| shinchen | 15.11.2011 21:05 |
Sophos Anti-Virus Dienst nicht startbar
Hallo,
seit gestern startet mein Sophos Anti-Virus nicht korrekt. Es wird immer gemeldet, dass es ein "Fehler im Dienst" gibt. In der Systemverwaltung unter Dienste ist "Sophos Anti-Virus" als Beendet gemeldet. Ich hab die Vermutung, dass es ein Virus. Könnt ihr mir weiter helfen? Die Logfiles von OTL und GMER findet ihr im Anhang. Code:
OTL logfile created on: 14.11.2011 22:38:13 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\xc\Desktop\Fighting
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 74,32% Memory free
3,85 Gb Paging File | 3,50 Gb Available in Paging File | 90,94% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 169,64 Gb Free Space | 72,84% Space Free | Partition Type: NTFS
Drive H: | 10,00 Gb Total Space | 8,69 Gb Free Space | 86,87% Space Free | Partition Type: NWFS
Drive T: | 47,99 Gb Total Space | 40,81 Gb Free Space | 85,04% Space Free | Partition Type: NWFS
Drive Z: | 47,99 Gb Total Space | 40,81 Gb Free Space | 85,04% Space Free | Partition Type: NWFS
Computer Name: ***!!!***-***XXX*** | User Name: xc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.11.14 22:32:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xc\Desktop\Fighting\OTL.exe
PRC - [2011.10.05 17:15:25 | 000,167,960 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011.10.05 17:15:24 | 001,543,704 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2011.08.29 16:07:01 | 000,806,912 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Remote Management System\RouterNT.exe
PRC - [2011.08.29 16:07:00 | 000,282,624 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2011.05.21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.06 20:36:08 | 000,232,472 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.10.26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2005.09.08 15:14:38 | 000,061,440 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\Novell\xtagent.exe
========== Modules (No Company Name) ==========
MOD - [2011.09.05 18:05:06 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2011.08.29 16:07:01 | 000,753,664 | ---- | M] () -- C:\Programme\Sophos\Remote Management System\libeay32.dll
MOD - [2011.08.29 16:07:01 | 000,237,568 | ---- | M] () -- C:\Programme\Sophos\Remote Management System\TAO_SSLIOP.dll
MOD - [2011.08.29 16:07:01 | 000,176,128 | ---- | M] () -- C:\Programme\Sophos\Remote Management System\TAO_DynamicAny.dll
MOD - [2011.08.29 16:07:01 | 000,032,256 | ---- | M] () -- C:\Programme\Sophos\Remote Management System\TAO_Valuetype.dll
MOD - [2011.08.29 16:07:00 | 001,531,904 | ---- | M] () -- C:\Programme\Sophos\Remote Management System\TAO.dll
MOD - [2011.08.29 16:07:00 | 001,048,576 | ---- | M] () -- C:\Programme\Sophos\Remote Management System\ace.dll
MOD - [2011.08.29 16:06:59 | 000,733,184 | ---- | M] () -- C:\Programme\Sophos\Remote Management System\TAO_Security.dll
MOD - [2011.08.29 16:06:59 | 000,528,384 | ---- | M] () -- C:\Programme\Sophos\Remote Management System\TAO_PortableServer.dll
MOD - [2011.08.29 16:06:59 | 000,159,744 | ---- | M] () -- C:\Programme\Sophos\Remote Management System\ssleay32.dll
MOD - [2011.08.29 16:06:59 | 000,056,832 | ---- | M] () -- C:\Programme\Sophos\Remote Management System\ACE_SSL.dll
MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2011.05.04 23:02:44 | 000,355,432 | ---- | M] () -- C:\Programme\NVIDIA Corporation\nView\nvShell.dll
MOD - [2008.09.03 12:39:52 | 000,110,592 | ---- | M] () -- C:\WINDOWS\system32\nls\DEUTSCH\nwshlxnr.dll
MOD - [2008.08.27 10:23:52 | 000,262,227 | ---- | M] () -- C:\WINDOWS\system32\nwshlxnt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.10.05 17:15:25 | 000,167,960 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011.10.05 17:15:24 | 001,543,704 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011.08.29 16:07:22 | 000,099,864 | ---- | M] (Sophos Limited) [Unknown | Stopped] -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011.08.29 16:07:01 | 000,806,912 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2011.08.29 16:07:00 | 000,282,624 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2011.05.21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.06 20:36:08 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2008.11.04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.08.04 14:59:00 | 000,053,339 | ---- | M] (Novell, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\cusrvc.exe -- (cusrvc)
SRV - [2007.11.07 07:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2005.09.08 15:14:38 | 000,061,440 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\WINDOWS\system32\Novell\xtagent.exe -- (XTAgent)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Unknown | Running] -- -- (78194710)
DRV - File not found [File_System | Unknown | Running] -- -- (1342081drv)
DRV - [2011.08.29 16:07:22 | 000,153,728 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl)
DRV - [2011.08.29 16:07:19 | 000,024,192 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter)
DRV - [2011.08.29 16:07:16 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2011.08.29 16:07:15 | 000,024,312 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2011.08.29 16:07:13 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\skmscan.sys -- (SKMScan)
DRV - [2011.06.14 12:38:12 | 006,359,656 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011.06.13 04:03:54 | 000,306,664 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010.09.28 13:48:48 | 000,554,368 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwfs.sys -- (NetwareWorkstation)
DRV - [2010.08.18 19:56:22 | 000,189,312 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\srvloc.sys -- (SRVLOC)
DRV - [2010.08.09 08:09:52 | 000,045,952 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwdns.sys -- (NWDNS)
DRV - [2009.12.16 07:57:06 | 000,090,240 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\NCRecognizer.sys -- (NCRecognizer)
DRV - [2009.12.16 07:57:06 | 000,080,000 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\NCFilter.sys -- (NCFilter)
DRV - [2009.12.16 07:57:06 | 000,014,720 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\NCUncFilter.sys -- (NCUncFilter)
DRV - [2009.11.18 00:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 00:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.10.26 14:55:42 | 000,021,888 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwslp.sys -- (NWSLP)
DRV - [2009.03.30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008.08.04 16:06:32 | 000,058,496 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwsipx32.sys -- (NWSIPX32)
DRV - [2008.07.21 12:47:04 | 000,029,440 | ---- | M] (Novell, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\NetWare\resmgr.sys -- (RESMGR)
DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.01.08 09:27:32 | 000,038,603 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nicm.sys -- (NICM)
DRV - [2005.11.22 09:51:22 | 000,018,353 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwdhcp.sys -- (NWDHCP)
DRV - [2005.10.12 12:12:18 | 000,009,297 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwhost.sys -- (NWHOST)
DRV - [2005.10.12 12:11:32 | 000,006,128 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwsns.sys -- (NWSNS) Novell Simple Naming Services (NWSNS)
DRV - [2003.02.26 13:51:18 | 000,023,232 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwsap.sys -- (NWSAP)
DRV - [2001.08.18 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.08.18 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Programme\Tencent\QQMusic\npQzoneMusic.dll File not found
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Programme\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Programme\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.09.16 11:13:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.11.10 09:50:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.09.16 11:13:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.08.29 21:45:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
[2011.08.29 20:03:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xc\Anwendungsdaten\Mozilla\Extensions
[2011.09.02 15:37:06 | 000,004,140 | ---- | M] () -- C:\Dokumente und Einstellungen\xc\Anwendungsdaten\Mozilla\Firefox\Profiles\wti79yh3.default\searchplugins\youtube.xml
[2011.11.10 09:50:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.08.29 20:11:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.08.29 20:11:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.11.10 09:50:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[1999.12.31 15:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.09.30 09:05:26 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.30 09:05:26 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.09.30 09:05:26 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.30 09:05:26 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.30 09:05:26 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.30 09:05:26 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2001.08.18 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKCU..\Run: [DMS-Kalenderchen] C:\Daten\XC\software\Kalenderchen\Kalenderchen.exe (Daniel Manger Software)
O4 - HKCU..\Run: [Taskbar Shuffle] C:\Dokumente und Einstellungen\xc\Desktop\TaskbarShuffle2.5\taskbarshuffle.exe (Jay Elaraj)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1314635261828 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0432A9C4-4141-480D-B0BB-EC90859C842D}: NameServer = 141.24.12.2
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) -C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - Winlogon\Notify\NetIdentity Notification: DllName - (C:\WINDOWS\system32\Novell\XtNotify.dll) - C:\WINDOWS\system32\Novell\xtnotify.dll (Novell, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O30 - LSA: Authentication Packages - (nwv1_0) -C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.08.29 15:57:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9f8ab297-d24f-11e0-aa87-8ab76512d60e}\Shell - "" = AutoRun
O33 - MountPoints2\{9f8ab297-d24f-11e0-aa87-8ab76512d60e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9f8ab297-d24f-11e0-aa87-8ab76512d60e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011.11.14 22:27:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xc\Desktop\Fighting
[2011.11.14 22:19:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011.11.14 22:16:24 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011.11.14 22:15:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.11.14 21:30:53 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.11.14 21:30:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2011.11.14 20:20:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011.11.11 14:19:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011.11.10 15:23:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xc\Desktop\DAE_Trex250Model
[2011.11.10 12:06:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xc\Lokale Einstellungen\Anwendungsdaten\BananaLockScreen
[2011.11.10 12:06:39 | 000,000,000 | ---D | C] -- C:\Programme\Banana Security
[2011.11.10 11:31:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xc\Desktop\L_MPC
[2011.11.10 11:30:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xc\Desktop\BM
[2011.11.07 17:56:07 | 000,083,272 | ---- | C] (Tencent) -- C:\WINDOWS\System32\MMInstaller.dll
[2011.11.07 17:24:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xc\Anwendungsdaten\QQMusicUpdate
[2011.11.07 10:41:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xc\Desktop\Programmieren_lernen_mit_C
[2011.11.03 11:00:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xc\Lokale Einstellungen\Anwendungsdaten\Western Digital
[2011.11.03 10:06:03 | 000,000,000 | ---D | C] -- C:\Program Files
[2011.11.03 10:01:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xc\Eigene Dateien\Tencent Files
[2011.11.03 09:07:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xc\Desktop\yuho
[2011.11.01 10:10:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xc\Desktop\***!!!***
[2011.10.27 16:23:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight
[2011.10.27 16:07:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Visual Studio 2010Templates
[2011.10.27 16:07:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Visual Studio 2010
[2011.10.27 10:06:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xc\Lokale Einstellungen\Anwendungsdaten\GHISLER
[2011.10.27 10:03:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xc\Lokale Einstellungen\Anwendungsdaten\Help
[2011.10.27 10:03:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xc\Anwendungsdaten\Help
[2011.10.27 10:02:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Total Commander
[2011.10.27 10:02:29 | 000,000,000 | ---D | C] -- C:\totalcmd
[2011.10.27 08:52:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xc\Desktop\Test_27
[2011.10.26 17:21:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx
[2011.10.26 17:20:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xc\Desktop\Test
[2011.10.26 17:17:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft SQL Server 2008
[2011.10.26 17:14:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Sync Framework
[2011.10.26 17:14:00 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Sync Framework
[2011.10.26 17:05:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight 3 SDK
[2011.10.26 17:04:58 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2011.10.26 16:59:17 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft ASP.NET
[2011.10.26 16:59:06 | 000,000,000 | ---D | C] -- C:\Programme\IIS
[2011.10.26 16:56:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xc\Eigene Dateien\Visual Studio 2010
[2011.10.26 16:45:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Visual Studio 2010
[2011.10.26 16:45:30 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Help Viewer
[2011.10.26 16:45:30 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft F#
[2011.10.26 16:45:29 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 10.0
[2011.10.26 16:23:12 | 000,000,000 | ---D | C] -- C:\Programme\Elaborate Bytes
[2011.10.26 15:13:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xc\Desktop\C_lernen
[2011.10.26 14:46:50 | 000,000,000 | ---D | C] -- C:\Temp
[2011.10.26 14:40:30 | 000,000,000 | ---D | C] -- C:\Ipopt
[2011.10.26 14:25:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NAG
[2011.10.26 14:24:58 | 000,000,000 | ---D | C] -- C:\Programme\NAG
[2011.10.26 14:24:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\NAG
[2011.10.21 16:18:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2011.10.21 16:18:46 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2011.10.21 16:13:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xc\Desktop\NMPC
[2011.10.19 08:45:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JModelica.org-1.6b1
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.11.14 22:27:43 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\xc\defogger_reenable
[2011.11.14 22:18:26 | 101,733,320 | ---- | M] () -- C:\Dokumente und Einstellungen\xc\Desktop\setup_11.0.0.1245.x01_2011_11_14_23_56.exe
[2011.11.14 22:06:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.14 22:06:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.14 22:01:39 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011.11.11 16:02:54 | 000,001,151 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2011.11.11 13:28:43 | 026,383,736 | ---- | M] () -- C:\Dokumente und Einstellungen\xc\Eigene Dateien\QQIntl1.1.exe
[2011.11.11 11:40:02 | 000,000,283 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011.11.10 15:21:39 | 002,136,013 | ---- | M] () -- C:\Dokumente und Einstellungen\xc\Desktop\DAE_Trex250Model.zip
[2011.11.10 03:03:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.11.07 18:49:16 | 000,545,178 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.11.07 18:49:16 | 000,524,656 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.11.07 18:49:16 | 000,117,218 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.11.07 18:49:16 | 000,102,352 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.11.03 11:18:32 | 000,360,448 | ---- | M] () -- C:\Dokumente und Einstellungen\xc\Eigene Dateien\Datenbank1.accdb
[2011.11.03 09:01:57 | 000,001,693 | ---- | M] () -- C:\Dokumente und Einstellungen\xc\Desktop\Sophos Endpoint Security and Control.lnk
[2011.10.27 10:16:22 | 000,000,774 | ---- | M] () -- C:\Dokumente und Einstellungen\xc\Desktop\Ipopt.sln.lnk
[2011.10.27 10:02:35 | 000,000,548 | ---- | M] () -- C:\Dokumente und Einstellungen\xc\Desktop\Total Commander.lnk
[2011.10.26 16:31:00 | 000,000,165 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.11.14 22:27:43 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\xc\defogger_reenable
[2011.11.14 22:17:25 | 101,733,320 | ---- | C] () -- C:\Dokumente und Einstellungen\xc\Desktop\setup_11.0.0.1245.x01_2011_11_14_23_56.exe
[2011.11.14 19:48:27 | 000,001,693 | ---- | C] () -- C:\Dokumente und Einstellungen\xc\Desktop\Sophos Endpoint Security and Control.lnk
[2011.11.11 13:17:50 | 026,383,736 | ---- | C] () -- C:\Dokumente und Einstellungen\xc\Eigene Dateien\QQIntl1.1.exe
[2011.11.10 15:21:36 | 002,136,013 | ---- | C] () -- C:\Dokumente und Einstellungen\xc\Desktop\DAE_Trex250Model.zip
[2011.10.27 16:24:03 | 000,826,728 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-515967899-823518204-725345543-1003-0.dat
[2011.10.27 16:23:41 | 000,381,190 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.10.27 10:16:22 | 000,000,774 | ---- | C] () -- C:\Dokumente und Einstellungen\xc\Desktop\Ipopt.sln.lnk
[2011.10.27 10:02:35 | 000,000,548 | ---- | C] () -- C:\Dokumente und Einstellungen\xc\Desktop\Total Commander.lnk
[2011.10.27 10:02:29 | 000,001,151 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2011.10.27 10:02:29 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF
[2011.10.27 10:02:29 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF
[2011.10.27 10:02:29 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF
[2011.10.27 10:02:29 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF
[2011.10.27 10:02:29 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF
[2011.10.27 10:02:29 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF
[2011.10.27 10:02:29 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF
[2011.10.26 16:31:00 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011.10.21 16:25:04 | 000,245,760 | ---- | C] () -- C:\WINDOWS\f2c.exe
[2011.10.21 08:42:42 | 000,360,448 | ---- | C] () -- C:\Dokumente und Einstellungen\xc\Eigene Dateien\Datenbank1.accdb
[2011.09.06 13:49:52 | 000,000,283 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2011.08.30 10:40:35 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\pywintypes26.dll
[2011.08.30 10:40:35 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\pythoncomloader26.dll
[2011.08.30 10:40:34 | 000,354,304 | ---- | C] () -- C:\WINDOWS\System32\pythoncom26.dll
[2011.08.30 08:33:55 | 000,000,172 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.08.30 07:03:08 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011.08.29 18:55:24 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011.08.29 18:55:24 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011.08.29 18:55:24 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011.08.29 16:01:52 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011.08.29 15:59:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.08.29 15:58:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.08.29 15:58:29 | 000,376,856 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.08.29 15:53:51 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.05.21 05:01:00 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2010.02.08 06:33:04 | 000,359,320 | ---- | C] () -- C:\WINDOWS\System32\vfprintpthelper.dll
[2009.12.16 07:57:06 | 000,090,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncrecognizer.sys
[2009.12.16 07:57:06 | 000,080,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncfilter.sys
[2009.12.16 07:57:06 | 000,014,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\ncuncfilter.sys
[2008.08.27 10:23:52 | 000,262,227 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2008.08.13 09:10:20 | 000,225,356 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2007.02.12 16:43:54 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2006.03.27 11:08:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2004.08.04 00:12:38 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003.12.18 09:29:12 | 000,001,724 | ---- | C] () -- C:\WINDOWS\System32\vipx.exe
[2001.08.23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.18 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.18 13:00:00 | 000,545,178 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001.08.18 13:00:00 | 000,524,656 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.18 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.18 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001.08.18 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.18 13:00:00 | 000,117,218 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001.08.18 13:00:00 | 000,102,352 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.18 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.18 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001.08.18 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.18 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000.01.20 08:15:14 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[1999.07.22 18:07:38 | 000,015,898 | ---- | C] () -- C:\WINDOWS\System32\vlmsup.exe
[1999.06.30 03:48:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[1999.01.11 03:37:36 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[1996.05.14 08:50:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[1995.08.22 07:36:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
========== LOP Check ==========
[2011.08.30 08:48:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Dynasim
[2011.10.26 14:25:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NAG
[2011.08.30 08:13:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PreEmptive Solutions
[2011.09.16 15:13:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QQPet
[2011.08.30 07:32:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2011.08.29 16:07:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos
[2011.08.29 16:08:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos Web Intelligence
[2011.09.23 10:51:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xc\Anwendungsdaten\Design Science
[2011.08.30 08:48:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xc\Anwendungsdaten\Dynasim
[2011.08.30 11:50:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xc\Anwendungsdaten\Kalenderchen
[2011.11.10 11:50:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xc\Anwendungsdaten\Notepad++
[2011.08.30 18:29:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xc\Anwendungsdaten\OpenOffice.org
[2011.11.07 17:24:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xc\Anwendungsdaten\QQMusicUpdate
[2011.08.30 15:31:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xc\Anwendungsdaten\SogouExtension
[2011.11.11 16:13:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xc\Anwendungsdaten\SogouPY
[2011.08.30 15:28:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xc\Anwendungsdaten\SogouPY.users
[2011.10.06 13:36:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xc\Anwendungsdaten\Subversion
[2011.09.09 09:27:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xc\Anwendungsdaten\TeamViewer
[2011.11.14 22:17:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xc\Anwendungsdaten\Tencent
[2011.08.29 21:48:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xc\Anwendungsdaten\Thunderbird
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2011.08.29 18:07:07 | 000,000,000 | ---D | M] -- C:\4d7886b48f032dbf3f2ff6edcf00
[2011.11.14 22:18:58 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2011.08.30 07:14:01 | 000,000,000 | ---D | M] -- C:\Daten
[2011.09.16 12:44:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.08.30 11:47:50 | 000,000,000 | ---D | M] -- C:\HP CLJ 4700 Printer
[2011.08.30 07:13:50 | 000,000,000 | ---D | M] -- C:\IDE
[2011.08.29 16:02:40 | 000,000,000 | ---D | M] -- C:\Intel
[2011.10.27 10:25:25 | 000,000,000 | ---D | M] -- C:\Ipopt
[2011.11.14 22:25:56 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0
[2011.09.06 13:48:48 | 000,000,000 | ---D | M] -- C:\lj522
[2011.08.30 07:12:27 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.08.30 08:50:33 | 000,000,000 | ---D | M] -- C:\Novell
[2011.11.14 22:03:57 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.11.14 21:30:53 | 000,000,000 | R--D | M] -- C:\Programme
[2011.08.30 10:46:18 | 000,000,000 | ---D | M] -- C:\Python26
[2011.10.19 08:48:10 | 000,000,000 | ---D | M] -- C:\Python27
[2011.08.29 20:00:47 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.11.14 22:31:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.26 16:06:36 | 000,000,000 | ---D | M] -- C:\Temp
[2011.10.27 10:03:37 | 000,000,000 | ---D | M] -- C:\totalcmd
[2011.11.14 22:19:52 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2011.08.30 10:51:53 | 000,000,000 | ---D | M] -- C:\_ipython
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.manifest /3 >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< MD5 for: EXPLORER.EXE >
[2004.08.03 23:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
< MD5 for: REGEDIT.EXE >
[2004.08.03 23:58:10 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2008.04.14 03:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 03:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
< MD5 for: USERINIT.EXE >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.03 23:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.03 23:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.09.06 15:10:01 | 001,859,072 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-11 15:15:01
========== Files - Unicode (All) ==========
[2011.11.03 10:01:29 | 000,000,000 | ---D | C](C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\????) -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\腾讯软件
(C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\???????) -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\搜狗拼音输入法
< End of report >
Viele Grüße
shinchen |
