Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Backdoor.Bot ist nach jedem Neustart wieder da

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.10.2010, 09:26   #1
glasnost
 
Backdoor.Bot ist nach jedem Neustart wieder da - Standard

Backdoor.Bot ist nach jedem Neustart wieder da



Hallo,
so langsam verzweifele ich. Ich habe Malwarebytes mehrfach einen Quicksscann durchführen lassen und die besagten Ereignisse löschen lassen, auch Antivir lief drüber und hat alles in Quarantäne gepackt, was gefunden wurde.
Nach jedem neustart ist aber diese backdoor.bot wieder da.
Beim Googlen bin ich darauf gestoßen, dass ich die Systemwiederherstellung mal ausmachen solle, das habe ich auch getan, aber alles ohne Erfolg.
Anbei die Logfiles...
Gruß glasnost
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:24, on 13.10.10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Logi_MwX.Exe
E:\Programme\REVOLTEC\FightBoard Advanced 1.00\FightBoard.exe
C:\Programme\XpertVision\TBPanel.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Programme\Logitech\SetPoint\SetPoint.exe
c:\Programme\Avira\AntiVir Desktop\avguard.exe
c:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
E:\Programme\SlySoft\Game Jackal\Game Jackal v4\Server.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.mini20.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\host32.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Videoraptor_WebRipPlugin Class - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - e:\Programme\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - c:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [FightBoard] e:\Programme\REVOLTEC\FightBoard Advanced 1.00\FightBoard.exe -1
O4 - HKLM\..\Run: [Gainward] c:\Programme\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DT HPW] C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe -HPW
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "c:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = E:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{48610874-3588-4A87-8CFB-E925A22BBF11}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E59E14FF-DF76-46C9-8F3A-7BC93E00911D}: NameServer = 192.168.0.1
O18 - Protocol: hio - {755F9D06-1AF6-43D0-9832-42D83A1061A9} - C:\Programme\Gemeinsame Dateien\DigiOnline GmbH\HierObjects.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - c:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - c:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Game Jackal Server (GJService) - Unknown owner - E:\Programme\SlySoft\Game Jackal\Game Jackal v4\Server.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6832 bytes
         
--- --- ---


Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Mittwoch, 13. Oktober 2010 09:10

Es wird nach 2925284 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows XP
Windowsversion : (Service Pack 2) [5.1.2600]
Boot Modus : Normal gebootet
Benutzername : Max Mustermann
Computername : XXX

Versionsinformationen:
BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.10 15:50:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 01.04.10 11:37:35
AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.10 10:42:16
LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.10 17:32:59
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.10 10:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.09 08:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.09 18:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.10 16:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.10 15:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.10 10:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.10 07:20:30
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.10 07:20:35
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.10 18:37:17
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13.09.10 09:14:58
VBASE009.VDF : 7.10.11.134 2048 Bytes 13.09.10 09:14:59
VBASE010.VDF : 7.10.11.135 2048 Bytes 13.09.10 09:14:59
VBASE011.VDF : 7.10.11.136 2048 Bytes 13.09.10 09:14:59
VBASE012.VDF : 7.10.11.137 2048 Bytes 13.09.10 09:14:59
VBASE013.VDF : 7.10.11.165 172032 Bytes 15.09.10 09:14:59
VBASE014.VDF : 7.10.11.202 144384 begin_of_the_skype_highlighting**************02 144384******end_of_the_skype_highlighting Bytes 18.09.10 09:15:00
VBASE015.VDF : 7.10.11.231 129024 Bytes 21.09.10 06:56:47
VBASE016.VDF : 7.10.12.4 126464 Bytes 23.09.10 06:56:47
VBASE017.VDF : 7.10.12.38 146944 Bytes 27.09.10 17:29:53
VBASE018.VDF : 7.10.12.64 133120 Bytes 29.09.10 17:52:42
VBASE019.VDF : 7.10.12.99 134144 Bytes 01.10.10 07:44:36
VBASE020.VDF : 7.10.12.122 131584 Bytes 05.10.10 18:59:34
VBASE021.VDF : 7.10.12.148 119296 Bytes 07.10.10 19:41:03
VBASE022.VDF : 7.10.12.175 142848 Bytes 11.10.10 06:33:08
VBASE023.VDF : 7.10.12.176 2048 Bytes 11.10.10 06:33:08
VBASE024.VDF : 7.10.12.177 2048 Bytes 11.10.10 06:33:08
VBASE025.VDF : 7.10.12.178 2048 Bytes 11.10.10 06:33:08
VBASE026.VDF : 7.10.12.179 2048 Bytes 11.10.10 06:33:08
VBASE027.VDF : 7.10.12.180 2048 Bytes 11.10.10 06:33:08
VBASE028.VDF : 7.10.12.181 2048 Bytes 11.10.10 06:33:08
VBASE029.VDF : 7.10.12.182 2048 Bytes 11.10.10 06:33:08
VBASE030.VDF : 7.10.12.183 2048 Bytes 11.10.10 06:33:08
VBASE031.VDF : 7.10.12.193 93184 Bytes 12.10.10 07:06:06
Engineversion : 8.2.4.78
AEVDF.DLL : 8.1.2.1 106868 Bytes 01.08.10 07:17:33
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 21.09.10 09:15:08
AESCN.DLL : 8.1.6.1 127347 Bytes 20.07.10 07:20:48
AESBX.DLL : 8.1.3.1 254324 Bytes 20.07.10 07:20:50
AERDL.DLL : 8.1.9.2 635252 Bytes 25.09.10 06:56:53
AEPACK.DLL : 8.2.3.11 471416 Bytes 12.10.10 06:33:13
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 25.07.10 18:37:24
AEHEUR.DLL : 8.1.2.33 2949496 Bytes 12.10.10 06:33:12
AEHELP.DLL : 8.1.14.0 246134 Bytes 12.10.10 06:33:10
AEGEN.DLL : 8.1.3.23 401779 Bytes 02.10.10 07:44:37
AEEMU.DLL : 8.1.2.0 393588 Bytes 20.07.10 07:20:43
AECORE.DLL : 8.1.17.0 196982 Bytes 25.09.10 06:56:49
AEBB.DLL : 8.1.1.0 53618 Bytes 20.07.10 07:20:43
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.10 10:59:10
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.10 10:59:07
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.10 15:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 01.04.10 11:35:44
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01.04.10 11:39:49
AVARKT.DLL : 10.0.0.14 227176 Bytes 01.04.10 11:22:11
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.10 08:53:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.10 11:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.10 14:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.10 13:40:55
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.10 12:10:08
RCTEXT.DLL : 10.0.53.0 98152 Bytes 09.04.10 13:14:28

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Manuelle Auswahl
Konfigurationsdatei...................: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\PROFILES\folder.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel

Beginn des Suchlaufs: Mittwoch, 13. Oktober 2010 09:10

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'thunderbird.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiapsrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KHALMNPR.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TBPanel.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FightBoard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Logi_MwX.Exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HelpSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SupServ.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'oodag.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jqs.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Server.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTSRVC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTsvcCDA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'aawservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvsvc32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2157' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\WINDOWS\host32.exe
[FUND] Ist das Trojanische Pferd TR/Agent.cbs

Beginne mit der Desinfektion:
C:\WINDOWS\host32.exe
[FUND] Ist das Trojanische Pferd TR/Agent.cbs
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ecdc888.qua' verschoben!


Ende des Suchlaufs: Mittwoch, 13. Oktober 2010 10:01
Benötigte Zeit: 50:11 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

12171 Verzeichnisse wurden überprüft
292734 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
292733 Dateien ohne Befall
1975 Archive wurden durchsucht
0 Warnungen
0 Hinweise
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.10.10 10:32:07 - Run 1
OTL by OldTimer - Version 3.2.15.2     Folder = C:\Dokumente und Einstellungen\btsv\Desktop\MFTools
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = c:\Programme
Drive C: | 19,53 Gb Total Space | 4,69 Gb Free Space | 23,99% Space Free | Partition Type: NTFS
Drive E: | 100,08 Gb Total Space | 11,93 Gb Free Space | 11,92% Space Free | Partition Type: NTFS
Drive F: | 33,77 Gb Total Space | 20,78 Gb Free Space | 61,55% Space Free | Partition Type: NTFS
Drive H: | 172,79 Gb Total Space | 7,64 Gb Free Space | 4,42% Space Free | Partition Type: NTFS
Drive I: | 292,96 Gb Total Space | 18,11 Gb Free Space | 6,18% Space Free | Partition Type: NTFS
 
Computer Name: LUGL | User Name: btsv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.10.13 10:26:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\btsv\Desktop\MFTools\OTL.exe
PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.10.13 10:26:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\btsv\Desktop\MFTools\OTL.exe
MOD - [2006.08.25 09:46:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004.08.03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.09.18 16:16:24 | 002,063,808 | ---- | M] () [Auto | Stopped] -- E:\Programme\SlySoft\Game Jackal\Game Jackal v4\Server.exe -- (GJService)
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- c:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- c:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009.03.27 10:18:00 | 000,814,501 | ---- | M] () [Auto | Stopped] -- C:\nonficker.dll -- (aaaaanonficker)
SRV - [2008.08.29 10:01:22 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2008.07.14 14:43:04 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2008.07.07 09:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.12.15 14:39:16 | 000,221,696 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\xmasscsi.sys -- (xmasscsi)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - File not found [Kernel | On_Demand | Stopped] -- e:\Temp\AMDPCI.sys -- (AMDPCI)
DRV - [2010.09.30 23:25:16 | 000,030,376 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2010.09.15 18:42:18 | 000,046,528 | ---- | M] (SlySoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\maploml.sys -- (MaplomL)
DRV - [2010.09.15 10:35:32 | 000,030,144 | ---- | M] (SlySoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\maplom.sys -- (Maplom)
DRV - [2010.09.14 15:16:06 | 000,108,480 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010.04.04 00:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.01.10 14:31:32 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.01.10 14:31:32 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009.07.26 10:06:20 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- c:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.01.21 22:17:28 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.08.18 19:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008.08.01 12:36:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008.08.01 12:36:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008.02.12 20:52:08 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ezplay.sys -- (ezplay)
DRV - [2008.02.11 19:14:45 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.01.09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2008.01.07 10:37:36 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2007.12.14 08:52:36 | 000,044,000 | ---- | M] (Ray Hinchliffe) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SIVX32.sys -- (SIVDRIVER)
DRV - [2007.12.10 15:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV - [2007.12.10 15:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007.12.10 15:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV - [2007.12.10 15:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV - [2007.12.10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007.12.10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007.12.10 15:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV - [2007.08.21 20:49:28 | 000,017,912 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Programme\GIGABYTE\@BIOS\markfun.w32 -- (MarkFun_NT)
DRV - [2007.06.29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.04.11 15:33:14 | 000,028,688 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007.04.11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007.04.11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007.04.11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007.04.11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007.04.03 13:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007.04.03 13:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex)
DRV - [2007.04.03 13:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007.04.03 13:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM)
DRV - [2007.04.03 13:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007.04.03 13:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007.04.03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2007.03.15 22:50:39 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2007.02.09 13:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007.02.09 13:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2006.11.16 18:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006.09.18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
DRV - [2006.09.18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2006.09.18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
DRV - [2006.09.18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006.09.18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006.09.18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006.09.18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006.08.30 22:28:22 | 000,015,104 | ---- | M] (Copyright (C) Listan GmbH & Co.KG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\systormflb.sys -- (systormflb)
DRV - [2006.08.11 15:56:36 | 000,008,192 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfDetNT)
DRV - [2006.08.11 15:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006.08.11 15:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006.08.11 15:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2006.08.11 15:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2006.08.11 15:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2006.08.11 15:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006.08.11 15:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006.08.11 15:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006.08.11 15:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006.07.02 00:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.05.22 06:40:30 | 000,017,152 | ---- | M] (T-Online International AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2006.03.24 17:24:31 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2006.02.21 13:12:00 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005.11.10 18:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.10.22 13:38:21 | 000,108,032 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV62.sys -- (SSHDRV62)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.17 17:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.08.04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004.08.03 23:10:12 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2004.08.03 23:10:12 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2004.08.03 23:10:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2004.08.03 23:04:34 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2004.08.03 22:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004.04.05 07:57:46 | 000,966,352 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Capi20.sys -- (CAPI20)
DRV - [2004.01.26 17:36:35 | 000,095,552 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.01.26 17:01:28 | 000,052,224 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.17 09:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003.12.17 09:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003.12.17 09:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003.12.17 09:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2003.12.04 11:33:20 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003.05.14 13:42:50 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2003.05.14 13:42:48 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2003.05.14 13:42:44 | 000,044,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2003.04.17 12:19:02 | 000,120,732 | ---- | M] (DeTeWe Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ulisa.sys -- (ulisa) Telekom ISDN-Adapter (USB)
DRV - [2003.03.19 13:36:48 | 000,037,696 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\detewecp.sys -- (DETEWECP)
DRV - [2003.02.24 05:21:12 | 000,085,265 | R--- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\si3112r.sys -- (SI3112r)
DRV - [2003.02.12 05:37:48 | 000,009,600 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2002.09.16 17:32:08 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2002.07.17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2002.06.10 14:20:56 | 000,044,544 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvce.sys -- (QCEmerald) Logitech QuickCam Web(PID_0850)
DRV - [2002.06.10 14:20:32 | 000,034,816 | ---- | M] (Logitech Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\LVSound2.sys -- (lusbaudio)
DRV - [2001.08.17 15:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)
DRV - [2001.08.17 15:02:40 | 000,035,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame)
DRV - [2001.08.17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.mini20.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\software\mozilla\Firefox\extensions\\videoraptor-firefox-surf-and-catch-extension@audials.com: e:\Programme\RapidSolution\Videoraptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\ [2009.04.27 21:03:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.25 13:30:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.07 21:51:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.09.20 05:44:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.10.07 21:51:12 | 000,000,000 | ---D | M]
 
[2010.07.06 13:14:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Extensions
[2010.07.06 13:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.10.13 09:32:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions
[2010.07.09 19:56:41 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2007.12.09 13:32:52 | 000,000,000 | ---D | M] (Biet-O-Matic Firefox Extension) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}
[2007.10.20 13:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2008.09.21 10:35:58 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010.09.19 16:56:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008.02.10 12:00:17 | 000,001,670 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\searchplugins\verleihshopde.xml
[2010.10.13 09:32:50 | 000,000,000 | ---D | M] -- c:\Programme\Mozilla Firefox\extensions
[2010.02.28 12:50:41 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- c:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.09.25 13:30:23 | 000,001,392 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.25 13:30:23 | 000,002,344 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.25 13:30:23 | 000,006,805 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.25 13:30:23 | 000,001,178 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.25 13:30:24 | 000,001,105 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.02.06 20:24:55 | 000,000,137 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Videoraptor_WebRipPlugin Class) - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - e:\Programme\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll (RapidSolution Software)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - c:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] c:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DT HPW] C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [FightBoard] e:\Programme\REVOLTEC\FightBoard Advanced 1.00\FightBoard.exe ()
O4 - HKLM..\Run: [Gainward] c:\Programme\XpertVision\TBPanel.exe (Xpertvision, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz]  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = E:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00  [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\hio {755F9D06-1AF6-43D0-9832-42D83A1061A9} - C:\Programme\Gemeinsame Dateien\DigiOnline GmbH\HierObjects.dll (DigiOnline GmbH)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\host32.exe) - C:\WINDOWS\host32.exe File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2005.08.11 21:10:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{820b443e-32c7-11db-9dab-000fea271508}\Shell - "" = AutoRun
O33 - MountPoints2\{820b443e-32c7-11db-9dab-000fea271508}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{820b443e-32c7-11db-9dab-000fea271508}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d63c2e38-d82b-11da-9379-000fea271508}\Shell - "" = AutoRun
O33 - MountPoints2\{d63c2e38-d82b-11da-9379-000fea271508}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d63c2e38-d82b-11da-9379-000fea271508}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (oodbs) - C:\WINDOWS\System32\oodbs.exe (O&O Software GmbH)
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: aaaaanonficker - C:\nonficker.dll ()
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk - C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Office-Bibliothek-Direktsuche.lnk - F:\Programme\Office-Bibliothek\PCLib.exe - ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.PIM1 - C:\WINDOWS\System32\pclepim1.dll (Pinnacle Systems)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.10.13 10:26:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Desktop\MFTools
[2010.10.13 10:02:19 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\btsv\Recent
[2010.10.12 13:31:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Avira
[2010.10.12 13:06:21 | 000,000,000 | -HSD | C] -- C:\WINDOWS\jh87uhnoe3
[2010.10.07 21:50:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.09.30 23:25:16 | 000,030,376 | ---- | C] (Elaborate Bytes AG) -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys
[2010.09.30 13:18:24 | 000,089,256 | ---- | C] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll
[2010.09.18 17:04:26 | 000,049,944 | ---- | C] (Tracker Software Products Ltd.) -- C:\WINDOWS\System32\pxc40pm.dll
[2010.09.18 17:04:23 | 000,000,000 | ---D | C] -- c:\Programme\Tracker Software
[2010.09.18 17:04:10 | 000,282,624 | ---- | C] (TODO: <회사 이름>) -- C:\WINDOWS\System32\TwdFilt.dll
[2010.09.14 15:16:06 | 000,108,480 | ---- | C] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2010.09.08 16:32:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Password Solutions
[2010.09.08 16:32:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\My Password Recovery
[2010.08.31 11:58:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\StarCraft II
[2010.08.31 11:58:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Blizzard Entertainment
[2010.08.29 20:30:35 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Blizzard Entertainment
[2010.08.03 12:23:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\gp-Untis
[2010.08.03 12:05:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\Untis
[2010.07.20 09:18:58 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.07.20 09:18:58 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.07.20 09:18:58 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.07.20 09:18:58 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.07.20 09:18:57 | 000,000,000 | ---D | C] -- c:\Programme\Avira
[2010.07.20 09:18:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.01.10 14:29:09 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpe10.dll
[2007.10.20 12:14:30 | 000,094,208 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.sys
[2007.10.20 12:14:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.sys
[2006.08.11 15:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
 
========== Files - Modified Within 90 Days ==========
 
[2010.10.13 10:26:37 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Gmer.zip
[2010.10.13 10:26:37 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\defogger.exe
[2010.10.13 10:25:18 | 000,388,977 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Load.exe
[2010.10.13 10:25:16 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI
[2010.10.13 10:04:45 | 000,000,160 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2010.10.13 10:04:26 | 000,271,830 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.10.13 10:04:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.13 10:02:38 | 000,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.10.13 10:02:38 | 000,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.10.13 10:02:38 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.10.13 10:02:38 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.10.13 10:02:38 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.10.13 10:02:38 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.10.13 10:02:38 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010.10.12 13:20:45 | 000,002,425 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\ABBYY FineReader 8.0 Professional Edition.lnk
[2010.10.12 13:11:43 | 000,002,403 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Paint Shop Pro 7.lnk
[2010.10.12 08:25:14 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Skype.lnk
[2010.10.11 21:58:19 | 000,234,280 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010.10.11 21:24:04 | 000,137,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.10.07 21:51:12 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.10.07 21:38:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.03 11:45:12 | 000,000,626 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AnyDVD.lnk
[2010.09.30 23:25:16 | 000,030,376 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys
[2010.09.30 13:18:24 | 000,089,256 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll
[2010.09.27 20:40:22 | 000,000,575 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Miranda IM.lnk
[2010.09.25 09:15:58 | 000,000,699 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Game Jackal v4.lnk
[2010.09.19 19:57:14 | 000,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010.09.18 17:04:02 | 000,000,405 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MindMapper 2009.lnk
[2010.09.15 18:42:18 | 000,046,528 | ---- | M] (SlySoft Inc.) -- C:\WINDOWS\System32\drivers\maploml.sys
[2010.09.15 10:35:32 | 000,030,144 | ---- | M] (SlySoft Inc.) -- C:\WINDOWS\System32\drivers\maplom.sys
[2010.09.14 15:16:06 | 000,108,480 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2010.09.08 22:39:17 | 000,002,092 | ---- | M] () -- C:\WINDOWS\aopr.ini
[2010.09.08 22:26:50 | 000,000,115 | ---- | M] () -- C:\WINDOWS\AWOPR.INI
[2010.09.08 16:51:18 | 000,001,076 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\Bernt-Notke-Schule laufende Bearbeitung 2009-2010_2.pwcx
[2010.09.08 16:51:18 | 000,000,259 | ---- | M] () -- C:\WINDOWS\pwc62ud.INI
[2010.09.04 12:57:08 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20021102}.CDF
[2010.09.03 21:30:53 | 000,151,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\systormflb.pkg
[2010.08.31 12:14:06 | 000,000,542 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\StarCraft II.lnk
[2010.08.18 22:32:52 | 000,002,688 | ---- | M] () -- C:\WINDOWS\System32\settings.aaw
[2010.08.18 22:32:52 | 000,001,216 | ---- | M] () -- C:\WINDOWS\System32\history.aaw
[2010.08.15 20:18:11 | 000,076,326 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Besoldungstab_SchleswigHolstein_010310.pdf
[2010.08.07 11:11:28 | 000,006,097 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010.08.03 12:05:18 | 000,000,546 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Untis 2011.lnk
[2010.07.30 20:40:28 | 000,024,576 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\In Word kann man den Text in einem Textfeld oder in einer Tabelle drehen.doc
[2010.07.29 09:03:38 | 000,002,393 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ACDSee 6.0.lnk
[2010.07.26 18:00:10 | 000,081,920 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Wahlpflichtkurse-10_11-Wahlzettel_anonym.doc
[2010.07.20 09:19:05 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
 
========== Files Created - No Company Name ==========
 
[2010.10.13 10:26:23 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\defogger.exe
[2010.10.13 10:26:22 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Gmer.zip
[2010.10.13 10:25:18 | 000,388,977 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Load.exe
[2010.10.07 21:51:12 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.09.18 17:04:02 | 000,000,405 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MindMapper 2009.lnk
[2010.09.08 22:26:50 | 000,000,115 | ---- | C] () -- C:\WINDOWS\AWOPR.INI
[2010.09.08 17:52:44 | 000,002,092 | ---- | C] () -- C:\WINDOWS\aopr.ini
[2010.09.08 16:51:18 | 000,001,076 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\Bernt-Notke-Schule laufende Bearbeitung 2009-2010_2.pwcx
[2010.09.08 16:51:17 | 000,000,259 | ---- | C] () -- C:\WINDOWS\pwc62ud.INI
[2010.08.31 11:58:05 | 000,000,542 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\StarCraft II.lnk
[2010.08.15 20:18:11 | 000,076,326 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Besoldungstab_SchleswigHolstein_010310.pdf
[2010.08.03 12:05:18 | 000,000,546 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Untis 2011.lnk
[2010.07.30 20:40:28 | 000,024,576 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\In Word kann man den Text in einem Textfeld oder in einer Tabelle drehen.doc
[2010.07.26 17:58:50 | 000,081,920 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Wahlpflichtkurse-10_11-Wahlzettel_anonym.doc
[2010.07.20 09:19:05 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010.02.01 20:35:14 | 000,000,056 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\_pdf_.prt
[2010.01.26 21:30:06 | 000,000,435 | ---- | C] () -- C:\WINDOWS\MM2009Viewer.INI
[2009.12.15 22:43:19 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\TEVPXCW60.DLL
[2009.12.15 22:43:19 | 000,000,039 | ---- | C] () -- C:\WINDOWS\TDEVXCW60.DLL
[2009.12.15 22:43:19 | 000,000,038 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009.07.14 15:46:20 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Apache3.INI
[2009.04.23 14:28:13 | 000,138,960 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.02.03 18:26:19 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2009.01.12 21:12:50 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008.07.02 14:21:33 | 000,000,020 | ---- | C] () -- C:\WINDOWS\keytrans.ini
[2008.05.21 20:00:42 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI
[2008.05.21 08:03:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008.04.10 20:46:32 | 000,001,165 | ---- | C] () -- C:\WINDOWS\APDFPRP.INI
[2008.02.28 17:54:21 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\acdfcbdad_r.dll
[2008.02.21 22:24:27 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008.02.21 22:24:27 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.02.21 22:23:48 | 000,151,040 | -HS- | C] () -- C:\WINDOWS\System32\VistaUltm.dll
[2008.02.21 22:23:48 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\Smab0.dll
[2008.02.19 21:40:47 | 000,000,551 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\AutoGK.ini
[2008.02.19 00:16:09 | 000,000,160 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2008.02.17 17:05:18 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2008.02.02 16:13:18 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2008.02.02 11:17:35 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL
[2008.01.09 13:18:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.01.02 12:00:43 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\PnkBstrK.sys
[2008.01.02 12:00:12 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini
[2007.12.11 21:43:44 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007.12.09 14:00:18 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll
[2007.10.20 12:14:33 | 000,000,033 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.log
[2007.10.20 12:14:31 | 000,007,861 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.cat
[2007.10.20 12:14:30 | 000,001,104 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.inf
[2007.10.20 12:14:30 | 000,000,125 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.ini
[2007.10.20 12:14:30 | 000,000,033 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.log
[2007.10.20 12:14:25 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.cat
[2007.10.20 12:14:25 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.inf
[2007.10.17 20:03:19 | 000,137,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007.07.25 15:24:28 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007.07.09 20:25:06 | 000,015,852 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2007.04.09 23:13:27 | 000,000,022 | ---- | C] () -- C:\WINDOWS\FightBoard.INI
[2007.03.10 13:51:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.11.10 15:26:40 | 000,000,256 | ---- | C] () -- C:\WINDOWS\onlineeye.INI
[2006.10.14 15:01:13 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini
[2006.08.11 16:14:08 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2006.08.11 16:14:08 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006.08.11 15:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006.07.05 14:44:42 | 000,001,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2006.05.29 08:15:26 | 000,003,206 | ---- | C] () -- C:\WINDOWS\tm.ini
[2006.05.23 13:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006.03.24 17:24:31 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2006.03.24 17:24:31 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2006.03.11 12:43:38 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.02.04 21:27:43 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006.01.29 15:37:54 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006.01.09 16:42:07 | 000,000,557 | ---- | C] () -- C:\WINDOWS\ZEUGNIS3.INI
[2006.01.04 14:31:32 | 000,000,046 | ---- | C] () -- C:\WINDOWS\hmview.ini
[2006.01.03 21:05:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.01.03 20:25:20 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2005.11.11 14:47:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005.11.11 14:47:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005.10.31 23:03:24 | 000,006,097 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005.10.22 13:53:16 | 000,000,243 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2005.10.22 13:38:21 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV62.sys
[2005.10.16 19:32:07 | 000,000,929 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2005.09.24 10:38:14 | 000,000,316 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos4_5_dlx.INI
[2005.09.17 10:01:27 | 000,000,046 | ---- | C] () -- C:\WINDOWS\mxcdr.INI
[2005.09.15 13:01:59 | 000,000,249 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos3_5_dlx.INI
[2005.09.15 12:54:21 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005.09.15 12:33:01 | 000,000,085 | ---- | C] () -- C:\WINDOWS\magix.ini
[2005.09.15 12:33:00 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2005.09.03 09:31:25 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005.08.17 17:41:34 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2005.08.16 18:44:34 | 000,073,216 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.08.15 13:54:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Classic.INI
[2005.08.12 16:35:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ui.INI
[2005.08.12 15:54:20 | 000,000,109 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2005.08.12 14:47:49 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2005.08.12 14:42:42 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2005.08.12 14:41:59 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\LVUI2RC.dll
[2005.08.12 14:41:59 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2005.08.12 14:36:27 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WINPHONE.INI
[2005.08.12 14:25:56 | 000,000,506 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.08.12 14:00:47 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005.08.12 13:58:36 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005.08.12 13:40:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\12kCUusd.dll
[2005.08.11 23:10:30 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2005.08.11 22:35:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winpm.INI
[2005.08.11 22:33:01 | 003,592,192 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2005.08.11 21:40:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2005.08.11 04:03:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.08.10 00:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005.08.10 00:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005.06.16 19:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2005.01.02 21:02:47 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2005.01.02 21:02:39 | 000,000,478 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2004.05.27 16:52:52 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\mslffv1.dll
[2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002.03.21 14:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002.03.21 02:08:47 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002.03.20 21:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2001.12.31 16:59:52 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2001.12.31 16:59:46 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2001.12.31 16:59:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
 
========== LOP Check ==========
 
[2009.07.26 10:06:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2008.05.21 18:18:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Astonsoft
[2007.07.21 20:23:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2009.01.08 18:26:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2008.02.19 00:17:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elaborate Bytes
[2009.04.27 21:14:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution
[2008.02.19 00:16:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
[2009.04.23 19:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2007.06.29 22:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2007.04.20 14:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2009.12.07 23:41:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2005.08.12 14:28:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2009.01.19 14:08:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
[2005.08.17 14:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ACD Systems
[2005.08.11 23:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Acronis
[2009.11.23 22:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\AKVIS
[2009.12.07 15:37:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Azureus
[2007.07.21 14:06:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\BitTorrent
[2007.12.10 23:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\BOM
[2007.04.21 23:36:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
[2007.03.03 13:49:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Command & Conquer 3 Tiberium Wars Demo
[2010.04.04 18:34:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Copernic
[2008.02.11 21:37:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DAEMON Tools
[2007.10.20 13:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DAEMON Tools Pro
[2008.05.21 18:24:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DeepBurner
[2008.02.21 18:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DigiOnline GmbH
[2009.02.03 18:28:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DisplayTune
[2009.04.26 09:29:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\FileZilla
[2010.08.03 12:35:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\gp-Untis
[2010.03.01 20:36:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ImgBurn
[2009.07.26 10:00:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\IrfanView
[2006.06.15 20:19:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Jasc
[2008.04.25 15:03:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Leadertech
[2005.09.24 13:18:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\MAGIX
[2009.09.01 22:20:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\MindMapper 2008
[2010.09.02 19:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Miranda
[2006.04.14 23:16:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mp3tag
[2009.02.26 19:09:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\OpenOffice.org
[2008.09.06 10:52:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Opera
[2010.09.08 16:32:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Password Solutions
[2006.10.14 14:56:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\PPLive
[2009.07.14 12:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ppstream
[2009.04.27 21:04:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\RapidSolution
[2008.10.16 12:01:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\SanDisk
[2009.03.09 21:27:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\SlySoft
[2009.04.23 19:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Sony
[2005.11.05 20:07:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Steinberg
[2006.01.03 20:26:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\T-Online
[2009.01.21 18:52:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\TeamViewer
[2007.04.20 14:40:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Teleca
[2010.02.24 16:30:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\The Creative Assembly
[2010.07.06 13:14:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Thunderbird
[2005.08.12 14:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\TuneUp Software
[2008.02.12 20:54:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Vso
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2005.08.12 16:08:25 | 000,000,000 | ---- | M] () -- C:\.officebib.history.dat
[2005.08.11 21:10:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009.11.01 09:57:45 | 000,000,315 | RHS- | M] () -- C:\boot.ini
[2001.08.18 12:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2005.10.22 13:54:01 | 000,000,299 | ---- | M] () -- C:\clony.txt
[2005.08.11 21:10:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008.01.04 18:01:42 | 000,000,032 | ---- | M] () -- C:\csb.log
[2009.11.23 22:55:39 | 000,000,000 | ---- | M] () -- C:\DTSHDSpOut.txt
[2009.10.11 13:07:26 | 000,000,181 | ---- | M] () -- C:\InstallHelper.log
[2005.08.11 21:10:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005.08.12 14:40:07 | 000,002,695 | ---- | M] () -- C:\LGSInst.Log
[2005.08.12 14:41:18 | 000,000,090 | ---- | M] () -- C:\LogiSetup.log
[2010.10.12 19:51:50 | 000,000,158 | ---- | M] () -- C:\mbam-error.txt
[2005.08.11 21:10:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009.03.27 10:18:00 | 000,814,501 | ---- | M] () -- C:\nonficker.dll
[2005.08.11 21:39:23 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2005.08.11 21:39:23 | 000,251,184 | RHS- | M] () -- C:\ntldr
[2010.10.13 10:04:08 | 2146,938,880 | -HS- | M] () -- C:\pagefile.sys
[2009.02.03 18:26:10 | 000,000,173 | ---- | M] () -- C:\pdisdk.log
[2009.02.03 18:26:20 | 000,000,184 | ---- | M] () -- C:\pivot.log
[2009.03.16 21:03:18 | 000,000,172 | ---- | M] () -- C:\TO_InstallLog.txt
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.04.19 20:21:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006.07.02 22:37:10 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006.04.19 20:21:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006.07.02 22:37:12 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2005.08.11 21:10:02 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.10.14 16:43:18 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006.10.14 16:44:44 | 000,671,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2005.08.11 05:01:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005.08.11 05:01:06 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005.08.11 05:01:06 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\system32\user32.dll /md5 >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\system32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2004.08.04 00:57:40 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=D569240A22421D5F670BB6FB6DD522B5 -- C:\WINDOWS\system32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2004.08.04 00:57:40 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=B3ADA72D1E3E10A8F6430669DFC38ED0 -- C:\WINDOWS\system32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE  >
[2002.08.29 03:43:36 | 001,007,104 | ---- | M] (Microsoft Corporation) MD5=22B0A56E6C5847292437078B484EC61B -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\explorer.exe
[2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe
[2002.08.29 03:43:42 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Files - Unicode (All) ==========
[2010.02.01 20:35:19 | 000,015,371 | ---- | M] ()(C:\Dokumente und Einstellungen\btsv\Eigene Dateien\?Interpretationshilfe_Farben.pdf) -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\Interpretationshilfe_Farben.pdf
[2010.02.01 20:35:19 | 000,015,371 | ---- | C] ()(C:\Dokumente und Einstellungen\btsv\Eigene Dateien\?Interpretationshilfe_Farben.pdf) -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\Interpretationshilfe_Farben.pdf
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wtsapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wsock32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winspool.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winscard.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winlogon.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vct3216.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\uxtheme.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sxs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\svchost.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\smss.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shsvcs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\services.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sens.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\secur32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\schannel.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\psapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oodag.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netshell.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcrt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msutb.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msimg32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msiexec.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm32.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\midimap.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lsass.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\imm32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\processr.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\ohci1394.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nic1394.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mssmbios.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\ACPI.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CTSVCCDA.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctfmon.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\csrss.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cscdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\apphelp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\advapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\btsv\Startmenü\Programme\Autostart\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini:KAVICHS
@Alternate Data Stream - 48 bytes -> C:\WINDOWS:414D5E5B2C7E43DC
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshirda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wlnotify.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wintrust.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32spl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiavusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiaservc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webcheck.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32time.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vfwwdm32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\version.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\userenv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usbmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ups.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uniplat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unimdmat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unimdm.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsbyuv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\trkwks.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tlntsvr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\themeui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\termsrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stobject.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stdole32.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpsrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spoolss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sound.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smlogsvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sl_anet.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shmgrate.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shfolder.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdoclc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sessmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sensapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\seclogon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scesrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scecli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scardsvr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samsrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rundll32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regsvr32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rastls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rastapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasppp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\raschap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pstorsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psbase.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\progman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\profmap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pjlmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfproc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oodagrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olepro32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oledlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleaut32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oakley.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntshrui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\notepad.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netlogon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netdde.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ndptsp.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nddeapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncobjapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mydocs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msyuv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvidc32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp61.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mstlsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrle32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msprivs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msisip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msh263.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msh261.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msctf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaud32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msasn1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msadp32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPG4C32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mouse.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\modemui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mnmsrvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmsystem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfcsubs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc42loc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc42.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\locator.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\localspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lmhsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lhacm.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kmddsp.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keyboard.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javasup.vxd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iyuv_32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\irmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir50_32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir41_32.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir32_32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipsecsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipconf.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetpp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imapi.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imagehlp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imaadp32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ie4uinit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icmp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iccvid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icaapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iac25_32.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpzlnt04.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hidphone.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\h323.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventlog.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eumex4sp.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\duser.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drwtsn32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WSTCODEC.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WmXlCore.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WmVirHid.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WmBEnum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wanarp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vga.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\USBSTOR.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbohci.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbehci.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbccgp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usb8023.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\update.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ulisa.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\termdd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sysaudio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swmidi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swenum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\StreamIP.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SSHDRV62.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\sr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SONYPVU1.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SLIP.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sfhlp01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serial.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serenum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\secdrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\scsiport.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rootmdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\redbook.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdpdr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdpcdd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspti.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspptp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspppoe.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasl2tp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasirda.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasacd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ptilink.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\psched.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\prosync1.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\prohlp02.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\prodrv06.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\pciide.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\parport.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkfwd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkflt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nmnt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbios.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndiswan.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndisuio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndistapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NdisIP.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NABTSFEC.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSTEE.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSPQM.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSPCLOCK.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSKSSRV.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\msgpc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mrxdav.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LVSound2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\lvce.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LMouFlt2.Sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LHIDUSB.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LHIDFLT2.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\L8042pr2.Sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\isapnp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\irsir.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\irenum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\irda.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipsec.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipinip.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipfltdrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ip6fw.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\imapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\HIDSwvd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\GcKernel.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\ftdisk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\flpydisk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fdc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\drmkaud.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\DMusic.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmboot.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\disk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\detewecp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdrom.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\CCDECODE.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Capi20.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmarpc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\atapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\asyncmac.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\arp1394.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\afd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsrslvr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmserver.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmadmin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllhost.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrsrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMNCTR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comm.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comdlg32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnbjmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clipsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cisvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cfgmgr32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\certcli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1253.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1251.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1250.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browser.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browselc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootvid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\batmeter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\basesrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autochk.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\audiosrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asycfilt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asfsipc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\actxprxy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ACDV.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12kCUusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\regedit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\LOGI_MWX.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Eigene Dateien\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Desktop\TeamSpeak 2 RC2.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Desktop\(E).lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini:KAVICHS
@Alternate Data Stream - 146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:054B9966
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\setupapi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\explorer.exe:KAVICHS

< End of report >
         
--- --- ---
Angehängte Dateien
Dateityp: txt mbam-log-2010-10-13 (09-17-06).txt (1,5 KB, 194x aufgerufen)
Dateityp: txt mbam-log-2010-10-13 (10-13-17).txt (1,3 KB, 172x aufgerufen)

Geändert von glasnost (13.10.2010 um 09:42 Uhr) Grund: Neue Scans

Alt 13.10.2010, 09:45   #2
glasnost
 
Backdoor.Bot ist nach jedem Neustart wieder da - Standard

Backdoor.Bot ist nach jedem Neustart wieder da



Und noch die Logfiles aus dem Extralog.OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 13.10.10 10:32:07 - Run 1
OTL by OldTimer - Version 3.2.15.2     Folder = C:\Dokumente und Einstellungen\btsv\Desktop\MFTools
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = c:\Programme
Drive C: | 19,53 Gb Total Space | 4,69 Gb Free Space | 23,99% Space Free | Partition Type: NTFS
Drive E: | 100,08 Gb Total Space | 11,93 Gb Free Space | 11,92% Space Free | Partition Type: NTFS
Drive F: | 33,77 Gb Total Space | 20,78 Gb Free Space | 61,55% Space Free | Partition Type: NTFS
Drive H: | 172,79 Gb Total Space | 7,64 Gb Free Space | 4,42% Space Free | Partition Type: NTFS
Drive I: | 292,96 Gb Total Space | 18,11 Gb Free Space | 6,18% Space Free | Partition Type: NTFS
 
Computer Name: LUGL | User Name: btsv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "e:\Programme\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "e:\Programme\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [Winamp.Bookmark] -- "e:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "e:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "e:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Programme\Miranda IM\miranda32.exe" = F:\Programme\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"E:\Programme\Valve\Steam\Steam.exe" = E:\Programme\Valve\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"f:\Programme\BitTorrent\bittorrent.exe" = f:\Programme\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent -- File not found
"E:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = E:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- File not found
"I:\Programme\Unreal Tournament 3\Binaries\UT3.exe" = I:\Programme\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- File not found
"E:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = E:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)  -- ()
"I:\Programme\Ubisoft\Far Cry 2\bin\FarCry2.exe" = I:\Programme\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"I:\Programme\Ubisoft\Far Cry 2\bin\FC2Launcher.exe" = I:\Programme\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft)
"I:\Programme\Ubisoft\Far Cry 2\bin\FC2Editor.exe" = I:\Programme\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment)
"H:\Programme\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe" = H:\Programme\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:*:Enabled:Call of Juarez - Bound in Blood -- (Techland)
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"E:\Programme\Sony Ericsson\Update Service\Update Service.exe" = E:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"E:\Programme\Valve\Steam\SteamApps\common\empire total war\Empire.exe" = E:\Programme\Valve\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd)
"I:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = I:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"E:\Programme\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe" = E:\Programme\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe:*:Enabled:Office Password Recovery PRO -- File not found
"E:\Programme\Valve\Steam\SteamApps\common\dawn of war 2\DOW2.exe" = E:\Programme\Valve\Steam\SteamApps\common\dawn of war 2\DOW2.exe:*:Enabled:Warhammer® 40,000™: Dawn of War® II -- (THQ Canada Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01E9CBDA-5480-4FE8-BBC9-BE29BB8AB4C0}" = 
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{06204E2A-6369-43ED-A9CF-49B5F49915FA}" = Twin Digital GamePad
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{178A1098-E15E-4FCF-8748-B613DC687FF0}" = MarkAble
"{1850E508-D6C3-4820-AD23-7F73A2BC606C}_is1" = Elcomsoft Password Recovery Studio
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A20BC22-8F21-4A2A-9F4A-E31FC0E5C7E3}" = ACDSee 6.0 PowerPack
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{226CA5FA-D90E-4B78-9325-2DDA68BA691A}" = Duden Korrektor PLUS 3
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{347C6ECC-7DB2-49CC-A344-1FB0606DA662}" = WW-Essensplaner
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3648253A-C2C4-4CFB-8BE5-381D1C638B94}" = GameSpy Comrade
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{4300EF0D-2041-4179-AFFF-21E01160740F}" = Eumex 504PC USB
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A684677-2EB8-41DF-941D-BEA07D50D545}" = Videoraptor
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE 
"{4CE4B975-A5C1-43C0-A565-C00F0ABFC94C}" = PC-Bibliothek 3.0
"{52809086-618D-4F0B-8BF1-B75A5BB817A4}" = Sony Ericsson PC Suite
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{53480520-7555-470E-8C69-750B0472B4BB}" = O&O Defrag Professional Edition
"{53EF6570-21A4-47ED-A40A-E6470A5677A3}" = Studio 8
"{54971F17-9D16-4D43-95D6-3A86E3D20EDB}" = Office-Bibliothek 4.1
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1 
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5D956474-97AD-4E03-87F6-37F06437359E}" = MindMapper 2009
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68F19BCC-49D3-49FF-BAAC-A147C66A9710}" = AMD Power Monitor
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{80157B54-DB3E-4EE9-8AD8-63A905765FF4}_is1" = Opti Drive Control 1.47
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{93EC14D5-7AAA-4EAD-BB75-013817A96598}" = Logitech Gaming Software
"{9665B325-3F96-11D6-A1FA-000374890932}" = TuneUp Utilities 2003
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS 
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4729BF-0396-47EF-AA0B-3A04111F19F9}" = FightBoard Advanced 1.00
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Evaluation
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1" = PDF-XChange 4
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" =  Sansa Media Converter
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"5A46830178E35AB63403A85E361CCD6FA32C9078" = Windows-Treiberpaket - Sony Ericsson (seehcri) USB  (01/09/2008 1.1.0.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced RAR Password Recovery" = Advanced RAR Password Recovery (remove only)
"Advanced RAR Repair v1.0" = Advanced RAR Repair v1.0
"Anotha ID3 Editor" = Anotha ID3 Editor 1.51
"Anti-Twin 2009-04-29 20.45.46" = Anti-Twin (Installation 29.04.2009)
"AnyDVD" = AnyDVD
"ASAPI Update" = ASAPI Update
"Ashampoo Photo Optimizer FREE_is1" = Ashampoo Photo Optimizer FREE
"AudioConSole" = Creative-Audiokonsole
"Audiograbber" = Audiograbber 1.83 SE 
"AutoGK" = Auto Gordian Knot 2.45
"Avi2Dvd" = Avi2Dvd 0.4.5 beta
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Azureus Vuze" = Azureus Vuze
"Bf2SP64 2.31" = Bf2SP64 2.31
"Biet-O-Matic v2.4.1" = Biet-O-Matic v2.4.1
"Boilsoft AVI to VCD SVCD DVD Converter_is1" = Boilosft AVI to VCD SVCD DVD Converter 3.61
"BSPlayer1" = BSPlayer
"CDBF - DBF Viewer and Editor_is1" = Version 1.45.01
"CDex" = CDex extraction audio
"Clean 5" = Clean 5
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Das Neue Dr.Brain Gehirn Jogging" = Das Neue Dr.Brain Gehirn Jogging
"DBF Viewer 2000" = DBF Viewer 2000 2.45
"Digitale Bibliothek 3" = Digitale Bibliothek 3
"DirectVobSub" = DirectVobSub (remove only)
"DVD Identifier_is1" = DVD Identifier
"eMule" = eMule
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.2.4
"fotocommunity" = fotocommunity 
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"FreeFileSync" = FreeFileSync
"Game Jackal v4_is1" = Game Jackal v4.1.0.8 (32 bit)
"GameSpy Arcade" = GameSpy Arcade
"Geschichtslexikon" = Geschichtslexikon
"GUI for dvdauthor" = GUI for dvdauthor 1.04
"Hamachi" = Hamachi 1.0.3.0
"HD Tune_is1" = HD Tune 2.54
"HijackThis" = HijackThis 2.0.2
"Hollywood FX 4.6" = Pinnacle Hollywood FX 4.6
"hp deskjet 960c series" = hp deskjet 960c series (nur entfernen)
"iDump" = iDump v1.1.1
"ImgBurn" = ImgBurn
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{226CA5FA-D90E-4B78-9325-2DDA68BA691A}" = Duden Korrektor PLUS 3
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.5.5
"jv16 PowerTools_is1" = jv16 PowerTools 2007
"KeyView for Lotus" = KeyView for Lotus 97
"LabelEditor" = Label Editor
"MAGIX Foto Manager" = MAGIX Foto Manager
"MAGIX Music Manager" = MAGIX Music Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.0
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Miranda IM" = Miranda IM 0.9.4
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"Mp3tag" = Mp3tag v2.41
"MusicBrainz Picard" = MusicBrainz Picard 0.11
"MUSTEK 1200 CU v2.0a" = MUSTEK 1200 CU v2.0a
"Nero - Burning Rom!UninstallKey" = Ahead Nero - Burning Rom
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.0b
"PDFCreator Toolbar" = PDFCreator Toolbar
"Photo to Sketch Pro_is1" = Photo to Sketch Pro 3.6
"Picasa 3" = Picasa 3
"Product_Name" = sbPlus
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"SCHLECKER Foto-Digital-Service" = SCHLECKER Foto-Digital-Service
"SCOLA-Zeugnis 2008" = SCOLA-Zeugnis 2008 Dezember 2007 
"SiSoftware Sandra Professional_is1" = SiSoftware Sandra Professional 2003
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"SUPER ©" = SUPER © Version 2008.bld.25 (Feb 5, 2008)
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"Untis 2011" = Untis 2011
"Update Service" = Update Service
"VLC media player" = VideoLAN VLC media player 0.8.6f
"VobSub" = VobSub v2.23 (Remove Only)
"WaveLabLite" = WaveLab Lite
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Weight Watchers MP5_is1" = Weight Watchers MP5
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Winamp 5.02 Deutsche Sprachdatei v14" = Deutsche Sprachdatei für Winamp 5.02 v14 
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"WW3C" = WebWeaver Client
"Xfire" = Xfire (remove only)
"XMedia Recode" = XMedia Recode 2.0.5.3
"xp-AntiSpy" = xp-AntiSpy 3.94-2
"XpertVision_is1" = XpertVision 5.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"XVid;-)" = XVid;-)
"XviD_is1" = XviD MPEG-4 Video Codec
"XviDDec" = Nic's XviD Decoder
"ZoomPlayer" = Zoom Player (remove only)
"ZoomPlayerLang" = Zoom Player German language (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced PDF Password Recovery" = Advanced PDF Password Recovery
"Sansa Updater" = Sansa Updater
"Skat-Online V4" = Skat-Online V4
"Skat-Online V7" = Skat-Online V7
 
========== Last 10 Event Log Errors ==========
 
[ System Events ]
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Creative Service for CDROM Access" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Portrait Displays Display Tune Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Machine Debug Manager" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "O&O Defrag" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Game Jackal Server" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Sony Ericsson OMSI download service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 13.10.10 04:32:23 | Computer Name = LUGL | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 13.10.10 04:32:23 | Computer Name = LUGL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%2
 
 
< End of report >
         
--- --- ---
__________________


Alt 13.10.2010, 10:53   #3
markusg
/// Malware-holic
 
Backdoor.Bot ist nach jedem Neustart wieder da - Standard

Backdoor.Bot ist nach jedem Neustart wieder da



wo ist das Malwarebytes log?
bitte otl wie folgt laufen lassen:
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
bitte beide posten
__________________

Alt 13.10.2010, 11:15   #4
glasnost
 
Backdoor.Bot ist nach jedem Neustart wieder da - Standard

Backdoor.Bot ist nach jedem Neustart wieder da



Äh, die Logs von Malwarebytes habe ich doch angehängt...

Alt 13.10.2010, 11:39   #5
markusg
/// Malware-holic
 
Backdoor.Bot ist nach jedem Neustart wieder da - Standard

Backdoor.Bot ist nach jedem Neustart wieder da



übersehen.
malwarebytes, update, komplett scan und das neue log posten


Alt 13.10.2010, 19:38   #6
glasnost
 
Backdoor.Bot ist nach jedem Neustart wieder da - Standard

Backdoor.Bot ist nach jedem Neustart wieder da



Neue Logs:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.10.10 12:11:32 - Run 2
OTL by OldTimer - Version 3.2.15.2     Folder = C:\Dokumente und Einstellungen\btsv\Desktop\MFTools
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = c:\Programme
Drive C: | 19,53 Gb Total Space | 4,66 Gb Free Space | 23,87% Space Free | Partition Type: NTFS
Drive E: | 100,08 Gb Total Space | 11,93 Gb Free Space | 11,92% Space Free | Partition Type: NTFS
Drive F: | 33,77 Gb Total Space | 20,78 Gb Free Space | 61,55% Space Free | Partition Type: NTFS
Drive H: | 172,79 Gb Total Space | 7,64 Gb Free Space | 4,42% Space Free | Partition Type: NTFS
Drive I: | 292,96 Gb Total Space | 18,11 Gb Free Space | 6,18% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: Max mustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\btsv\Desktop\MFTools\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - c:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - c:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\SurMixer.exe (Creative Technology Ltd)
PRC - C:\Programme\Creative\SBAudigy2ZS\Speaker Settings\SpkSet.exe (Creative Technology Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\btsv\Desktop\MFTools\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (GJService) -- E:\Programme\SlySoft\Game Jackal\Game Jackal v4\Server.exe ()
SRV - (AntiVirService) -- c:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- c:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (aaaaanonficker) -- C:\nonficker.dll ()
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (DTSRVC) -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (aawservice) -- C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (xmasscsi) -- C:\WINDOWS\System32\Drivers\xmasscsi.sys File not found
DRV - (vaxscsi) -- C:\WINDOWS\System32\Drivers\vaxscsi.sys File not found
DRV - (AMDPCI) -- e:\Temp\AMDPCI.sys File not found
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (MaplomL) -- C:\WINDOWS\System32\drivers\maploml.sys (SlySoft Inc.)
DRV - (Maplom) -- C:\WINDOWS\System32\drivers\maplom.sys (SlySoft Inc.)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (avgio) -- c:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (ezplay) -- C:\WINDOWS\system32\drivers\ezplay.sys (VSO Software)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (SIVDRIVER) -- C:\WINDOWS\system32\drivers\SIVX32.sys (Ray Hinchliffe)
DRV - (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) -- C:\WINDOWS\system32\drivers\s3017unic.sys (MCCI Corporation)
DRV - (s3017obex) -- C:\WINDOWS\system32\drivers\s3017obex.sys (MCCI Corporation)
DRV - (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s3017mgmt.sys (MCCI Corporation)
DRV - (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) -- C:\WINDOWS\system32\drivers\s3017nd5.sys (MCCI Corporation)
DRV - (s3017mdm) -- C:\WINDOWS\system32\drivers\s3017mdm.sys (MCCI Corporation)
DRV - (s3017mdfl) -- C:\WINDOWS\system32\drivers\s3017mdfl.sys (MCCI Corporation)
DRV - (s3017bus) Sony Ericsson Device 3017 driver (WDM) -- C:\WINDOWS\system32\drivers\s3017bus.sys (MCCI Corporation)
DRV - (MarkFun_NT) -- C:\Programme\GIGABYTE\@BIOS\markfun.w32 (Windows (R) 2000 DDK provider)
DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech Inc.)
DRV - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- C:\WINDOWS\system32\drivers\s116unic.sys (MCCI Corporation)
DRV - (s116obex) -- C:\WINDOWS\system32\drivers\s116obex.sys (MCCI Corporation)
DRV - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- C:\WINDOWS\system32\drivers\s116nd5.sys (MCCI Corporation)
DRV - (s116mgmt) Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s116mgmt.sys (MCCI Corporation)
DRV - (s116mdm) -- C:\WINDOWS\system32\drivers\s116mdm.sys (MCCI Corporation)
DRV - (s116mdfl) -- C:\WINDOWS\system32\drivers\s116mdfl.sys (MCCI Corporation)
DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation)
DRV - (TBPanel) -- C:\WINDOWS\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (Cardex) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (Pivot) -- C:\WINDOWS\system32\drivers\pivot.sys (Portrait Displays, Inc.)
DRV - (pivotmou) -- C:\WINDOWS\system32\drivers\pivotmou.sys (Portrait Displays, Inc.)
DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV - (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) -- C:\WINDOWS\system32\drivers\se27unic.sys (MCCI)
DRV - (SE27obex) -- C:\WINDOWS\system32\drivers\SE27obex.sys (MCCI)
DRV - (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) -- C:\WINDOWS\system32\drivers\se27nd5.sys (MCCI)
DRV - (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\SE27mgmt.sys (MCCI)
DRV - (SE27mdm) -- C:\WINDOWS\system32\drivers\SE27mdm.sys (MCCI)
DRV - (SE27mdfl) -- C:\WINDOWS\system32\drivers\SE27mdfl.sys (MCCI)
DRV - (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\SE27bus.sys (MCCI)
DRV - (systormflb) -- C:\WINDOWS\system32\drivers\systormflb.sys (Copyright (C) Listan GmbH & Co.KG)
DRV - (PfDetNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (MIINPazX) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys (T-Online International AG, Marmiko IT-Solutions GmbH)
DRV - (nvatabus) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (SSHDRV62) -- C:\WINDOWS\system32\drivers\SSHDRV62.sys ()
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (CAPI20) -- C:\WINDOWS\system32\drivers\Capi20.sys (DeTeWe Berlin)
DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (L8042pr2) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys (Logitech, Inc.)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS (Logitech, Inc.)
DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)
DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (prosync1) -- C:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (ulisa) Telekom ISDN-Adapter (USB) -- C:\WINDOWS\system32\drivers\ulisa.sys (DeTeWe Berlin)
DRV - (DETEWECP) -- C:\WINDOWS\System32\drivers\detewecp.sys (DeTeWe Berlin)
DRV - (SI3112r) -- C:\WINDOWS\system32\DRIVERS\si3112r.sys (Silicon Image, Inc)
DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (ASPI) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (QCEmerald) Logitech QuickCam Web(PID_0850) -- C:\WINDOWS\system32\drivers\lvce.sys (Logitech Inc.)
DRV - (lusbaudio) -- C:\WINDOWS\system32\drivers\LVSound2.sys (Logitech Inc.)
DRV - (HIDSwvd) -- C:\WINDOWS\system32\drivers\HIDSwvd.sys (Microsoft Corporation)
DRV - (msgame) -- C:\WINDOWS\system32\drivers\msgame.sys (Microsoft Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-746137067-583907252-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-746137067-583907252-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.mini20.com/
IE - HKU\S-1-5-21-746137067-583907252-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\software\mozilla\Firefox\extensions\\videoraptor-firefox-surf-and-catch-extension@audials.com: e:\Programme\RapidSolution\Videoraptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\ [2009.04.27 21:03:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.25 13:30:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.07 21:51:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.09.20 05:44:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.10.07 21:51:12 | 000,000,000 | ---D | M]
 
[2010.07.06 13:14:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Extensions
[2010.07.06 13:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.10.13 09:32:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions
[2010.07.09 19:56:41 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2007.12.09 13:32:52 | 000,000,000 | ---D | M] (Biet-O-Matic Firefox Extension) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}
[2007.10.20 13:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2008.09.21 10:35:58 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010.09.19 16:56:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008.02.10 12:00:17 | 000,001,670 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\searchplugins\verleihshopde.xml
[2010.10.13 09:32:50 | 000,000,000 | ---D | M] -- c:\Programme\Mozilla Firefox\extensions
[2010.02.28 12:50:41 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- c:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.09.25 13:30:23 | 000,001,392 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.25 13:30:23 | 000,002,344 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.25 13:30:23 | 000,006,805 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.25 13:30:23 | 000,001,178 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.25 13:30:24 | 000,001,105 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.02.06 20:24:55 | 000,000,137 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Videoraptor_WebRipPlugin Class) - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - e:\Programme\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll (RapidSolution Software)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - c:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-21-746137067-583907252-682003330-1003\..\Toolbar\WebBrowser: (no name) - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - No CLSID value found.
O3 - HKU\S-1-5-21-746137067-583907252-682003330-1003\..\Toolbar\WebBrowser: (no name) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] c:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DT HPW] C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [FightBoard] e:\Programme\REVOLTEC\FightBoard Advanced 1.00\FightBoard.exe ()
O4 - HKLM..\Run: [Gainward] c:\Programme\XpertVision\TBPanel.exe (Xpertvision, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz]  File not found
O4 - HKU\.DEFAULT..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = E:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-583907252-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00  [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\hio {755F9D06-1AF6-43D0-9832-42D83A1061A9} - C:\Programme\Gemeinsame Dateien\DigiOnline GmbH\HierObjects.dll (DigiOnline GmbH)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\host32.exe) - C:\WINDOWS\host32.exe File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2005.08.11 21:10:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{820b443e-32c7-11db-9dab-000fea271508}\Shell - "" = AutoRun
O33 - MountPoints2\{820b443e-32c7-11db-9dab-000fea271508}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{820b443e-32c7-11db-9dab-000fea271508}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d63c2e38-d82b-11da-9379-000fea271508}\Shell - "" = AutoRun
O33 - MountPoints2\{d63c2e38-d82b-11da-9379-000fea271508}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d63c2e38-d82b-11da-9379-000fea271508}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (oodbs) - C:\WINDOWS\System32\oodbs.exe (O&O Software GmbH)
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: aaaaanonficker - C:\nonficker.dll ()
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk - C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Office-Bibliothek-Direktsuche.lnk - F:\Programme\Office-Bibliothek\PCLib.exe - ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: aawservice - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup - 
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000 begin_of_the_skype_highlighting**************056-444553540000******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************056-444553540000******end_of_the_skype_highlighting} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: aawservice - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup - 
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - 
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Sicherheitsupdate für Windows XP (KB913433)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {9C450606-ED24-4958-92BA-B8940C99D441} - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.PIM1 - C:\WINDOWS\System32\pclepim1.dll (Pinnacle Systems)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.13 10:44:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Desktop\Gmer
[2010.10.13 10:26:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Desktop\MFTools
[2010.10.13 10:02:19 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\btsv\Recent
[2010.10.12 13:31:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Avira
[2010.10.12 13:06:21 | 000,000,000 | -HSD | C] -- C:\WINDOWS\jh87uhnoe3
[2010.10.07 21:50:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.09.30 23:25:16 | 000,030,376 | ---- | C] (Elaborate Bytes AG) -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys
[2010.09.30 13:18:24 | 000,089,256 | ---- | C] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll
[2010.09.18 17:04:26 | 000,049,944 | ---- | C] (Tracker Software Products Ltd.) -- C:\WINDOWS\System32\pxc40pm.dll
[2010.09.18 17:04:23 | 000,000,000 | ---D | C] -- c:\Programme\Tracker Software
[2010.09.18 17:04:10 | 000,282,624 | ---- | C] (TODO: <회사 이름>) -- C:\WINDOWS\System32\TwdFilt.dll
[2010.09.14 15:16:06 | 000,108,480 | ---- | C] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2010.01.10 14:29:09 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpe10.dll
[2007.10.20 12:14:30 | 000,094,208 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.sys
[2007.10.20 12:14:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.sys
[2006.08.11 15:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.13 11:03:13 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20021102}.CDF
[2010.10.13 10:26:37 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Gmer.zip
[2010.10.13 10:26:37 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\defogger.exe
[2010.10.13 10:25:18 | 000,388,977 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Load.exe
[2010.10.13 10:25:16 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI
[2010.10.13 10:04:45 | 000,000,160 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2010.10.13 10:04:26 | 000,271,830 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.10.13 10:04:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.13 10:02:38 | 000,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.10.13 10:02:38 | 000,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.10.13 10:02:38 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.10.13 10:02:38 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.10.13 10:02:38 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.10.13 10:02:38 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.10.13 10:02:38 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010.10.12 13:20:45 | 000,002,425 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\ABBYY FineReader 8.0 Professional Edition.lnk
[2010.10.12 13:11:43 | 000,002,403 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Paint Shop Pro 7.lnk
[2010.10.12 08:25:14 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Skype.lnk
[2010.10.11 21:58:19 | 000,234,280 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010.10.11 21:24:04 | 000,137,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.10.07 21:51:12 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.10.07 21:38:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.03 11:45:12 | 000,000,626 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AnyDVD.lnk
[2010.09.30 23:25:16 | 000,030,376 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys
[2010.09.30 13:18:24 | 000,089,256 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll
[2010.09.27 20:40:22 | 000,000,575 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Miranda IM.lnk
[2010.09.25 09:15:58 | 000,000,699 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Game Jackal v4.lnk
[2010.09.19 19:57:14 | 000,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010.09.18 17:04:02 | 000,000,405 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MindMapper 2009.lnk
[2010.09.15 18:42:18 | 000,046,528 | ---- | M] (SlySoft Inc.) -- C:\WINDOWS\System32\drivers\maploml.sys
[2010.09.15 10:35:32 | 000,030,144 | ---- | M] (SlySoft Inc.) -- C:\WINDOWS\System32\drivers\maplom.sys
[2010.09.14 15:16:06 | 000,108,480 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
 
========== Files Created - No Company Name ==========
 
[2010.10.13 10:26:23 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\defogger.exe
[2010.10.13 10:26:22 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Gmer.zip
[2010.10.13 10:25:18 | 000,388,977 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Load.exe
[2010.10.07 21:51:12 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.09.18 17:04:02 | 000,000,405 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MindMapper 2009.lnk
[2010.09.08 22:26:50 | 000,000,115 | ---- | C] () -- C:\WINDOWS\AWOPR.INI
[2010.09.08 17:52:44 | 000,002,092 | ---- | C] () -- C:\WINDOWS\aopr.ini
[2010.09.08 16:51:17 | 000,000,259 | ---- | C] () -- C:\WINDOWS\pwc62ud.INI
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010.02.01 20:35:14 | 000,000,056 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\_pdf_.prt
[2010.01.26 21:30:06 | 000,000,435 | ---- | C] () -- C:\WINDOWS\MM2009Viewer.INI
[2009.12.15 22:43:19 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\TEVPXCW60.DLL
[2009.12.15 22:43:19 | 000,000,039 | ---- | C] () -- C:\WINDOWS\TDEVXCW60.DLL
[2009.12.15 22:43:19 | 000,000,038 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009.07.14 15:46:20 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Apache3.INI
[2009.04.23 14:28:13 | 000,138,960 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.02.03 18:26:19 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2009.01.12 21:12:50 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008.07.02 14:21:33 | 000,000,020 | ---- | C] () -- C:\WINDOWS\keytrans.ini
[2008.05.21 20:00:42 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI
[2008.05.21 08:03:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008.04.10 20:46:32 | 000,001,165 | ---- | C] () -- C:\WINDOWS\APDFPRP.INI
[2008.02.28 17:54:21 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\acdfcbdad_r.dll
[2008.02.21 22:24:27 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008.02.21 22:24:27 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.02.21 22:23:48 | 000,151,040 | -HS- | C] () -- C:\WINDOWS\System32\VistaUltm.dll
[2008.02.21 22:23:48 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\Smab0.dll
[2008.02.19 21:40:47 | 000,000,551 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\AutoGK.ini
[2008.02.19 00:16:09 | 000,000,160 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2008.02.17 17:05:18 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2008.02.02 16:13:18 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2008.02.02 11:17:35 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL
[2008.01.09 13:18:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.01.02 12:00:43 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\PnkBstrK.sys
[2008.01.02 12:00:12 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini
[2007.12.11 21:43:44 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007.12.09 14:00:18 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll
[2007.10.20 12:14:33 | 000,000,033 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.log
[2007.10.20 12:14:31 | 000,007,861 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.cat
[2007.10.20 12:14:30 | 000,001,104 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.inf
[2007.10.20 12:14:30 | 000,000,125 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.ini
[2007.10.20 12:14:30 | 000,000,033 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.log
[2007.10.20 12:14:25 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.cat
[2007.10.20 12:14:25 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.inf
[2007.10.17 20:03:19 | 000,137,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007.07.25 15:24:28 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007.07.09 20:25:06 | 000,015,852 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2007.04.09 23:13:27 | 000,000,022 | ---- | C] () -- C:\WINDOWS\FightBoard.INI
[2007.03.10 13:51:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.11.10 15:26:40 | 000,000,256 | ---- | C] () -- C:\WINDOWS\onlineeye.INI
[2006.10.14 15:01:13 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini
[2006.08.11 16:14:08 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2006.08.11 16:14:08 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006.08.11 15:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006.07.05 14:44:42 | 000,001,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2006.05.29 08:15:26 | 000,003,206 | ---- | C] () -- C:\WINDOWS\tm.ini
[2006.05.23 13:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006.03.24 17:24:31 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2006.03.24 17:24:31 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2006.03.11 12:43:38 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.02.04 21:27:43 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006.01.29 15:37:54 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006.01.09 16:42:07 | 000,000,557 | ---- | C] () -- C:\WINDOWS\ZEUGNIS3.INI
[2006.01.04 14:31:32 | 000,000,046 | ---- | C] () -- C:\WINDOWS\hmview.ini
[2006.01.03 21:05:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.01.03 20:25:20 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2005.11.11 14:47:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005.11.11 14:47:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005.10.31 23:03:24 | 000,006,097 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005.10.22 13:53:16 | 000,000,243 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2005.10.22 13:38:21 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV62.sys
[2005.10.16 19:32:07 | 000,000,929 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2005.09.24 10:38:14 | 000,000,316 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos4_5_dlx.INI
[2005.09.17 10:01:27 | 000,000,046 | ---- | C] () -- C:\WINDOWS\mxcdr.INI
[2005.09.15 13:01:59 | 000,000,249 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos3_5_dlx.INI
[2005.09.15 12:54:21 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005.09.15 12:33:01 | 000,000,085 | ---- | C] () -- C:\WINDOWS\magix.ini
[2005.09.15 12:33:00 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2005.09.03 09:31:25 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005.08.17 17:41:34 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2005.08.16 18:44:34 | 000,073,216 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.08.15 13:54:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Classic.INI
[2005.08.12 16:35:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ui.INI
[2005.08.12 15:54:20 | 000,000,109 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2005.08.12 14:47:49 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2005.08.12 14:42:42 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2005.08.12 14:41:59 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\LVUI2RC.dll
[2005.08.12 14:41:59 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2005.08.12 14:36:27 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WINPHONE.INI
[2005.08.12 14:25:56 | 000,000,506 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.08.12 14:00:47 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005.08.12 13:58:36 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005.08.12 13:40:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\12kCUusd.dll
[2005.08.11 23:10:30 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2005.08.11 22:35:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winpm.INI
[2005.08.11 22:33:01 | 003,592,192 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2005.08.11 21:40:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2005.08.11 04:03:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.08.10 00:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005.08.10 00:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005.06.16 19:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2005.01.02 21:02:47 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2005.01.02 21:02:39 | 000,000,478 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2004.05.27 16:52:52 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\mslffv1.dll
[2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002.03.21 14:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002.03.21 02:08:47 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002.03.20 21:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2001.12.31 16:59:52 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2001.12.31 16:59:46 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2001.12.31 16:59:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
 
========== LOP Check ==========
 
[2009.02.25 18:29:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DisplayTune
[2009.07.26 10:06:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2008.05.21 18:18:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Astonsoft
[2007.07.21 20:23:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2009.01.08 18:26:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2008.02.19 00:17:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elaborate Bytes
[2009.04.27 21:14:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution
[2008.02.19 00:16:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
[2009.04.23 19:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2007.06.29 22:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2007.04.20 14:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2009.12.07 23:41:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2005.08.12 14:28:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2009.01.19 14:08:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
[2005.08.17 14:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ACD Systems
[2005.08.11 23:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Acronis
[2009.11.23 22:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\AKVIS
[2009.12.07 15:37:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Azureus
[2007.07.21 14:06:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\BitTorrent
[2007.12.10 23:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\BOM
[2007.04.21 23:36:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
[2007.03.03 13:49:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Command & Conquer 3 Tiberium Wars Demo
[2010.04.04 18:34:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Copernic
[2008.02.11 21:37:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DAEMON Tools
[2007.10.20 13:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DAEMON Tools Pro
[2008.05.21 18:24:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DeepBurner
[2008.02.21 18:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DigiOnline GmbH
[2009.02.03 18:28:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DisplayTune
[2009.04.26 09:29:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\FileZilla
[2010.08.03 12:35:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\gp-Untis
[2010.03.01 20:36:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ImgBurn
[2009.07.26 10:00:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\IrfanView
[2006.06.15 20:19:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Jasc
[2008.04.25 15:03:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Leadertech
[2005.09.24 13:18:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\MAGIX
[2009.09.01 22:20:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\MindMapper 2008
[2010.09.02 19:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Miranda
[2006.04.14 23:16:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mp3tag
[2009.02.26 19:09:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\OpenOffice.org
[2008.09.06 10:52:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Opera
[2010.09.08 16:32:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Password Solutions
[2006.10.14 14:56:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\PPLive
[2009.07.14 12:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ppstream
[2009.04.27 21:04:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\RapidSolution
[2008.10.16 12:01:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\SanDisk
[2009.03.09 21:27:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\SlySoft
[2009.04.23 19:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Sony
[2005.11.05 20:07:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Steinberg
[2006.01.03 20:26:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\T-Online
[2009.01.21 18:52:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\TeamViewer
[2007.04.20 14:40:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Teleca
[2010.02.24 16:30:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\The Creative Assembly
[2010.07.06 13:14:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Thunderbird
[2005.08.12 14:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\TuneUp Software
[2008.02.12 20:54:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Vso
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2006.03.07 16:18:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ABBYY
[2005.08.17 14:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ACD Systems
[2005.08.11 23:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Acronis
[2008.04.05 14:12:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Adobe
[2008.01.05 11:53:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\AdobeUM
[2009.11.23 22:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\AKVIS
[2006.03.23 18:13:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Apple Computer
[2010.10.12 13:31:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Avira
[2009.12.07 15:37:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Azureus
[2007.07.21 14:06:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\BitTorrent
[2007.12.10 23:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\BOM
[2007.04.21 23:36:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
[2007.03.03 13:49:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Command & Conquer 3 Tiberium Wars Demo
[2010.04.04 18:34:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Copernic
[2008.02.02 11:18:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Creative
[2008.02.11 21:37:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DAEMON Tools
[2007.10.20 13:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DAEMON Tools Pro
[2008.05.21 18:24:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DeepBurner
[2008.02.21 18:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DigiOnline GmbH
[2009.02.03 18:28:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DisplayTune
[2007.01.06 09:11:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DivX
[2010.10.13 10:45:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\dvdcss
[2009.04.26 09:29:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\FileZilla
[2006.07.20 00:32:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Google
[2010.08.03 12:35:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\gp-Untis
[2009.02.05 23:16:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Hamachi
[2005.08.12 13:47:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Help
[2005.08.11 21:17:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Identities
[2010.03.01 20:36:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ImgBurn
[2008.04.25 15:01:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\InstallShield
[2008.02.12 16:20:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\InstallShield Installation Information
[2009.07.26 10:00:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\IrfanView
[2006.06.15 20:19:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Jasc
[2008.02.27 18:40:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Lavasoft
[2008.04.25 15:03:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Leadertech
[2008.04.25 15:04:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Logitech
[2005.08.12 16:14:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Macromedia
[2005.09.24 13:18:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\MAGIX
[2010.04.13 15:20:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Malwarebytes
[2009.04.23 20:46:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Media Player Classic
[2009.12.29 00:44:30 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft
[2009.09.01 22:20:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\MindMapper 2008
[2010.09.02 19:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Miranda
[2005.08.11 23:03:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla
[2006.04.14 23:16:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mp3tag
[2010.04.19 18:20:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\NVIDIA
[2009.02.26 19:09:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\OpenOffice.org
[2008.09.06 10:52:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Opera
[2010.09.08 16:32:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Password Solutions
[2006.10.14 14:56:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\PPLive
[2009.07.14 12:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ppstream
[2009.04.27 21:04:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\RapidSolution
[2006.10.14 15:18:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Real
[2008.10.16 12:01:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\SanDisk
[2007.04.09 23:13:34 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\SecuROM
[2010.10.12 08:54:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Skype
[2010.10.12 08:26:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\skypePM
[2009.03.09 21:27:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\SlySoft
[2009.04.23 19:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Sony
[2007.04.20 14:37:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Sony Ericsson
[2005.11.05 20:07:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Steinberg
[2005.08.23 14:14:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Sun
[2006.01.03 20:26:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\T-Online
[2006.01.22 11:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Talkback
[2010.10.12 19:53:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\teamspeak2
[2009.01.21 18:52:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\TeamViewer
[2007.04.20 14:40:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Teleca
[2010.02.24 16:30:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\The Creative Assembly
[2010.07.06 13:14:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Thunderbird
[2005.08.12 14:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\TuneUp Software
[2009.06.28 19:50:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\U3
[2008.05.21 20:35:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\vlc
[2008.02.12 20:54:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Vso
[2010.10.12 10:34:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Xfire
 
< %APPDATA%\*.exe /s >
[2005.08.12 15:26:37 | 000,015,872 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
[2006.04.15 18:41:31 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{178A1098-E15E-4FCF-8748-B613DC687FF0}\_18be6784.exe
[2006.04.15 18:41:31 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{178A1098-E15E-4FCF-8748-B613DC687FF0}\_294823.exe
[2010.05.01 15:32:22 | 000,000,766 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{347C6ECC-7DB2-49CC-A344-1FB0606DA662}\_18be6784.exe
[2010.05.01 15:32:22 | 000,000,766 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{347C6ECC-7DB2-49CC-A344-1FB0606DA662}\_294823.exe
[2010.05.01 15:32:22 | 000,000,766 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{347C6ECC-7DB2-49CC-A344-1FB0606DA662}\_4ae13d6c.exe
[2008.04.25 15:03:52 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2008.04.25 15:02:03 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{56918C0C-0D87-4CA6-92BF-4975A43AC719}\ARPPRODUCTICON.exe
[2008.04.25 15:03:10 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe
[2006.03.07 16:13:44 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}\ARPPRODUCTICON.exe
[2006.03.07 16:13:44 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}\ICON_FineReader.exe
[2006.03.07 16:13:44 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}\ICON_ScreenshotReader.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2002.08.29 03:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2002.08.29 03:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002.08.29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll
[2002.08.29 03:43:22 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2002.08.29 03:43:36 | 001,007,104 | ---- | M] (Microsoft Corporation) MD5=22B0A56E6C5847292437078B484EC61B -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\explorer.exe
[2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2002.08.29 03:43:26 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: NVATA.SYS  >
[2005.05.17 17:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\nvata.sys
[2005.05.17 17:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\ReinstallBackups\0030\DriverFiles\nvata.sys
 
< MD5 for: NVATABUS.SYS  >
[2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\drivers\nvatabus.sys
[2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvatabus.sys
[2004.09.02 09:24:38 | 000,082,816 | R--- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\nvatabus.sys
 
< MD5 for: NVGTS.SYS  >
[2008.08.18 19:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=EA98BFE4931BD13D747D647C1859796E -- C:\WINDOWS\system32\drivers\nvgts.sys
 
< MD5 for: SCECLI.DLL  >
[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll
[2002.08.29 03:43:30 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\system32\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2002.08.29 03:43:32 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2002.08.29 03:43:42 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe
[2002.08.29 03:43:42 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.18 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.18 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.02.11 19:14:45 | 000,716,272 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2005.08.11 05:01:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005.08.11 05:01:06 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005.08.11 05:01:06 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2010.02.01 20:35:19 | 000,015,371 | ---- | M] ()(C:\Dokumente und Einstellungen\btsv\Eigene Dateien\?Interpretationshilfe_Farben.pdf) -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\Interpretationshilfe_Farben.pdf
[2010.02.01 20:35:19 | 000,015,371 | ---- | C] ()(C:\Dokumente und Einstellungen\btsv\Eigene Dateien\?Interpretationshilfe_Farben.pdf) -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\Interpretationshilfe_Farben.pdf
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wtsapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wsock32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winspool.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winscard.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winlogon.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vct3216.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\uxtheme.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sxs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\svchost.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\smss.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shsvcs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\services.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sens.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\secur32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\schannel.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\psapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oodag.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netshell.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcrt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msutb.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msimg32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msiexec.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm32.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\midimap.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lsass.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\imm32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\processr.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\ohci1394.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nic1394.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mssmbios.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\ACPI.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CTSVCCDA.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctfmon.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\csrss.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cscdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\apphelp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\advapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\btsv\Startmenü\Programme\Autostart\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini:KAVICHS
@Alternate Data Stream - 48 bytes -> C:\WINDOWS:414D5E5B2C7E43DC
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshirda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wlnotify.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wintrust.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32spl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiavusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiaservc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webcheck.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32time.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vfwwdm32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\version.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\userenv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usbmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ups.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uniplat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unimdmat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unimdm.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsbyuv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\trkwks.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tlntsvr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\themeui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\termsrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stobject.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stdole32.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpsrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spoolss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sound.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smlogsvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sl_anet.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shmgrate.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shfolder.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdoclc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sessmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sensapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\seclogon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scesrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scecli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scardsvr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samsrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rundll32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regsvr32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rastls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rastapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasppp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\raschap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pstorsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psbase.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\progman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\profmap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pjlmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfproc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oodagrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olepro32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oledlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleaut32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oakley.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntshrui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\notepad.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netlogon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netdde.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ndptsp.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nddeapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncobjapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mydocs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msyuv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvidc32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp61.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mstlsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrle32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msprivs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msisip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msh263.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msh261.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msctf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaud32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msasn1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msadp32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPG4C32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mouse.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\modemui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mnmsrvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmsystem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfcsubs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc42loc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc42.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\locator.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\localspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lmhsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lhacm.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kmddsp.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keyboard.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javasup.vxd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iyuv_32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\irmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir50_32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir41_32.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir32_32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipsecsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipconf.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetpp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imapi.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imagehlp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imaadp32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ie4uinit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icmp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iccvid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icaapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iac25_32.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpzlnt04.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hidphone.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\h323.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventlog.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eumex4sp.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\duser.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drwtsn32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WSTCODEC.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WmXlCore.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WmVirHid.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WmBEnum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wanarp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vga.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\USBSTOR.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbohci.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbehci.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbccgp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usb8023.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\update.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ulisa.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\termdd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sysaudio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swmidi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swenum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\StreamIP.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SSHDRV62.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\sr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SONYPVU1.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SLIP.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sfhlp01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serial.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serenum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\secdrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\scsiport.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rootmdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\redbook.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdpdr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdpcdd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspti.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspptp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspppoe.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasl2tp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasirda.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasacd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ptilink.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\psched.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\prosync1.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\prohlp02.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\prodrv06.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\pciide.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\parport.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkfwd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkflt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nmnt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbios.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndiswan.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndisuio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndistapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NdisIP.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NABTSFEC.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSTEE.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSPQM.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSPCLOCK.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSKSSRV.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\msgpc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mrxdav.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LVSound2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\lvce.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LMouFlt2.Sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LHIDUSB.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LHIDFLT2.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\L8042pr2.Sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\isapnp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\irsir.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\irenum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\irda.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipsec.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipinip.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipfltdrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ip6fw.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\imapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\HIDSwvd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\GcKernel.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\ftdisk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\flpydisk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fdc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\drmkaud.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\DMusic.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmboot.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\disk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\detewecp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdrom.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\CCDECODE.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Capi20.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmarpc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\atapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\asyncmac.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\arp1394.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\afd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsrslvr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmserver.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmadmin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllhost.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrsrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMNCTR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comm.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comdlg32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnbjmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clipsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cisvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cfgmgr32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\certcli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1253.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1251.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1250.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browser.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browselc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootvid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\batmeter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\basesrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autochk.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\audiosrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asycfilt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asfsipc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\actxprxy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ACDV.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12kCUusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\regedit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\LOGI_MWX.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\$NtUninstallKB890859$\user32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Eigene Dateien\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Desktop\TeamSpeak 2 RC2.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Desktop\(E).lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini:KAVICHS
@Alternate Data Stream - 146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:054B9966
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\setupapi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\explorer.exe:KAVICHS

< End of report >
         
--- --- ---

Alt 13.10.2010, 19:39   #7
glasnost
 
Backdoor.Bot ist nach jedem Neustart wieder da - Standard

Backdoor.Bot ist nach jedem Neustart wieder da



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 13.10.10 12:11:33 - Run 2
OTL by OldTimer - Version 3.2.15.2     Folder = C:\Dokumente und Einstellungen\btsv\Desktop\MFTools
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = c:\Programme
Drive C: | 19,53 Gb Total Space | 4,66 Gb Free Space | 23,87% Space Free | Partition Type: NTFS
Drive E: | 100,08 Gb Total Space | 11,93 Gb Free Space | 11,92% Space Free | Partition Type: NTFS
Drive F: | 33,77 Gb Total Space | 20,78 Gb Free Space | 61,55% Space Free | Partition Type: NTFS
Drive H: | 172,79 Gb Total Space | 7,64 Gb Free Space | 4,42% Space Free | Partition Type: NTFS
Drive I: | 292,96 Gb Total Space | 18,11 Gb Free Space | 6,18% Space Free | Partition Type: NTFS
 
Computer Name: LUGL | User Name: btsv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "e:\Programme\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "e:\Programme\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [Winamp.Bookmark] -- "e:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "e:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "e:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Programme\Miranda IM\miranda32.exe" = F:\Programme\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"E:\Programme\Valve\Steam\Steam.exe" = E:\Programme\Valve\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"f:\Programme\BitTorrent\bittorrent.exe" = f:\Programme\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent -- File not found
"E:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = E:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- File not found
"I:\Programme\Unreal Tournament 3\Binaries\UT3.exe" = I:\Programme\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- File not found
"E:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = E:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)  -- ()
"I:\Programme\Ubisoft\Far Cry 2\bin\FarCry2.exe" = I:\Programme\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"I:\Programme\Ubisoft\Far Cry 2\bin\FC2Launcher.exe" = I:\Programme\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft)
"I:\Programme\Ubisoft\Far Cry 2\bin\FC2Editor.exe" = I:\Programme\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment)
"H:\Programme\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe" = H:\Programme\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:*:Enabled:Call of Juarez - Bound in Blood -- (Techland)
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"E:\Programme\Sony Ericsson\Update Service\Update Service.exe" = E:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"E:\Programme\Valve\Steam\SteamApps\common\empire total war\Empire.exe" = E:\Programme\Valve\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd)
"I:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = I:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"E:\Programme\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe" = E:\Programme\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe:*:Enabled:Office Password Recovery PRO -- File not found
"E:\Programme\Valve\Steam\SteamApps\common\dawn of war 2\DOW2.exe" = E:\Programme\Valve\Steam\SteamApps\common\dawn of war 2\DOW2.exe:*:Enabled:Warhammer® 40,000™: Dawn of War® II -- (THQ Canada Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01E9CBDA-5480-4FE8-BBC9-BE29BB8AB4C0}" = 
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{06204E2A-6369-43ED-A9CF-49B5F49915FA}" = Twin Digital GamePad
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{178A1098-E15E-4FCF-8748-B613DC687FF0}" = MarkAble
"{1850E508-D6C3-4820-AD23-7F73A2BC606C}_is1" = Elcomsoft Password Recovery Studio
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A20BC22-8F21-4A2A-9F4A-E31FC0E5C7E3}" = ACDSee 6.0 PowerPack
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{226CA5FA-D90E-4B78-9325-2DDA68BA691A}" = Duden Korrektor PLUS 3
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{347C6ECC-7DB2-49CC-A344-1FB0606DA662}" = WW-Essensplaner
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3648253A-C2C4-4CFB-8BE5-381D1C638B94}" = GameSpy Comrade
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{4300EF0D-2041-4179-AFFF-21E01160740F}" = Eumex 504PC USB
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A684677-2EB8-41DF-941D-BEA07D50D545}" = Videoraptor
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE 
"{4CE4B975-A5C1-43C0-A565-C00F0ABFC94C}" = PC-Bibliothek 3.0
"{52809086-618D-4F0B-8BF1-B75A5BB817A4}" = Sony Ericsson PC Suite
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{53480520-7555-470E-8C69-750B0472B4BB}" = O&O Defrag Professional Edition
"{53EF6570-21A4-47ED-A40A-E6470A5677A3}" = Studio 8
"{54971F17-9D16-4D43-95D6-3A86E3D20EDB}" = Office-Bibliothek 4.1
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1 
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5D956474-97AD-4E03-87F6-37F06437359E}" = MindMapper 2009
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68F19BCC-49D3-49FF-BAAC-A147C66A9710}" = AMD Power Monitor
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{80157B54-DB3E-4EE9-8AD8-63A905765FF4}_is1" = Opti Drive Control 1.47
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{93EC14D5-7AAA-4EAD-BB75-013817A96598}" = Logitech Gaming Software
"{9665B325-3F96-11D6-A1FA-000374890932}" = TuneUp Utilities 2003
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS 
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4729BF-0396-47EF-AA0B-3A04111F19F9}" = FightBoard Advanced 1.00
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Evaluation
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1" = PDF-XChange 4
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" =  Sansa Media Converter
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"5A46830178E35AB63403A85E361CCD6FA32C9078" = Windows-Treiberpaket - Sony Ericsson (seehcri) USB  (01/09/2008 1.1.0.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced RAR Password Recovery" = Advanced RAR Password Recovery (remove only)
"Advanced RAR Repair v1.0" = Advanced RAR Repair v1.0
"Anotha ID3 Editor" = Anotha ID3 Editor 1.51
"Anti-Twin 2009-04-29 20.45.46" = Anti-Twin (Installation 29.04.2009)
"AnyDVD" = AnyDVD
"ASAPI Update" = ASAPI Update
"Ashampoo Photo Optimizer FREE_is1" = Ashampoo Photo Optimizer FREE
"AudioConSole" = Creative-Audiokonsole
"Audiograbber" = Audiograbber 1.83 SE 
"AutoGK" = Auto Gordian Knot 2.45
"Avi2Dvd" = Avi2Dvd 0.4.5 beta
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Azureus Vuze" = Azureus Vuze
"Bf2SP64 2.31" = Bf2SP64 2.31
"Biet-O-Matic v2.4.1" = Biet-O-Matic v2.4.1
"Boilsoft AVI to VCD SVCD DVD Converter_is1" = Boilosft AVI to VCD SVCD DVD Converter 3.61
"BSPlayer1" = BSPlayer
"CDBF - DBF Viewer and Editor_is1" = Version 1.45.01
"CDex" = CDex extraction audio
"Clean 5" = Clean 5
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Das Neue Dr.Brain Gehirn Jogging" = Das Neue Dr.Brain Gehirn Jogging
"DBF Viewer 2000" = DBF Viewer 2000 2.45
"Digitale Bibliothek 3" = Digitale Bibliothek 3
"DirectVobSub" = DirectVobSub (remove only)
"DVD Identifier_is1" = DVD Identifier
"eMule" = eMule
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.2.4
"fotocommunity" = fotocommunity 
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"FreeFileSync" = FreeFileSync
"Game Jackal v4_is1" = Game Jackal v4.1.0.8 (32 bit)
"GameSpy Arcade" = GameSpy Arcade
"Geschichtslexikon" = Geschichtslexikon
"GUI for dvdauthor" = GUI for dvdauthor 1.04
"Hamachi" = Hamachi 1.0.3.0
"HD Tune_is1" = HD Tune 2.54
"HijackThis" = HijackThis 2.0.2
"Hollywood FX 4.6" = Pinnacle Hollywood FX 4.6
"hp deskjet 960c series" = hp deskjet 960c series (nur entfernen)
"iDump" = iDump v1.1.1
"ImgBurn" = ImgBurn
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{226CA5FA-D90E-4B78-9325-2DDA68BA691A}" = Duden Korrektor PLUS 3
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.5.5
"jv16 PowerTools_is1" = jv16 PowerTools 2007
"KeyView for Lotus" = KeyView for Lotus 97
"LabelEditor" = Label Editor
"MAGIX Foto Manager" = MAGIX Foto Manager
"MAGIX Music Manager" = MAGIX Music Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.0
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Miranda IM" = Miranda IM 0.9.4
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"Mp3tag" = Mp3tag v2.41
"MusicBrainz Picard" = MusicBrainz Picard 0.11
"MUSTEK 1200 CU v2.0a" = MUSTEK 1200 CU v2.0a
"Nero - Burning Rom!UninstallKey" = Ahead Nero - Burning Rom
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.0b
"PDFCreator Toolbar" = PDFCreator Toolbar
"Photo to Sketch Pro_is1" = Photo to Sketch Pro 3.6
"Picasa 3" = Picasa 3
"Product_Name" = sbPlus
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"SCHLECKER Foto-Digital-Service" = SCHLECKER Foto-Digital-Service
"SCOLA-Zeugnis 2008" = SCOLA-Zeugnis 2008 Dezember 2007 
"SiSoftware Sandra Professional_is1" = SiSoftware Sandra Professional 2003
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"SUPER ©" = SUPER © Version 2008.bld.25 (Feb 5, 2008)
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"Untis 2011" = Untis 2011
"Update Service" = Update Service
"VLC media player" = VideoLAN VLC media player 0.8.6f
"VobSub" = VobSub v2.23 (Remove Only)
"WaveLabLite" = WaveLab Lite
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Weight Watchers MP5_is1" = Weight Watchers MP5
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Winamp 5.02 Deutsche Sprachdatei v14" = Deutsche Sprachdatei für Winamp 5.02 v14 
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"WW3C" = WebWeaver Client
"Xfire" = Xfire (remove only)
"XMedia Recode" = XMedia Recode 2.0.5.3
"xp-AntiSpy" = xp-AntiSpy 3.94-2
"XpertVision_is1" = XpertVision 5.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"XVid;-)" = XVid;-)
"XviD_is1" = XviD MPEG-4 Video Codec
"XviDDec" = Nic's XviD Decoder
"ZoomPlayer" = Zoom Player (remove only)
"ZoomPlayerLang" = Zoom Player German language (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-746137067-583907252-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced PDF Password Recovery" = Advanced PDF Password Recovery
"Sansa Updater" = Sansa Updater
"Skat-Online V4" = Skat-Online V4
"Skat-Online V7" = Skat-Online V7
 
========== Last 10 Event Log Errors ==========
 
[ System Events ]
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Machine Debug Manager" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "O&O Defrag" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Game Jackal Server" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Sony Ericsson OMSI download service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 13.10.10 04:32:23 | Computer Name = LUGL | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 13.10.10 04:32:23 | Computer Name = LUGL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%2
 
Error - 13.10.10 06:58:19 | Computer Name = LUGL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%2
 
Error - 13.10.10 06:58:19 | Computer Name = LUGL | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
 
< End of report >
         
--- --- ---



Rest folgt...

Alt 13.10.2010, 19:40   #8
markusg
/// Malware-holic
 
Backdoor.Bot ist nach jedem Neustart wieder da - Standard

Backdoor.Bot ist nach jedem Neustart wieder da



ok und dann gehts weiter :-)

Alt 13.10.2010, 22:00   #9
glasnost
 
Backdoor.Bot ist nach jedem Neustart wieder da - Standard

Backdoor.Bot ist nach jedem Neustart wieder da



So, hier ist noch der letzte fehlende Log.
Angehängte Dateien
Dateityp: txt mbam-log-2010-10-13 (22-50-45).txt (1,4 KB, 184x aufgerufen)

Alt 14.10.2010, 11:08   #10
markusg
/// Malware-holic
 
Backdoor.Bot ist nach jedem Neustart wieder da - Standard

Backdoor.Bot ist nach jedem Neustart wieder da



nutze dieses tool von kaspersky
Wie bekämpft man Schadprogramme Trojan-Spy.Win32.ZBot?

Alt 14.10.2010, 11:18   #11
glasnost
 
Backdoor.Bot ist nach jedem Neustart wieder da - Standard

Backdoor.Bot ist nach jedem Neustart wieder da



Habe ich gemacht, hat aber nichts gefunden. "1 Unhooked Action", ansonsten nichts.
Bin ich es jetzt los, oder?

Alt 14.10.2010, 11:25   #12
markusg
/// Malware-holic
 
Backdoor.Bot ist nach jedem Neustart wieder da - Standard

Backdoor.Bot ist nach jedem Neustart wieder da



bitte nutze GMER und poste das log
http://www.trojaner-board.de/74908-a...t-scanner.html

Alt 14.10.2010, 12:06   #13
glasnost
 
Backdoor.Bot ist nach jedem Neustart wieder da - Standard

Backdoor.Bot ist nach jedem Neustart wieder da



GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit quick scan 2010-10-14 13:04:13
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: e:\Temp\pxtdapod.sys


---- System - GMER 1.0.15 ----

SSDT spkw.sys ZwEnumerateKey [0xB7EC8CA2]
SSDT spkw.sys ZwEnumerateValueKey [0xB7EC9030]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A7561F8

---- EOF - GMER 1.0.15 ----

Alt 14.10.2010, 12:10   #14
markusg
/// Malware-holic
 
Backdoor.Bot ist nach jedem Neustart wieder da - Standard

Backdoor.Bot ist nach jedem Neustart wieder da



jo und jetzt den vollständigen scan starten

Alt 14.10.2010, 18:43   #15
glasnost
 
Backdoor.Bot ist nach jedem Neustart wieder da - Standard

Backdoor.Bot ist nach jedem Neustart wieder da



Sorry, aber nach jetzt 6,5 h habe ich den scan abgebrochen. Leider konnte ich nicht mal das log sichern, da danach mein Rechner eingefroren war.
Hm. Wenn man bedenkt, wie viel Zeit man in die Scans steckt, dann frage ich mich, warum man nicht gleich neuinstalliert.

Antwort

Themen zu Backdoor.Bot ist nach jedem Neustart wieder da
0 bytes, 0x00000001, ad-aware, adblock, adobe, afd.sys, alternate, antivir, antivir guard, avg, avgntflt.sys, avira, bearbeitung, bho, c:\windows\system32\rundll32.exe, components, computer, desktop, dllhost.exe, einstellungen, excel, firefox, fontcache, gainward, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, langsam, location, mozilla, mozilla thunderbird, msiexec.exe, msimg32.dll, nt.dll, ntdll.dll, oldtimer, oledlg.dll, prozesse, registry, rundll, schannel.dll, searchplugins, software, sptd.sys, system restore, tracker, ups.exe, verweise, virus gefunden, windows, windows xp, wintrust.dll



Ähnliche Themen: Backdoor.Bot ist nach jedem Neustart wieder da


  1. Reduzierter Speicherplatz nach jedem Neustart
    Plagegeister aller Art und deren Bekämpfung - 20.12.2014 (17)
  2. Firefox setzt Einstellung nach jedem Neustart zurück
    Alles rund um Windows - 16.10.2014 (3)
  3. Windows 7 nach jedem Neustart kein Internet mehr
    Plagegeister aller Art und deren Bekämpfung - 22.06.2014 (3)
  4. Hartnäckiger Registryfehler taucht nach jedem Neustart wieder auf.
    Log-Analyse und Auswertung - 12.04.2014 (1)
  5. Softwareupdater.Ui.exe-Meldung nach jedem Neustart
    Plagegeister aller Art und deren Bekämpfung - 16.11.2013 (13)
  6. Taskmanager nach jedem Neustart deaktiviert
    Log-Analyse und Auswertung - 27.12.2012 (15)
  7. Hostsdatei wird bei jedem Neustart des Rechners wieder überschrieben
    Mülltonne - 27.12.2010 (1)
  8. Trojaner Dropper Gen der bei jedem Neustart wieder erscheint
    Plagegeister aller Art und deren Bekämpfung - 13.10.2010 (1)
  9. TR/Dropper.gen, getarnt als Bildschirmschoner! Nach jedem Neustart wieder da!
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (3)
  10. Trojaner von Malwarebytes nach jedem Neustart (i. Registrierungsdatenschlüssel)
    Log-Analyse und Auswertung - 25.03.2010 (2)
  11. nach jedem Neustart immer ein Ordner Neuer Ordner auf dem Desktop
    Alles rund um Windows - 11.11.2009 (1)
  12. Bifrose ist bei jedem Neustart wieder in der Regitry aktiv
    Mülltonne - 05.01.2009 (0)
  13. Habe Trojaner TR/BHO.Ge alias W32/Podnuha, kommt bai jedem Neustart wieder
    Plagegeister aller Art und deren Bekämpfung - 20.10.2008 (2)
  14. Nach jedem Neustart wieder spyware
    Log-Analyse und Auswertung - 27.07.2008 (4)
  15. Nach jedem Neustart sind sie wieder da !?!
    Log-Analyse und Auswertung - 16.03.2006 (7)
  16. TR/Dldr.180Instal.1 kommt nach jedem Start wieder
    Plagegeister aller Art und deren Bekämpfung - 22.08.2005 (6)
  17. Nach jedem 2 Reboot kommen alle Viren wieder!
    Plagegeister aller Art und deren Bekämpfung - 15.05.2005 (4)

Zum Thema Backdoor.Bot ist nach jedem Neustart wieder da - Hallo, so langsam verzweifele ich. Ich habe Malwarebytes mehrfach einen Quicksscann durchführen lassen und die besagten Ereignisse löschen lassen, auch Antivir lief drüber und hat alles in Quarantäne gepackt, was - Backdoor.Bot ist nach jedem Neustart wieder da...
Archiv
Du betrachtest: Backdoor.Bot ist nach jedem Neustart wieder da auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.