[2003/10/20 08:16:08 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/17 04:52:10 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2003/10/17 01:50:56 | 000,192,512 | ---- | C] () -- C:\WINDOWS\RmDevice.exe
[2003/10/16 09:53:53 | 006,949,676 | -H-- | C] () -- C:\Dokumente und Einstellungen\J. Meyerventer\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2003/10/16 09:53:52 | 003,407,872 | -H-- | C] () -- C:\Dokumente und Einstellungen\J. Meyerventer\NTUSER.DAT
[2003/10/16 09:53:52 | 000,000,300 | -HS- | C] () -- C:\Dokumente und Einstellungen\J. Meyerventer\ntuser.ini
[2003/09/11 03:35:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/09/11 02:39:20 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/09/11 02:39:19 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2003/09/11 02:39:19 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2003/09/11 02:39:19 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2003/09/10 10:45:48 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/09/10 09:27:10 | 000,000,014 | ---- | C] () -- C:\WINDOWS\EnDisEU3.INI
[2003/09/10 08:41:23 | 000,000,912 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/09/10 08:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\amcap.exe
[2003/09/10 08:19:46 | 000,294,912 | R--- | C] () -- C:\WINDOWS\Record.exe
[2003/09/10 08:19:46 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2003/09/10 08:19:29 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2003/09/10 08:19:29 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2003/09/10 08:19:29 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SmCfg.exe
[2003/09/10 08:17:58 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2003/09/10 08:12:51 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/09/10 08:10:00 | 000,000,020 | -HS- | C] () -- C:\Dokumente und Einstellungen\LocalService\ntuser.ini
[2003/09/10 08:09:59 | 000,262,144 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT
[2003/09/10 08:09:59 | 000,000,020 | -HS- | C] () -- C:\Dokumente und Einstellungen\NetworkService\ntuser.ini
[2003/09/10 08:09:58 | 000,262,144 | -H-- | C] () -- C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT
[2003/09/10 08:07:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/09/10 08:05:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2003/09/10 08:03:32 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2003/09/10 08:03:24 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2003/09/10 08:01:50 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/09/10 08:01:33 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2003/09/10 08:01:33 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2003/09/10 08:00:16 | 000,027,055 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2003/09/10 08:00:14 | 000,003,999 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2003/09/10 07:53:50 | 001,060,790 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2003/09/10 07:53:48 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/09/10 07:52:32 | 000,164,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/06/02 20:46:10 | 000,249,941 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/06/02 20:46:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/06/02 20:45:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2003/06/02 20:45:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2003/06/02 20:45:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2003/06/02 20:45:58 | 000,024,576 | ---- | C] () -- C:\WINDOWS\slrundll.exe
[2002/09/25 09:16:31 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/25 09:16:31 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 07:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 07:00:00 | 000,455,300 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2002/08/29 07:00:00 | 000,439,026 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 07:00:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2002/08/29 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2002/08/29 07:00:00 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 07:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2002/08/29 07:00:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2002/08/29 07:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2002/08/29 07:00:00 | 000,083,398 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2002/08/29 07:00:00 | 000,071,022 | ---- | C] () -- C:\WINDOWS\System32\edit.com
[2002/08/29 07:00:00 | 000,070,550 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 07:00:00 | 000,054,128 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe
[2002/08/29 07:00:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2002/08/29 07:00:00 | 000,052,777 | ---- | C] () -- C:\WINDOWS\System32\command.com
[2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 07:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2002/08/29 07:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2002/08/29 07:00:00 | 000,039,546 | ---- | C] () -- C:\WINDOWS\System32\mem.exe
[2002/08/29 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2002/08/29 07:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2002/08/29 07:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2002/08/29 07:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2002/08/29 07:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 07:00:00 | 000,027,914 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2002/08/29 07:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2002/08/29 07:00:00 | 000,021,210 | ---- | C] () -- C:\WINDOWS\System32\debug.exe
[2002/08/29 07:00:00 | 000,019,726 | ---- | C] () -- C:\WINDOWS\System32\graphics.com
[2002/08/29 07:00:00 | 000,017,241 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2002/08/29 07:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2002/08/29 07:00:00 | 000,014,816 | ---- | C] () -- C:\WINDOWS\System32\kb16.com
[2002/08/29 07:00:00 | 000,014,060 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2002/08/29 07:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2002/08/29 07:00:00 | 000,013,026 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe
[2002/08/29 07:00:00 | 000,012,610 | ---- | C] () -- C:\WINDOWS\System32\append.exe
[2002/08/29 07:00:00 | 000,011,903 | ---- | C] () -- C:\WINDOWS\System32\setver.exe
[2002/08/29 07:00:00 | 000,009,032 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2002/08/29 07:00:00 | 000,008,584 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe
[2002/08/29 07:00:00 | 000,007,084 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe
[2002/08/29 07:00:00 | 000,006,287 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2002/08/29 07:00:00 | 000,004,992 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2002/08/29 07:00:00 | 000,004,438 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2002/08/29 07:00:00 | 000,004,233 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2002/08/29 07:00:00 | 000,003,358 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2002/08/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 07:00:00 | 000,001,783 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2002/08/29 07:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2002/08/29 07:00:00 | 000,001,273 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com
[2002/08/29 07:00:00 | 000,000,900 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/08/29 07:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe
[2002/08/29 07:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe
[2002/08/29 07:00:00 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe
[2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/08/29 07:00:00 | 000,000,369 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2002/08/29 07:00:00 | 000,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/08/17 23:54:50 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe
[2001/08/17 23:54:08 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
 
========== LOP Check ==========
 
[2010/03/15 11:14:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\J. Meyerventer\Anwendungsdaten\CoSoSys
[2010/02/22 15:02:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\J. Meyerventer\Anwendungsdaten\DirectoriesAG
[2014/01/08 07:26:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\J. Meyerventer\Anwendungsdaten\Epson
[2003/11/23 14:15:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\J. Meyerventer\Anwendungsdaten\HaCon
[2006/01/31 12:47:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\J. Meyerventer\Anwendungsdaten\v3.0
[2014/01/08 07:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2007/04/02 12:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fssg
[2010/01/06 12:21:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HaCon
[2012/04/17 02:42:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at
[2014/01/08 07:19:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2012/04/17 02:27:35 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3257C41-1D3A-407B-A943-682D251F5FD2}
 
========== Purity Check ==========
 
 
< End of report >
         
Extras-Benutzer

Code:
ATTFilter
OTL Extras logfile created on: 2/15/2014 8:29:35 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
509.00 Mb Total Physical Memory | 293.00 Mb Available Physical Memory | 58.00% Memory free
461.00 Mb Paging File | 317.00 Mb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 15.61 Gb Total Space | 2.87 Gb Free Space | 18.36% Space Free | Partition Type: NTFS
Drive D: | 21.65 Gb Total Space | 21.15 Gb Free Space | 97.68% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2C2E3DF0-5E32-48DA-AE35-2CC79E934AFA}" = SilentInstall
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}" = Camtel USB PC Camera
"{44591AF0-E852-426B-A291-4D6F0A071A3E}" = telinfo 5/10
"{49CC9E1E-114E-4957-BE54-3099D7E3BF96}" = Directories CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A1418F-9909-4DEA-9EC9-84058B487826}" = IEEE 802.11b WLAN Utility
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = RTLSetup for Realtek RTL8139/810x Family NIC 3.50 (OEM A)
"{9C18E568-8E10-491E-896E-EEFB3FF1A39A}" = TwixTel
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0BD89C0-D39D-11D5-BBEC-00D0B740900A}" = Multimedia / Internet Keyboard Driver VerR8.15
"{A2DCA403-664B-43F5-94E3-DB77416F2102}_is1" = Motorola 802.11n Dualband USB Wireless Adapter Setup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-7AD7-1031-7B44-A00000000001}" = Adobe Reader 6.0.1 - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)
"ATI Display Driver" = ATI Display Driver
"CANONBJ_Deinstall_CNMCP58.DLL" = Canon i560
"EPSON Scanner" = EPSON Scan
"EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall
"EPSON SX218 Series Manual" = EPSON SX218 Series Handbuch
"GoBluewin" = GoBluewin
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Picture It!" = Microsoft Picture It! 99
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Q903235" = Internet Explorer Q903235
"SilentInstall" = SilentInstall
"SLAMRNTV" = 56K MDC Modem
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"Works" = Microsoft Works 4.5
"Works Calendar" = Microsoft Works Kalender 1.0
"Works99Setup" = Microsoft Works Setup Launcher
 
< End of report >
         

Alt 15.02.2014, 08:11   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows XP - Befall von BKA / Fedpol Virus - Hilfe bei der Auswertung OTLpe - Standard

Windows XP - Befall von BKA / Fedpol Virus - Hilfe bei der Auswertung OTLpe



Hi,

in welchem Benutzer hast du das Problem? ODer schon vor der Anmeldung? Bitte in diesem User nochmal scannen, aber alle Kästchen auf ALL stellen.
__________________

__________________

Alt 15.02.2014, 19:06   #3
Maleware200
 
Windows XP - Befall von BKA / Fedpol Virus - Hilfe bei der Auswertung OTLpe - Standard

Windows XP - Befall von BKA / Fedpol Virus - Hilfe bei der Auswertung OTLpe



Hey Danke für deine Antwort

Es müsste dieser Benutzer sein.

Gruss Felix


Hier mal die aktuellen Scan's.

OTL'Scan;
Code:
ATTFilter
OTL logfile created on: 2/15/2014 9:28:53 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
509.00 Mb Total Physical Memory | 294.00 Mb Available Physical Memory | 58.00% Memory free
461.00 Mb Paging File | 318.00 Mb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 15.61 Gb Total Space | 2.87 Gb Free Space | 18.36% Space Free | Partition Type: NTFS
Drive D: | 21.65 Gb Total Space | 21.15 Gb Free Space | 97.68% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (All) ==========
 
SRV - File not found [Disabled] --  -- (HidServ)
SRV - File not found [On_Demand] --  -- (AppMgmt)
SRV - [2014/02/10 15:20:12 | 000,156,672 | ---- | M] () [Auto] -- C:\DOKUME~1\ALLUSE~1\ANWEND~1\lo4az8r.cpp -- (winmgmt)
SRV - [2014/02/04 17:57:54 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/25 17:21:45 | 000,194,032 | ---- | M] (Google) [On_Demand] -- C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2012/07/06 08:59:07 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2012/04/17 04:52:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Programme\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/04/17 04:49:07 | 000,136,176 | ---- | M] (Google Inc.) [On_Demand] -- C:\Programme\Google\Update\GoogleUpdate.exe -- (gupdatem) Google Update-Dienst (gupdatem)
SRV - [2012/04/17 04:49:07 | 000,136,176 | ---- | M] (Google Inc.) [Auto] -- C:\Programme\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010/08/27 00:57:36 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2009/07/27 18:16:05 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2009/07/27 18:16:05 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/27 18:16:05 | 000,135,680 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2009/06/10 01:14:21 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/05/14 11:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto] -- C:\Programme\Gemeinsame Dateien\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/09 06:21:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/09 06:21:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2009/02/09 05:51:45 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) Remoteprozeduraufruf (RPC)
SRV - [2009/02/09 05:51:45 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2008/09/11 09:13:56 | 000,020,480 | ---- | M] (Ralink Technology, Corp.) [Auto] -- C:\Programme\Motorola\802.11n Dualband USB Wireless Adapter\USB Wireless LAN\AutoInstSvc\MotoWLanSrv.exe -- (RaAutoInstSrv_RT2878)
SRV - [2008/07/29 14:10:04 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 12:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 12:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 04:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 04:16:40 | 000,034,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/07 15:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2008/06/20 11:02:46 | 000,247,296 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) NLA (Network Location Awareness)
SRV - [2008/04/13 21:23:06 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008/04/13 21:23:04 | 000,292,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 21:23:03 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2008/04/13 21:23:01 | 000,094,208 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2008/04/13 21:23:00 | 000,143,360 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008/04/13 21:22:59 | 000,099,840 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2008/04/13 21:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 21:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 21:22:53 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 21:22:53 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2008/04/13 21:22:52 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008/04/13 21:22:51 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 21:22:51 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 21:22:51 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 21:22:51 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2008/04/13 21:22:51 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 21:22:50 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator)
SRV - [2008/04/13 21:22:48 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 21:22:42 | 000,225,280 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 21:22:42 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 21:22:42 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2008/04/13 21:22:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/13 21:22:38 | 000,005,632 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2008/04/13 21:22:34 | 000,044,544 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 21:22:33 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2008/04/13 21:22:33 | 000,129,024 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV - [2008/04/13 21:22:33 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 21:22:32 | 000,334,336 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Windows-Bilderfassung (WIA)
SRV - [2008/04/13 21:22:32 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/13 21:22:32 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2008/04/13 21:22:31 | 000,186,880 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2008/04/13 21:22:31 | 000,177,152 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2008/04/13 21:22:31 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 21:22:30 | 000,297,472 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/13 21:22:30 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 21:22:30 | 000,171,520 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 21:22:30 | 000,090,112 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks) Überwachung verteilter Verknüpfungen (Client)
SRV - [2008/04/13 21:22:30 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/04/13 21:22:24 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\sens.dll -- (SENS)
SRV - [2008/04/13 21:22:24 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 21:22:23 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/13 21:22:23 | 000,294,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\qagentrt.dll -- (napagent) NAP-Agent (Network Access Protection)
SRV - [2008/04/13 21:22:23 | 000,193,536 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 21:22:23 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2008/04/13 21:22:23 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 21:22:23 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/13 21:22:20 | 000,438,272 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 21:22:19 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/04/13 21:22:18 | 000,052,736 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2008/04/13 21:22:16 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 21:22:15 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 21:22:13 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\kmsvc.dll -- (hkmsvc)
SRV - [2008/04/13 21:22:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 21:22:12 | 000,334,336 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 21:22:12 | 000,028,160 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2008/04/13 21:22:10 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2008/04/13 21:22:09 | 000,133,120 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc) Automatische Konfiguration (verkabelt)
SRV - [2008/04/13 21:22:09 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/13 21:22:09 | 000,024,064 | ---- | M] (Microsoft Corp.) [On_Demand] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 21:22:08 | 000,127,488 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/13 21:22:08 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 21:22:07 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 21:22:07 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2003/06/02 20:46:10 | 000,249,941 | ---- | M] () [Disabled] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2003/06/02 20:45:58 | 000,045,056 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2002/08/29 07:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)
 
 
========== Driver Services (All) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | Disabled] --  -- (ViaIde)
DRV - File not found [Kernel | Disabled] --  -- (ultra)
DRV - File not found [Kernel | Disabled] --  -- (TosIde)
DRV - File not found [Kernel | Disabled] --  -- (symc8xx)
DRV - File not found [Kernel | Disabled] --  -- (symc810)
DRV - File not found [Kernel | Disabled] --  -- (sym_u3)
DRV - File not found [Kernel | Disabled] --  -- (sym_hi)
DRV - File not found [Kernel | Disabled] --  -- (Sparrow)
DRV - File not found [Kernel | Disabled] --  -- (Simbad)
DRV - File not found [Kernel | Disabled] --  -- (ql1280)
DRV - File not found [Kernel | Disabled] --  -- (ql1240)
DRV - File not found [Kernel | Disabled] --  -- (ql12160)
DRV - File not found [Kernel | Disabled] --  -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] --  -- (ql1080)
DRV - File not found [Kernel | Disabled] --  -- (perc2hib)
DRV - File not found [Kernel | Disabled] --  -- (perc2)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | Disabled] --  -- (mraid35x)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] --  -- (IntelIde)
DRV - File not found [Kernel | Disabled] --  -- (ini910u)
DRV - File not found [Kernel | Disabled] --  -- (i2omp)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | Disabled] --  -- (hpn)
DRV - File not found [Kernel | Disabled] --  -- (dpti2o)
DRV - File not found [Kernel | Disabled] --  -- (dac960nt)
DRV - File not found [Kernel | Disabled] --  -- (dac2w2k)
DRV - File not found [Kernel | Disabled] --  -- (Cpqarray)
DRV - File not found [Kernel | Disabled] --  -- (CmdIde)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - File not found [Kernel | Disabled] --  -- (cd20xrnt)
DRV - File not found [Kernel | Disabled] --  -- (Atdisk)
DRV - File not found [Kernel | Disabled] --  -- (asc3550)
DRV - File not found [Kernel | Disabled] --  -- (asc3350p)
DRV - File not found [Kernel | Disabled] --  -- (asc)
DRV - File not found [Kernel | Disabled] --  -- (amsint)
DRV - File not found [Kernel | Disabled] --  -- (AliIde)
DRV - File not found [Kernel | Disabled] --  -- (aic78xx)
DRV - File not found [Kernel | Disabled] --  -- (aic78u2)
DRV - File not found [Kernel | Disabled] --  -- (Aha154x)
DRV - File not found [Kernel | Disabled] --  -- (adpu160m)
DRV - File not found [Kernel | Disabled] --  -- (abp480n5)
DRV - File not found [Kernel | Disabled] --  -- (Abiosdsk)
DRV - [2013/11/27 15:21:06 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2013/08/08 19:55:07 | 000,032,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2013/07/02 20:59:02 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2012/07/04 09:05:05 | 000,139,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2011/08/17 08:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2011/07/15 08:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2011/07/08 09:02:00 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2011/04/21 08:37:43 | 000,105,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2011/02/17 08:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/10/20 11:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 06:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/04/28 11:02:02 | 000,719,616 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/03/18 06:02:23 | 000,030,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 21:23:26 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 21:23:26 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 21:23:26 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 21:02:33 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/13 21:02:16 | 000,120,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 21:02:13 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 21:02:10 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 20:58:36 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 20:58:18 | 000,154,112 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 20:58:13 | 000,800,384 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 20:58:03 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 20:57:20 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 20:55:34 | 000,052,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 20:54:59 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 20:52:51 | 000,057,728 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 20:52:51 | 000,044,672 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 20:52:02 | 000,053,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 20:51:21 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2008/04/13 20:49:36 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 20:49:32 | 000,030,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 20:49:03 | 000,188,800 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 14:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 14:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 14:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN-Miniport (PPTP)
DRV - [2008/04/13 14:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN-Miniport (L2TP)
DRV - [2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 14:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 14:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 14:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 14:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 13:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 13:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 13:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 13:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 13:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 13:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 13:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 13:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 13:54:36 | 000,088,192 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\irda.sys -- (irda)
DRV - [2008/04/13 13:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 13:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 13:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 13:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/13 13:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 13:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 13:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/13 13:46:25 | 000,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC)
DRV - [2008/04/13 13:46:24 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC)
DRV - [2008/04/13 13:46:23 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE)
DRV - [2008/04/13 13:46:23 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP)
DRV - [2008/04/13 13:46:22 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP)
DRV - [2008/04/13 13:46:21 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip)
DRV - [2008/04/13 13:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (usbstor)
DRV - [2008/04/13 13:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 13:45:35 | 000,017,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2008/04/13 13:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 13:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 13:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 13:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 13:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 13:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 13:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 13:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 13:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 13:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 13:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 13:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 13:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 13:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 13:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 13:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 13:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 13:39:50 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE)
DRV - [2008/04/13 13:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 13:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 13:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 13:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/04/13 13:36:37 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmbatt.sys -- (CmBatt)
DRV - [2008/04/13 13:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/04/13 13:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 13:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 13:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 13:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 13:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 11:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2003/06/02 20:46:10 | 000,624,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/06/02 20:46:00 | 000,092,904 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/06/02 20:45:58 | 001,807,568 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2003/06/02 20:45:58 | 000,418,752 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2003/06/02 20:45:58 | 000,195,048 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2003/06/02 20:45:58 | 000,161,976 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2003/06/02 20:45:58 | 000,084,720 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2003/06/02 20:45:58 | 000,039,348 | ---- | M] (Vireo Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2003/06/02 20:45:56 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation       ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003/06/02 20:45:40 | 000,730,092 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/03/13 09:39:12 | 000,093,305 | ---- | M] (VM) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2003/02/12 06:28:00 | 000,008,576 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wncpkt.sys -- (WNCPKT)
DRV - [2002/10/01 04:49:00 | 000,606,720 | ---- | M] ( Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EU3USB.sys -- (EU3_USB)
DRV - [2002/08/29 07:00:00 | 000,126,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2002/08/29 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2002/08/29 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2002/08/29 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2002/08/29 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/08/29 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti) Parallelanschluss (direkt)
DRV - [2002/08/29 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2002/08/29 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2002/08/29 07:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2002/08/29 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2002/08/29 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2002/08/29 07:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2002/08/29 07:00:00 | 000,007,040 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2002/08/29 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2002/08/29 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2002/08/29 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2002/08/29 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2002/08/29 07:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2002/08/29 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2002/08/29 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\System32\winsock.dll -- (Winsock)
DRV - [2001/08/17 21:22:44 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 07:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 07:51:32 | 000,019,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasirda.sys -- (Rasirda) WAN-Miniport (IrDA)
DRV - [2001/08/17 06:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\J._Meyerventer_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\J._Meyerventer_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\J._Meyerventer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\J._Meyerventer_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\J._Meyerventer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\J._Meyerventer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2012/04/17 04:52:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2013/10/18 15:45:01 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2002/08/29 07:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ShprRprts) - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} -  File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Hotbar) - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} -  File not found
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\J._Meyerventer_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\J._Meyerventer_ON_C\..\Toolbar\ShellBrowser: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No CLSID value found.
O3 - HKU\J._Meyerventer_ON_C\..\Toolbar\ShellBrowser: (Hotbar) - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} -  File not found
O3 - HKU\J._Meyerventer_ON_C\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\J._Meyerventer_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\J._Meyerventer_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Synchronization Manager] C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [ALUAlert]  File not found
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\J._Meyerventer_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\J._Meyerventer_ON_C..\Run: [data]  File not found
O4 - HKU\J._Meyerventer_ON_C..\Run: [EPSON SX218 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\LocalService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\J._Meyerventer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: SmartShopper - Compare product prices - {679B2A8D-B2FF-41ed-B3ED-C5CFB8564CB0} - Reg Error: Key error. File not found
O9 - Extra Button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} -  File not found
O9 - Extra Button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} -  File not found
O9 - Extra Button: SmartShopper - Compare travel rates - {9E4DF170-217F-4658-A11F-590664542B73} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} file://E:\content\include\XPPatchInstaller.CAB (PatchInstaller.Installer)
O16 - DPF: {660556AE-B17A-4FC5-9F01-75142673EF29} hxxp://dialup.tele-call.de/UniversalDialerWebControl.ocx (UniversalDialerWebControl)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} file://E:\Content\include\msSecUcd.cab (MSSecurityAdvisorCD Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/09/10 08:05:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/07 15:05:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2003/06/02 20:45:58 | 001,807,568 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2003/06/02 20:45:58 | 000,418,752 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2003/06/02 20:45:58 | 000,195,048 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2003/06/02 20:45:58 | 000,161,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2003/06/02 20:45:58 | 000,084,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2003/06/02 20:45:58 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\slserv.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/15 08:08:05 | 003,407,872 | -H-- | M] () -- C:\Dokumente und Einstellungen\J. Meyerventer\NTUSER.DAT
[2014/02/15 01:31:32 | 000,262,144 | -H-- | M] () -- C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT
[2014/02/15 01:31:32 | 000,262,144 | -H-- | M] () -- C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT
[2014/02/15 01:31:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/15 01:31:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2014/02/15 01:31:07 | 000,001,106 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/15 01:28:15 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\J. Meyerventer\ntuser.ini
[2014/02/15 01:27:38 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/15 01:27:36 | 095,027,928 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\r8za4ol.fee
[2014/02/14 13:56:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/14 13:55:27 | 000,012,648 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/10 15:20:20 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\J. Meyerventer\Startmenü\Programme\Autostart\r8za4ol.lnk
[2014/02/10 15:20:12 | 000,156,672 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lo4az8r.cpp
[2014/02/04 17:57:37 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/02/04 17:57:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/01/30 07:28:54 | 000,005,632 | ---- | M] () -- C:\einladung zum Geburtstag.wps
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/02/10 15:20:20 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\J. Meyerventer\Startmenü\Programme\Autostart\r8za4ol.lnk
[2014/02/10 15:20:14 | 095,027,928 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\r8za4ol.fee
[2014/02/10 15:20:12 | 000,156,672 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lo4az8r.cpp
[2014/01/30 07:28:54 | 000,005,632 | ---- | C] () -- C:\einladung zum Geburtstag.wps
[2014/01/08 07:38:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2013/01/17 14:25:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/17 05:20:56 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/01/06 12:17:14 | 000,176,210 | ---- | C] () -- C:\WINDOWS\System32\TCDPCDLR.dll
[2010/01/06 12:17:14 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tcdmodem.dll
[2010/01/06 12:17:13 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\modemdirect.dll
[2010/01/06 12:17:06 | 000,000,450 | ---- | C] () -- C:\WINDOWS\telcd.ini
[2008/07/18 10:22:38 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\J. Meyerventer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/03 02:40:27 | 003,184,656 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2007/04/03 02:40:25 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini
[2007/04/03 02:40:24 | 000,786,432 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT
[2006/06/29 07:58:52 | 000,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 07:53:56 | 000,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 08:39:28 | 000,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 08:39:28 | 000,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2004/09/14 08:33:04 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\J. Meyerventer\Anwendungsdaten\dm.ini
[2004/08/09 03:40:53 | 000,000,387 | ---- | C] () -- C:\WINDOWS\dcd.ini
[2004/08/02 07:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/05/17 17:43:15 | 000,034,032 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2004/05/17 17:43:09 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2004/05/17 17:43:07 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2004/05/17 17:43:06 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2004/05/17 17:43:04 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2004/04/24 02:59:01 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2003/12/19 12:23:29 | 000,038,720 | ---- | C] () -- C:\Dokumente und Einstellungen\J. Meyerventer\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2003/12/13 17:25:55 | 000,098,304 | ---- | C] () -- C:\WINDOWS\erotik2003.exe
[2003/11/04 15:51:53 | 000,000,542 | ---- | C] () -- C:\WINDOWS\HAFASWIN.INI
[2003/11/03 08:43:48 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2003/10/29 09:32:04 | 000,054,976 | ---- | C] () -- C:\WINDOWS\wizards.ini
[2003/10/20 08:16:08 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/17 04:52:10 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2003/10/17 01:50:56 | 000,192,512 | ---- | C] () -- C:\WINDOWS\RmDevice.exe
[2003/10/16 09:53:53 | 006,949,676 | -H-- | C] () -- C:\Dokumente und Einstellungen\J. Meyerventer\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2003/10/16 09:53:52 | 003,407,872 | -H-- | C] () -- C:\Dokumente und Einstellungen\J. Meyerventer\NTUSER.DAT
[2003/10/16 09:53:52 | 000,000,300 | -HS- | C] () -- C:\Dokumente und Einstellungen\J. Meyerventer\ntuser.ini
[2003/09/11 03:35:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/09/11 02:39:20 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/09/11 02:39:19 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2003/09/11 02:39:19 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2003/09/11 02:39:19 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2003/09/10 10:45:48 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/09/10 09:27:10 | 000,000,014 | ---- | C] () -- C:\WINDOWS\EnDisEU3.INI
[2003/09/10 08:41:23 | 000,000,912 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/09/10 08:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\amcap.exe
[2003/09/10 08:19:46 | 000,294,912 | R--- | C] () -- C:\WINDOWS\Record.exe
[2003/09/10 08:19:46 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2003/09/10 08:19:29 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2003/09/10 08:19:29 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2003/09/10 08:19:29 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SmCfg.exe
[2003/09/10 08:17:58 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2003/09/10 08:12:51 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/09/10 08:10:00 | 000,000,020 | -HS- | C] () -- C:\Dokumente und Einstellungen\LocalService\ntuser.ini
[2003/09/10 08:09:59 | 000,262,144 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT
[2003/09/10 08:09:59 | 000,000,020 | -HS- | C] () -- C:\Dokumente und Einstellungen\NetworkService\ntuser.ini
[2003/09/10 08:09:58 | 000,262,144 | -H-- | C] () -- C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT
[2003/09/10 08:07:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/09/10 08:05:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2003/09/10 08:03:32 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2003/09/10 08:03:24 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2003/09/10 08:01:50 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/09/10 08:01:33 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2003/09/10 08:01:33 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2003/09/10 08:00:16 | 000,027,055 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2003/09/10 08:00:14 | 000,003,999 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2003/09/10 07:53:50 | 001,060,790 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2003/09/10 07:53:48 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/09/10 07:52:32 | 000,164,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/06/02 20:46:10 | 000,249,941 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/06/02 20:46:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/06/02 20:45:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2003/06/02 20:45:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2003/06/02 20:45:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2003/06/02 20:45:58 | 000,024,576 | ---- | C] () -- C:\WINDOWS\slrundll.exe
[2002/09/25 09:16:31 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/25 09:16:31 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 07:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 07:00:00 | 000,455,300 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2002/08/29 07:00:00 | 000,439,026 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 07:00:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2002/08/29 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2002/08/29 07:00:00 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 07:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2002/08/29 07:00:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2002/08/29 07:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2002/08/29 07:00:00 | 000,083,398 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2002/08/29 07:00:00 | 000,071,022 | ---- | C] () -- C:\WINDOWS\System32\edit.com
[2002/08/29 07:00:00 | 000,070,550 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 07:00:00 | 000,054,128 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe
[2002/08/29 07:00:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2002/08/29 07:00:00 | 000,052,777 | ---- | C] () -- C:\WINDOWS\System32\command.com
[2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 07:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2002/08/29 07:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2002/08/29 07:00:00 | 000,039,546 | ---- | C] () -- C:\WINDOWS\System32\mem.exe
[2002/08/29 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2002/08/29 07:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2002/08/29 07:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2002/08/29 07:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2002/08/29 07:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 07:00:00 | 000,027,914 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2002/08/29 07:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2002/08/29 07:00:00 | 000,021,210 | ---- | C] () -- C:\WINDOWS\System32\debug.exe
[2002/08/29 07:00:00 | 000,019,726 | ---- | C] () -- C:\WINDOWS\System32\graphics.com
[2002/08/29 07:00:00 | 000,017,241 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2002/08/29 07:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2002/08/29 07:00:00 | 000,014,816 | ---- | C] () -- C:\WINDOWS\System32\kb16.com
[2002/08/29 07:00:00 | 000,014,060 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2002/08/29 07:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2002/08/29 07:00:00 | 000,013,026 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe
[2002/08/29 07:00:00 | 000,012,610 | ---- | C] () -- C:\WINDOWS\System32\append.exe
[2002/08/29 07:00:00 | 000,011,903 | ---- | C] () -- C:\WINDOWS\System32\setver.exe
[2002/08/29 07:00:00 | 000,009,032 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2002/08/29 07:00:00 | 000,008,584 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe
[2002/08/29 07:00:00 | 000,007,084 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe
[2002/08/29 07:00:00 | 000,006,287 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2002/08/29 07:00:00 | 000,004,992 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2002/08/29 07:00:00 | 000,004,438 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2002/08/29 07:00:00 | 000,004,233 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2002/08/29 07:00:00 | 000,003,358 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2002/08/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 07:00:00 | 000,001,783 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2002/08/29 07:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2002/08/29 07:00:00 | 000,001,273 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com
[2002/08/29 07:00:00 | 000,000,900 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/08/29 07:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe
[2002/08/29 07:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe
[2002/08/29 07:00:00 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe
[2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/08/29 07:00:00 | 000,000,369 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2002/08/29 07:00:00 | 000,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/08/17 23:54:50 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe
[2001/08/17 23:54:08 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
 
========== LOP Check ==========
 
[2010/03/15 11:14:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\J. Meyerventer\Anwendungsdaten\CoSoSys
[2010/02/22 15:02:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\J. Meyerventer\Anwendungsdaten\DirectoriesAG
[2014/01/08 07:26:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\J. Meyerventer\Anwendungsdaten\Epson
[2003/11/23 14:15:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\J. Meyerventer\Anwendungsdaten\HaCon
[2006/01/31 12:47:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\J. Meyerventer\Anwendungsdaten\v3.0
[2014/01/08 07:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2007/04/02 12:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fssg
[2010/01/06 12:21:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HaCon
[2012/04/17 02:42:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at
[2014/01/08 07:19:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2012/04/17 02:27:35 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3257C41-1D3A-407B-A943-682D251F5FD2}
 
========== Purity Check ==========
 
 
< End of report >
         

Extras
Code:
ATTFilter
OTL Extras logfile created on: 2/15/2014 9:28:53 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
509.00 Mb Total Physical Memory | 294.00 Mb Available Physical Memory | 58.00% Memory free
461.00 Mb Paging File | 318.00 Mb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 15.61 Gb Total Space | 2.87 Gb Free Space | 18.36% Space Free | Partition Type: NTFS
Drive D: | 21.65 Gb Total Space | 21.15 Gb Free Space | 97.68% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Programme\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2C2E3DF0-5E32-48DA-AE35-2CC79E934AFA}" = SilentInstall
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}" = Camtel USB PC Camera
"{44591AF0-E852-426B-A291-4D6F0A071A3E}" = telinfo 5/10
"{49CC9E1E-114E-4957-BE54-3099D7E3BF96}" = Directories CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A1418F-9909-4DEA-9EC9-84058B487826}" = IEEE 802.11b WLAN Utility
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = RTLSetup for Realtek RTL8139/810x Family NIC 3.50 (OEM A)
"{9C18E568-8E10-491E-896E-EEFB3FF1A39A}" = TwixTel
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0BD89C0-D39D-11D5-BBEC-00D0B740900A}" = Multimedia / Internet Keyboard Driver VerR8.15
"{A2DCA403-664B-43F5-94E3-DB77416F2102}_is1" = Motorola 802.11n Dualband USB Wireless Adapter Setup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-7AD7-1031-7B44-A00000000001}" = Adobe Reader 6.0.1 - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)
"ATI Display Driver" = ATI Display Driver
"CANONBJ_Deinstall_CNMCP58.DLL" = Canon i560
"EPSON Scanner" = EPSON Scan
"EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall
"EPSON SX218 Series Manual" = EPSON SX218 Series Handbuch
"GoBluewin" = GoBluewin
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Picture It!" = Microsoft Picture It! 99
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Q903235" = Internet Explorer Q903235
"SilentInstall" = SilentInstall
"SLAMRNTV" = 56K MDC Modem
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"Works" = Microsoft Works 4.5
"Works Calendar" = Microsoft Works Kalender 1.0
"Works99Setup" = Microsoft Works Setup Launcher
 
< End of report >
         
Jemand eine Idee?

Gruss
Felxi

Jemand eine Idee?

Gruss
Felxi
__________________

Alt 16.02.2014, 07:03   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows XP - Befall von BKA / Fedpol Virus - Hilfe bei der Auswertung OTLpe - Standard

Windows XP - Befall von BKA / Fedpol Virus - Hilfe bei der Auswertung OTLpe



Zitat:
Jemand eine Idee?

Gruss
Felxi

Jemand eine Idee?

Gruss
Felxi
Locker bleiben. Das hier ist ein Forum, für Lau. Als ich das letzte Mal nachgeschaut hab wurde mir von einem User hier kein Monatslohn überwiesen, also müssen wir nebenbei noch Arbeiten, essen, schlafen, und en bissl Family und so, ne

Ich mach schon so schnell wie ich kann (dabei verzichte ich gerne auf 90% meiner Freizeit), aber bei 400 aktiven Usern dauert dad schon ein wenig.


Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
O4 - HKU\J._Meyerventer_ON_C..\Run: [data]  File not found
O31 - SafeBoot: AlternateShell - cmd.exe
[2014/02/15 01:27:36 | 095,027,928 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\r8za4ol.fee
[2014/02/10 15:20:20 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\J. Meyerventer\Startmenü\Programme\Autostart\r8za4ol.lnk
[2014/02/10 15:20:12 | 000,156,672 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lo4az8r.cpp
[2014/02/10 15:20:20 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\J. Meyerventer\Startmenü\Programme\Autostart\r8za4ol.lnk
[2014/02/10 15:20:14 | 095,027,928 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\r8za4ol.fee
[2014/02/10 15:20:12 | 000,156,672 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lo4az8r.cpp
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows XP - Befall von BKA / Fedpol Virus - Hilfe bei der Auswertung OTLpe
.dll, administrator, adobe, adobe flash player, bho, computer, desktop, einstellungen, error, explorer, fedpol, flash player, format, logfile, neustart, object, realtek, registry, scan, software, udp, usb, virus, windows, windows xp, winlogon



Ähnliche Themen: Windows XP - Befall von BKA / Fedpol Virus - Hilfe bei der Auswertung OTLpe


  1. Trj.CI.A befall, bitte um Hilfe bei der Auswertung ob ich etwas beim Löschen übersehen habe.
    Log-Analyse und Auswertung - 20.02.2015 (9)
  2. Win7 pro 64bit GUV virus mit Fedpol Meldung
    Log-Analyse und Auswertung - 03.11.2014 (1)
  3. Vista mit FEDPOL VIRUS
    Log-Analyse und Auswertung - 19.08.2014 (3)
  4. Bundestrojaner OTLPE Logfile yur Auswertung
    Log-Analyse und Auswertung - 16.12.2013 (17)
  5. Windows 7 Interpol Trojaner OTLPE Auswertung
    Log-Analyse und Auswertung - 04.11.2013 (15)
  6. Windows 8: FedPol BundesKriminalPolizei Virus auf meinem PC
    Log-Analyse und Auswertung - 29.10.2013 (3)
  7. OTLPE Auswertung
    Log-Analyse und Auswertung - 15.10.2013 (13)
  8. Fedpol bundespolizei trojaner auf pc windows 7 - wie weiter?
    Log-Analyse und Auswertung - 14.10.2013 (1)
  9. WinVista Bundestrojaner 1.1.3 .- BlueScreen - OTLPE Auswertung
    Log-Analyse und Auswertung - 25.11.2012 (2)
  10. Suisa Trojaner - OTLPE-Auswertung
    Log-Analyse und Auswertung - 01.10.2012 (24)
  11. Trojan.Generic Befall Bitte um Hilfe nach OTL Log Auswertung!
    Log-Analyse und Auswertung - 12.09.2012 (6)
  12. Auswertung von OTLPE Scan
    Log-Analyse und Auswertung - 05.07.2012 (11)
  13. BKA Virus - Windows 7 - OTLPE Scan
    Plagegeister aller Art und deren Bekämpfung - 22.10.2011 (5)
  14. BKA-Trojaner OTLPE-Log-Auswertung
    Log-Analyse und Auswertung - 03.07.2011 (37)
  15. Auswertung von HJT nach Befall von fake Windows Security
    Log-Analyse und Auswertung - 08.01.2010 (2)
  16. Viren Befall - Bitte um Hilfe bei EScan/HiJack Auswertung!
    Log-Analyse und Auswertung - 27.07.2007 (3)
  17. SinEspias-Befall Bitte um Hilfe bei der Log-File Auswertung
    Log-Analyse und Auswertung - 16.12.2005 (1)

Zum Thema Windows XP - Befall von BKA / Fedpol Virus - Hilfe bei der Auswertung OTLpe - Hallo zusammen Leider wurde mein Windows XP Pc von dem im Titel genannten Virus befallen. Der Neustart im abgesicherten Modus funktioniert nicht. Ich habe danach eine OTPle CD erstellt und - Windows XP - Befall von BKA / Fedpol Virus - Hilfe bei der Auswertung OTLpe...
Archiv
Du betrachtest: Windows XP - Befall von BKA / Fedpol Virus - Hilfe bei der Auswertung OTLpe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.