| Genascha | 04.12.2011 18:01 |
exploit.java.CVE-2010-4452.a. und 11 Infizierte Registrierungsschlьssel
Hallo Mädels, hallo Jüngs,
Mein Problem ist folgendes:
ich habe einen Virensuchlauf mit Kaspersky 2012 gemacht und leider wurde auch etwas gefunden und zwar handelt es sich um Malware exploit.java.CVE-2010-4452.a. Das Programm hat mir auch sofort die Möglichkeit gegeben, den Schädling zu löschen. Was ich daraufhin auch getan habe. Seid dem kommt nichts mehr. Auch Kaspersky gibt an das keine Bedrohung vorhanden ist.
Außer dem, wenn ich im Administratorkonto sich anmelde, kommt es immer wieder ein Systemmeldung, den "Scrin" als Anlage dabei.
Jetzt ist meine frage, ist dieser Virus schädlich?
Ist jetzt das System sauber?
Sollte ich mein System neu aufsetzten?
Ich benütze Online-Banking und andere vertraurliche Anwendungen,deswegen brauche ich Euren Rat.
Vielen Dank im vorraus!
Alle Anwendungen die im Forum Beschrieben sind, habe durlafen lasse und anbei das Ergebniss: Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8307
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
04.12.2011 16:58:45
mbam-log-2011-12-04 (16-58-35).txt
Art des Suchlaufs: Vollstдndiger Suchlauf (C:\|D:\|F:\|G:\|I:\|)
Durchsuchte Objekte: 429751
Laufzeit: 1 Stunde(n), 38 Minute(n), 58 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlьssel: 11
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 4
Infizierte Dateien: 11
Infizierte Speicherprozesse:
(Keine bцsartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bцsartigen Objekte gefunden)
Infizierte Registrierungsschlьssel:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.WebMedia) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XTTB00001.XTTB00001Toolbar (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
Infizierte Registrierungswerte:
(Keine bцsartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bцsartigen Objekte gefunden)
Infizierte Verzeichnisse:
c:\program files\webmediaplayer (Adware.EGDAccess) -> No action taken.
c:\program files\webmediaplayer\resources (Adware.EGDAccess) -> No action taken.
c:\program files\webmediaplayer\skins (Adware.EGDAccess) -> No action taken.
c:\program files\webmediaplayer\updates (Adware.EGDAccess) -> No action taken.
Infizierte Dateien:
c:\program files\alcohol soft\alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> No action taken.
c:\programdata\Tages\100663909\anno1404_crack.exe (Trojan.Bancos) -> No action taken.
g:\Soft\bildbearbeitung\ps_x2\активация\KEYGEN.EXE (Trojan.Agent) -> No action taken.
g:\Soft\bildbearbeitung\ps_x2\активация\активатор.exe (PUP.Hacktool.Patcher) -> No action taken.
g:\Soft\bildbearbeitung\rus\активация\активатор.exe (PUP.Hacktool.Patcher) -> No action taken.
c:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> No action taken.
c:\program files\webmediaplayer\sqlite3.dll (Adware.EGDAccess) -> No action taken.
c:\program files\webmediaplayer\resources\languages_v2.xml (Adware.EGDAccess) -> No action taken.
c:\program files\webmediaplayer\resources\webmedias (Adware.EGDAccess) -> No action taken.
c:\program files\webmediaplayer\skins\classic.skn (Adware.EGDAccess) -> No action taken.
c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> No action taken.
danach mit OTL.exe Code:
OTL logfile created on: 04.12.2011 17:10:29 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\ProgramData\Kaspersky Lab\SandboxShared\Sicherheit
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 53,61% Memory free
7,18 Gb Paging File | 5,45 Gb Available in Paging File | 75,88% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,42 Gb Total Space | 2,45 Gb Free Space | 4,20% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 3,91 Gb Free Space | 39,12% Space Free | Partition Type: NTFS
Drive F: | 104,07 Gb Total Space | 57,72 Gb Free Space | 55,46% Space Free | Partition Type: NTFS
Drive G: | 45,77 Gb Total Space | 15,78 Gb Free Space | 34,49% Space Free | Partition Type: NTFS
Computer Name: BIGBOS | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.12.04 14:48:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\ProgramData\Kaspersky Lab\SandboxShared\Sicherheit\OTL.exe
PRC - [2011.11.25 20:32:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.18 14:47:48 | 000,819,976 | ---- | M] (ABBYY) -- C:\Programme\ABBYY FineReader 11\NetworkLicenseServer.exe
PRC - [2011.08.17 12:15:28 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011.04.24 23:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
PRC - [2011.02.23 21:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.02.23 10:01:28 | 000,329,168 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe
PRC - [2009.11.01 18:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.09.28 16:56:18 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.02.15 17:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe
PRC - [2008.02.15 17:23:20 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2007.12.03 05:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007.09.07 17:27:08 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2007.09.07 09:51:00 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2007.09.07 09:50:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2007.09.07 09:50:56 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2007.09.07 09:50:54 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2007.08.28 06:51:42 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007.07.27 17:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007.03.28 20:47:34 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\upeksvr.exe
PRC - [2007.03.28 20:30:18 | 000,053,776 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\psqltray.exe
PRC - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.03.21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.11.03 16:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006.11.03 16:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006.10.27 15:16:48 | 012,813,096 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2006.10.27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
========== Modules (No Company Name) ==========
MOD - [2011.11.25 20:32:44 | 001,989,592 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2010.07.08 18:52:24 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll
MOD - [2006.11.03 16:46:24 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006.11.03 16:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2006.10.27 15:35:18 | 000,436,512 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2006.10.27 15:16:40 | 000,138,512 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\OUTLCTL.DLL
MOD - [2006.10.26 21:30:42 | 000,065,312 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.18 14:47:48 | 000,819,976 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.11.0)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.02.23 10:01:28 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2008.02.15 17:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe -- (STacSV)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.03 05:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.01.24 11:21:24 | 000,375,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.01.24 11:21:14 | 000,177,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV - [2011.11.24 19:14:56 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.15 18:42:02 | 000,100,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewsercd.sys -- (ewsercd)
DRV - [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010.10.17 01:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.01.06 16:42:23 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.07.10 21:10:56 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.07.10 21:10:56 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.04.11 06:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009.04.11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008.12.13 10:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.09.26 16:06:24 | 000,129,824 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2008.09.26 16:06:24 | 000,032,048 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2008.08.25 15:48:18 | 000,040,496 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2008.02.20 17:17:01 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008.02.15 17:27:02 | 000,330,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.01.19 07:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008.01.07 09:37:36 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2007.10.10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007.09.26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.09.07 10:27:32 | 000,209,408 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ianvstor.sys -- (iaNvStor) Intel(R)
DRV - [2007.09.07 09:50:54 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.09.07 07:35:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.09.07 07:35:44 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.09.07 07:35:42 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.08.28 06:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080209
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080209
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011.11.24 19:34:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011.11.24 19:34:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011.11.24 19:34:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.25 20:32:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.01 18:49:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files\Mobile Master\ext\1\ [2011.04.24 18:37:16 | 000,000,000 | ---D | M]
[2011.11.25 20:32:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.24 14:33:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.25 20:32:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.16 18:28:31 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (IE 4.x-6.x BHO for Download Master) - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - C:\Programme\Download Master\dmiehlp.dll (WestByte)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ñïóòíèê@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ñïóòíèê@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Bonus.SSR.FR11] C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (ABBYY.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Экспорт в Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerдt senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerдt senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Отправить в OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Отправить в OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Programme\Mail.Ru\Agent\magent.exe (Mail.Ru)
O9 - Extra 'Tools' menuitem : Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Programme\Mail.Ru\Agent\magent.exe (Mail.Ru)
O9 - Extra Button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Programme\Download Master\dmaster.exe (WestByte)
O9 - Extra 'Tools' menuitem : &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Programme\Download Master\dmaster.exe (WestByte)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38A0ECDE-9CD2-42E7-A024-20221FF2743E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{669d330d-d703-11dc-986c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{669d330d-d703-11dc-986c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.12.04 14:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.04 14:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.04 14:50:12 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.04 14:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.03 19:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.11.24 19:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Application Data
[2011.11.24 19:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2011.11.24 19:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.11.24 19:14:56 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011.11.24 14:33:03 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.11.24 14:33:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.11.24 14:33:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.11.18 12:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.18 12:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2011.11.18 12:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2011.11.18 12:08:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\3DMark
[2011.11.18 10:56:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Папка обмена Bluetooth
[2011.11.18 10:56:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Bluetooth Software
[2011.11.18 10:53:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Google
[2011.11.18 10:52:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ICQ Toolbar
[2011.11.18 10:36:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Eigene Google Gadgets
[2011.11.18 10:36:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ApplicationHistory
[2011.11.18 10:35:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2011.11.18 10:33:34 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.11.18 10:33:34 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2011.11.18 10:33:34 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.11.18 10:33:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2011.11.18 10:33:17 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Vorlagen
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Verlauf
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Startmenü
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Netzwerkumgebung
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Lokale Einstellungen
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Videos
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Musik
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Eigene Dateien
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Bilder
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Druckumgebung
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Anwendungsdaten
[2011.11.18 10:33:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Anwendungsdaten
[2011.11.18 10:33:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp
[2011.11.18 10:33:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2011.11.18 10:33:04 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents
[2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2011.11.18 10:33:04 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.11.18 10:33:04 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2011.11.18 10:33:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Roaming
[2011.11.18 10:33:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2011.11.18 10:33:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
========== Files - Modified Within 30 Days ==========
[2011.12.04 17:09:45 | 001,480,118 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011.12.04 17:09:45 | 000,630,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.04 17:09:45 | 000,607,228 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.04 17:09:45 | 000,131,080 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.04 17:09:45 | 000,108,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.04 17:09:35 | 001,048,576 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT
[2011.12.04 17:09:05 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2011.12.04 17:09:05 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2011.12.04 17:03:34 | 000,114,381 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.12.04 17:03:34 | 000,114,381 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.04 17:03:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.04 17:03:23 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.04 17:03:23 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.04 17:03:18 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011.12.04 17:03:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011.12.04 17:03:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.04 17:02:07 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.12.04 16:58:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.04 14:50:16 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.04 14:16:19 | 002,433,699 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2011.12.03 19:08:37 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.29 18:42:18 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011.11.24 19:17:00 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011.11.24 19:17:00 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011.11.24 19:14:56 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011.11.24 12:14:31 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.18 12:19:06 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.18 12:09:45 | 000,000,613 | ---- | M] () -- C:\Users\Administrator\Desktop\3DMark2001SE - Verknüpfung.lnk
[2011.11.18 10:50:00 | 000,109,720 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2011.11.18 10:36:06 | 000,000,101 | ---- | M] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2011.11.18 10:35:12 | 000,008,224 | ---- | M] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2011.11.18 10:33:05 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2011.11.18 10:33:05 | 000,000,020 | -HS- | M] () -- C:\Users\Administrator\ntuser.ini
========== Files Created - No Company Name ==========
[2011.12.04 14:50:16 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.04 14:16:19 | 002,433,699 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2011.12.03 19:08:37 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.24 19:17:00 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.11.24 19:17:00 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011.11.18 12:19:06 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.18 12:09:45 | 000,000,613 | ---- | C] () -- C:\Users\Administrator\Desktop\3DMark2001SE - Verknüpfung.lnk
[2011.11.18 10:48:52 | 000,000,946 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011.11.18 10:36:13 | 000,109,720 | ---- | C] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2011.11.18 10:36:06 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2011.11.18 10:35:12 | 000,008,224 | ---- | C] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2011.11.18 10:33:52 | 000,000,951 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.11.18 10:33:17 | 000,000,917 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011.11.18 10:33:05 | 000,524,288 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2011.11.18 10:33:05 | 000,524,288 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2011.11.18 10:33:05 | 000,065,536 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2011.11.18 10:33:05 | 000,000,020 | -HS- | C] () -- C:\Users\Administrator\ntuser.ini
[2011.11.18 10:33:04 | 001,048,576 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT
[2011.10.16 18:28:15 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.09.27 19:13:43 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.09.27 19:13:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.04.24 18:23:56 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.04.24 18:21:45 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011.03.08 13:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.03.08 13:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.03.08 13:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.03.08 13:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.02.24 17:02:22 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll
[2010.02.10 18:28:22 | 000,000,022 | ---- | C] () -- C:\Windows\Kyor.ini
[2010.02.10 18:25:05 | 000,000,035 | ---- | C] () -- C:\Windows\rms.dat
[2009.12.03 23:02:42 | 001,738,128 | ---- | C] () -- C:\Windows\System32\BCGPStyle2007Luna.dll
[2009.12.02 16:54:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.19 20:52:07 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\03C098E9FC.sys
[2009.09.19 20:27:47 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.08.15 20:33:37 | 000,006,266 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.08.15 20:33:37 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\3478262EB3.sys
[2009.08.15 13:53:45 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.08.15 13:53:45 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5E1201E55F.sys
[2009.07.17 13:47:57 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009.07.12 14:50:19 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.07.12 14:50:18 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.07.12 14:50:17 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009.07.12 14:50:17 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.07.12 14:50:17 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.07.12 14:50:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.07.12 14:50:16 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009.07.10 21:10:56 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.07.10 21:10:56 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.05.27 14:57:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.27 14:57:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.27 14:57:02 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2009.01.23 23:00:18 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.01.23 18:27:37 | 000,673,792 | ---- | C] () -- C:\Windows\is-2S659.exe
[2008.12.15 21:00:54 | 000,114,381 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.12.15 21:00:36 | 000,114,381 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.11.22 15:50:29 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008.11.22 15:49:43 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.11.22 15:49:34 | 000,183,112 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008.10.14 20:24:15 | 000,000,024 | ---- | C] () -- C:\Windows\ird.ini
[2008.08.19 19:39:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.06.18 20:46:18 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2008.06.07 22:27:29 | 000,000,022 | ---- | C] () -- C:\ProgramData\C9B086CE-4A3B-11DB-8373-B622A1EF5492
[2008.02.21 18:27:00 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.02.19 19:05:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.02.09 20:35:02 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008.02.09 20:35:01 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.02.09 12:55:37 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008.02.09 12:41:53 | 000,003,204 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.08.16 14:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2007.07.25 17:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.15 19:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.11 20:52:50 | 000,454,656 | ---- | C] () -- C:\Windows\System32\mmSQL.dll
[2006.11.03 16:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 16:33:31 | 000,630,952 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,131,080 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,410,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 001,480,118 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2006.11.02 11:33:01 | 000,607,228 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,108,604 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006.11.02 11:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006.11.02 11:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 08:10:37 | 000,053,536 | ---- | C] () -- C:\Windows\System32\dosx.exe
[2006.11.02 08:10:02 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe
[2006.11.02 08:10:00 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe
[2006.11.02 08:09:59 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com
[2006.11.02 08:09:59 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM
[2006.11.02 08:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe
[2006.11.02 08:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe
[2006.11.02 08:09:57 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM
[2006.11.02 08:09:56 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe
[2006.11.02 08:09:55 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe
[2006.11.02 08:09:55 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM
[2006.11.02 08:09:53 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe
[2006.11.02 08:09:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe
[2006.11.02 08:09:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe
[2006.11.02 08:09:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe
[2006.11.02 08:09:49 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM
[2006.11.02 08:09:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe
[2006.11.02 08:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006.11.02 08:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006.11.02 08:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006.11.02 08:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006.11.02 08:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006.11.02 08:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006.11.02 08:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006.11.02 08:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006.11.02 08:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006.11.02 08:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006.11.02 08:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006.11.02 08:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006.11.02 08:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006.11.02 08:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006.11.02 08:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006.11.02 07:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2005.12.21 15:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 15:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2005.08.17 13:53:03 | 000,401,408 | ---- | C] () -- C:\Windows\System32\StepButtonS.dll
[2005.05.20 00:56:26 | 000,491,520 | ---- | C] () -- C:\Windows\System32\mp3lib.dll
[2003.01.14 06:45:02 | 000,122,368 | ---- | C] () -- C:\Windows\System32\UNZDLL.dll
[2003.01.14 06:37:28 | 000,138,752 | ---- | C] () -- C:\Windows\System32\ZipDLL.dll
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.05.24 12:20:38 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll
========== LOP Check ==========
[2011.11.18 10:52:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQ Toolbar
[2011.11.29 18:42:18 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011.12.04 17:02:08 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.04 17:03:18 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E74F5F70
< End of report >
und Instalierte Programme
Code:
ABBYY FineReader 11 ABBYY 27.09.2011 713MB 11.0.289
Acronis*Disk Director Server Acronis 19.02.2008 41,4MB 10.0.2169
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 23.11.2011 11.1.102.55
Adobe Flash Player ActiveX Adobe Systems Incorporated 08.02.2008 9.0.47.0
Adobe Reader 8.3.1 - Deutsch Adobe Systems Incorporated 13.09.2011 102,0MB 8.3.1
Advanced Audio FX Engine 08.02.2008
Advanced Audio Recorder v6.0.2 AAR Inc. 03.12.2008 17,1MB
Advanced Video FX Engine 08.02.2008
ANNO 1404 Ubisoft 07.02.2010 3.160MB 1.00.0000
Apple Application Support Apple Inc. 25.06.2010 39,7MB 1.2.1
Apple Software Update Apple Inc. 25.06.2010 2,16MB 2.1.1.116
Audio 180% Franzis Verlag Gmbh 26.07.2008
Benutzerhandbuch 08.02.2008 0,82MB
bhv Schule total 2003 2004 Startzentrale bhv 26.06.2010 1,37MB 1.00.0000
Canon Easy-WebPrint EX 01.08.2011 6,84MB
Canon IJ Network Scan Utility 01.08.2011 1,07MB
Canon IJ Network Tool 01.08.2011 2,91MB
Canon MP Navigator EX 3.1 01.08.2011 72,5MB
Canon MX340 series - регистрация пользователя 01.08.2011 1,09MB
Canon MX340 series MP Drivers 01.08.2011 345MB
Canon Utilities Easy-PhotoPrint EX 01.08.2011 222MB
Canon Utilities My Printer 01.08.2011 5,23MB
Canon Утилита быстрого набора 01.08.2011 8,52MB
CCleaner Piriform 02.12.2011 2,55MB 3.13
CD DriveTool 28.02.2008 0,12MB
DBOX2 Image-Flashing-Assistent 3.1.1 Hallenberg.com 04.10.2009 4,12MB
Dealio Toolbar v4.6 Spigot, Inc. 26.08.2011 3,21MB 4.6
Dell Driver Download Manager Dell Inc. 23.12.2009 2.0.0.0
Dell Handbuch zum Einstieg Dell Inc. 08.02.2008 1.00.0000
Dell Support Center Dell Inc. 17.10.2011 119,5MB 3.1.5907.12
Dell Touchpad Alps Electric 08.02.2008 7,66MB 7.1.102.7
Dell Webcam Center 08.02.2008 14,1MB
Dell Webcam Manager 08.02.2008 0,77MB
Download Master version 5.12.2.1289 WestByte 02.12.2011 6,72MB 5.12.2.1289
ElsterFormular für Privatanwender Landesfinanzdirektion Thüringen 22.03.2011 143,2MB 12.1.1.6214p
EVEREST Corporate Edition v5.30 Lavalys, Inc. 19.08.2011 16,3MB 5.30
Favorit 14.06.2008
Free Mp3 Wma Converter V 2.0 Koyote Soft 15.10.2011 26,2MB 2.0.0.0
Free Video Converter V 2.5 Koyote Soft 23.02.2010 13,2MB 2.5.0.0
FreePDF (Remove only) 26.09.2011 3,58MB
Google Chrome Google Inc. 08.02.2009 52,6MB 15.0.874.121
Google Desktop Google 07.07.2010 8,61MB 5.9.1005.12335
Google Earth Google 17.11.2011 92,8MB 6.1.0.5001
Google Toolbar for Internet Explorer Google Inc. 29.11.2011 13,0MB 7.2.2318.1946
Google Updater Google Inc. 03.10.2011 3,43MB 2.4.2432.1652
GPL Ghostscript Artifex Software Inc. 26.09.2011 31,6MB 9.04
ICQ6.5 ICQ 12.03.2009 41,2MB 6.5
Intel(R) Matrix Storage Manager 08.02.2008 3,77MB
Intel(R) PROSet/Wireless Software Intel Corporation 08.02.2008 11.01.0000
J2SE Runtime Environment 5.0 Update 12 Sun Microsystems, Inc. 01.05.2009 146,2MB 1.5.0.120
JAP JAP-Team 01.05.2009 8,00MB 00.11.001
Java(TM) 6 Update 22 Oracle 25.10.2011 97,1MB 6.0.220
Java(TM) 6 Update 29 Sun Microsystems, Inc. 14.09.2009 95,0MB 6.0.290
|
