|
deinstaliere mal stop zilla und instaliere es neu. reinige mit otcleanit: http://oldtimer.geekstogo.com/OTM.exe Klicke cleanup! dein pc wird evtl. neu starten programm löscht sich selbst, + die verwendeten tools rechtsklick arbeitsplatz, eigenschaften, systemwiederherstellung, auf allen laufwerken deaktivieren, übernehmen, ok 5 min warten, wieder einschalten, zeigt stopzilla noch was an? |
Hier das Eventlog von STOzilla: Block/Extraction NT Service enforcer 2010-08-06 20:20:58 Disabled service: messenger - Information Internet ExplorerSiteguard 2010-08-06 20:20:57 Inspecting registered Internet Explorer toolbars Block/Extraction Registry enforcer 2010-08-06 20:20:57 Deleting WinLogon registry Information Registry enforcer 2010-08-06 20:20:57 Inspecting registered Explorer bars Information Registry enforcer 2010-08-06 20:20:50 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-06 20:20:50 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-06 20:20:49 Inspecting registered Browser Helper Objects (BHOs) Information Home page protection 2010-08-06 20:20:44 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-06 20:20:41 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 20:20:38 Disabled service: messenger - Information Process enforcer 2010-08-06 20:20:36 Starting process watcher Block/Extraction NT Service enforcer 2010-08-06 18:31:42 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 18:31:25 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 18:31:25 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 17:43:10 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 17:43:10 Disabled service: messenger - Information Home page protection 2010-08-06 17:41:27 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-06 17:41:21 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-06 17:41:20 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-06 17:41:19 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-06 17:41:19 Inspecting registered Explorer bars Information Registry enforcer 2010-08-06 17:41:12 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-06 17:41:11 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-06 17:41:11 Inspecting registered Browser Helper Objects (BHOs) Block/Extraction NT Service enforcer 2010-08-06 17:41:05 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 17:41:01 Disabled service: messenger - Information Process enforcer 2010-08-06 17:41:00 Starting process watcher Block/Extraction NT Service enforcer 2010-08-06 15:36:32 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 15:36:15 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 15:36:15 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 15:03:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 15:03:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 15:03:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 15:03:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 15:00:42 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 15:00:41 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 15:00:39 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 15:00:39 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:58:47 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-06 14:58:44 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-06 14:58:44 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-06 14:58:44 Inspecting registered Explorer bars Information Registry enforcer 2010-08-06 14:58:39 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-06 14:58:39 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-06 14:58:38 Inspecting registered Browser Helper Objects (BHOs) Information Home page protection 2010-08-06 14:58:38 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-06 14:58:27 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:58:21 Disabled service: messenger - Information Process enforcer 2010-08-06 14:58:21 Starting process watcher Block/Extraction NT Service enforcer 2010-08-06 14:56:09 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:52:41 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:52:41 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:45:54 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:45:54 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:44:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:44:16 Disabled service: messenger - Information Home page protection 2010-08-06 14:43:56 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-06 14:43:53 Disabled service: messenger - Information Internet ExplorerSiteguard 2010-08-06 14:43:49 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-06 14:43:49 Inspecting registered Explorer bars Block/Extraction Registry enforcer 2010-08-06 14:43:49 Deleting WinLogon registry Information Registry enforcer 2010-08-06 14:43:42 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-06 14:43:42 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-06 14:43:42 Inspecting registered Browser Helper Objects (BHOs) Block/Extraction NT Service enforcer 2010-08-06 14:43:32 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:43:28 Disabled service: messenger - Information Process enforcer 2010-08-06 14:43:28 Starting process watcher Block/Extraction NT Service enforcer 2010-08-06 14:41:12 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:41:11 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:40:18 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:40:18 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:39:03 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:39:02 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:24:39 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:24:39 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:23:57 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:23:57 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:12:40 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:12:39 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:12:24 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:12:24 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:07:11 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:07:11 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:03:12 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:03:12 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:50:55 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:50:55 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:47:57 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:47:57 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:47:56 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:47:56 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:47:02 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:47:02 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:46:20 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:46:20 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:46:19 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:46:19 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:43:26 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:43:26 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:40:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:40:16 Disabled service: messenger - Information Home page protection 2010-08-06 13:38:18 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-06 13:38:14 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-06 13:38:11 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-06 13:38:10 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-06 13:38:10 Inspecting registered Explorer bars Information Registry enforcer 2010-08-06 13:38:00 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-06 13:37:59 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-06 13:37:59 Inspecting registered Browser Helper Objects (BHOs) Block/Extraction NT Service enforcer 2010-08-06 13:37:50 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:37:45 Disabled service: messenger - Information Process enforcer 2010-08-06 13:37:44 Starting process watcher Block/Extraction NT Service enforcer 2010-08-06 13:35:36 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:35:36 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:34:11 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:34:11 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:33:42 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:33:42 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:32:48 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:32:48 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:32:46 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:32:46 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:32:09 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:32:09 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:31:44 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-06 13:31:40 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-06 13:31:40 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-06 13:31:40 Inspecting registered Explorer bars Information Registry enforcer 2010-08-06 13:31:33 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-06 13:31:33 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-06 13:31:32 Inspecting registered Browser Helper Objects (BHOs) Information Home page protection 2010-08-06 13:31:28 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-06 13:31:23 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:31:20 Disabled service: messenger - Information Process enforcer 2010-08-06 13:31:19 Starting process watcher Block/Extraction NT Service enforcer 2010-08-06 13:28:48 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:28:47 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:28:29 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:28:29 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:28:26 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:28:26 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:28:14 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:28:13 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:08:07 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:08:07 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:07:55 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:07:55 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:06:05 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:06:05 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:01:25 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:01:25 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:00:27 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:00:27 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 12:54:44 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 12:54:43 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 12:51:15 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 12:51:15 Disabled service: messenger - Information Home page protection 2010-08-06 12:48:20 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-06 12:48:17 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-06 12:48:12 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-06 12:48:11 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-06 12:48:11 Inspecting registered Explorer bars Block/Extraction NT Service enforcer 2010-08-06 12:48:03 Disabled service: messenger - Information Registry enforcer 2010-08-06 12:47:57 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-06 12:47:57 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-06 12:47:57 Inspecting registered Browser Helper Objects (BHOs) Block/Extraction NT Service enforcer 2010-08-06 12:47:41 Disabled service: messenger - Information Process enforcer 2010-08-06 12:47:40 Starting process watcher Block/Extraction NT Service enforcer 2010-08-06 10:57:55 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 10:57:54 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 09:23:48 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 09:23:48 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:50:18 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:50:18 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:49:06 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:49:06 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:42:24 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:42:24 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:40:00 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:40:00 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:34:59 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:34:59 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:34:04 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:34:04 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:32:04 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:32:04 Disabled service: messenger - Information Home page protection 2010-08-06 08:30:28 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-06 08:30:20 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-06 08:30:18 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-06 08:30:18 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-06 08:30:18 Inspecting registered Explorer bars Information Registry enforcer 2010-08-06 08:30:14 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-06 08:30:11 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-06 08:30:11 Inspecting registered Browser Helper Objects (BHOs) Block/Extraction NT Service enforcer 2010-08-06 08:30:03 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:29:58 Disabled service: messenger - Information Process enforcer 2010-08-06 08:29:57 Starting process watcher Block/Extraction NT Service enforcer 2010-08-06 08:27:28 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:27:28 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:27:25 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:27:25 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:27:11 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:27:11 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:18:48 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:18:48 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:16:53 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-06 08:16:51 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-06 08:16:50 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-06 08:16:50 Inspecting registered Explorer bars Information Registry enforcer 2010-08-06 08:16:46 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-06 08:16:46 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-06 08:16:46 Inspecting registered Browser Helper Objects (BHOs) Information Home page protection 2010-08-06 08:16:46 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-06 08:16:36 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:16:32 Disabled service: messenger - Information Process enforcer 2010-08-06 08:16:31 Starting process watcher Block/Extraction NT Service enforcer 2010-08-06 06:22:56 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 06:22:31 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 06:16:54 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 06:14:15 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 22:54:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 22:54:16 Disabled service: messenger - Information Home page protection 2010-08-05 22:50:33 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-05 22:50:31 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-05 22:50:29 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-05 22:50:28 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-05 22:50:28 Inspecting registered Explorer bars Information Registry enforcer 2010-08-05 22:50:22 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-05 22:50:21 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-05 22:50:21 Inspecting registered Browser Helper Objects (BHOs) Block/Extraction NT Service enforcer 2010-08-05 22:50:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 22:50:13 Disabled service: messenger - Information Process enforcer 2010-08-05 22:50:12 Starting process watcher Block/Extraction NT Service enforcer 2010-08-05 22:33:39 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 22:33:39 Disabled service: messenger - Block/Extraction File enforcer 2010-08-05 22:32:45 Deleted file: c:\dokume~1\gerhar~1\lokale~1\temp\pxlyypow.sys Block/Extraction NT Service enforcer 2010-08-05 22:32:44 Disabled service: messenger - Block/Extraction File enforcer 2010-08-05 22:32:43 Suppressed file: c:\dokume~1\gerhar~1\lokale~1\temp\pxlyypow.sys Block/Extraction NT Service enforcer 2010-08-05 22:32:43 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 22:31:14 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 22:31:14 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 22:31:10 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 22:31:10 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-05 22:29:27 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-05 22:29:27 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-05 22:29:27 Inspecting registered Explorer bars Information Registry enforcer 2010-08-05 22:29:21 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-05 22:29:21 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-05 22:29:21 Inspecting registered Browser Helper Objects (BHOs) Block/Extraction NT Service enforcer 2010-08-05 22:29:18 Disabled service: messenger - Information Home page protection 2010-08-05 22:29:16 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-05 22:29:10 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 22:29:10 Disabled service: messenger - Information Process enforcer 2010-08-05 22:29:08 Starting process watcher Block/Extraction NT Service enforcer 2010-08-05 14:30:23 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:29:17 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:29:16 Removed service: pxlyypow - Block/Extraction Registry enforcer 2010-08-05 14:29:14 Extracted registry key HKLM\SYSTEM\CurrentControlSet\Services\pxlyypow Block/Extraction File enforcer 2010-08-05 14:29:13 Deleted file: c:\dokume~1\gerhar~1\lokale~1\temp\pxlyypow.sys Block/Extraction Registry enforcer 2010-08-05 14:29:11 Extracted registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PXLYYPOW Block/Extraction NT Service enforcer 2010-08-05 14:29:11 Disabled service: messenger - Block/Extraction File enforcer 2010-08-05 14:29:11 Quarantined file: c:\dokume~1\gerhar~1\lokale~1\temp\pxlyypow.sys Block/Extraction NT Service enforcer 2010-08-05 14:27:27 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-05 14:27:26 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-05 14:27:26 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-05 14:27:26 Inspecting registered Explorer bars Information Registry enforcer 2010-08-05 14:27:18 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-05 14:27:18 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-05 14:27:18 Inspecting registered Browser Helper Objects (BHOs) Information Home page protection 2010-08-05 14:27:18 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-05 14:26:56 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:26:51 Disabled service: messenger - Information Process enforcer 2010-08-05 14:26:49 Starting process watcher Block/Extraction NT Service enforcer 2010-08-05 14:23:41 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:23:41 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:23:28 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:23:28 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:22:49 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:22:49 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:16:54 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:16:54 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:15:00 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:15:00 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:11:04 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:11:04 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:10:28 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:10:28 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:10:10 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:10:10 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:07:42 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:07:42 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:05:08 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:05:08 Disabled service: messenger - Information Internet ExplorerSiteguard 2010-08-05 14:03:21 Inspecting registered Internet Explorer toolbars Block/Extraction Registry enforcer 2010-08-05 14:03:21 Deleting WinLogon registry Information Registry enforcer 2010-08-05 14:03:21 Inspecting registered Explorer bars Block/Extraction NT Service enforcer 2010-08-05 14:03:18 Disabled service: messenger - Information Registry enforcer 2010-08-05 14:03:17 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-05 14:03:17 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-05 14:03:16 Inspecting registered Browser Helper Objects (BHOs) Information Home page protection 2010-08-05 14:03:11 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-05 14:03:07 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:03:03 Disabled service: messenger - Information Process enforcer 2010-08-05 14:03:03 Starting process watcher Block/Extraction NT Service enforcer 2010-08-05 10:32:17 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 10:32:17 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 10:31:56 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 10:31:56 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 10:29:04 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 10:29:04 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 10:27:12 Disabled service: messenger - Block/Extraction Home page protection 2010-08-05 10:27:07 Resetting Homepage back to www.sach-fach.de Block/Extraction Registry enforcer 2010-08-05 10:27:02 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-05 10:27:02 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-05 10:27:02 Inspecting registered Explorer bars Block/Extraction NT Service enforcer 2010-08-05 10:27:01 Disabled service: messenger - Information Registry enforcer 2010-08-05 10:26:55 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-05 10:26:55 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-05 10:26:54 Inspecting registered Browser Helper Objects (BHOs) Block/Extraction NT Service enforcer 2010-08-05 10:26:44 Disabled service: messenger - Information Process enforcer 2010-08-05 10:26:43 Starting process watcher Block/Extraction NT Service enforcer 2010-08-04 23:35:37 Disabled service: messenger - Information Registry enforcer 2010-08-04 23:23:01 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-04 23:23:00 Inspecting WinSock registry (LSP Chain) Information Internet ExplorerSiteguard 2010-08-04 23:23:00 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-04 23:23:00 Inspecting registered Explorer bars Information Registry enforcer 2010-08-04 23:23:00 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-04 23:23:00 Inspecting registered Browser Helper Objects (BHOs) Block/Extraction NT Service enforcer 2010-08-04 23:22:56 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 23:22:56 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 23:22:55 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 23:22:55 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 23:22:54 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 23:22:52 Disabled service: messenger - Information General 2010-08-04 23:22:52 Anti-Virus definition update 12.62.3.0 successfully applied. Information General 2010-08-04 23:22:50 Request to update definitions completed successfully. Information General 2010-08-04 23:22:46 Anti-Spyware Incremental definition update 5.0.71.9 successfully applied. Information General 2010-08-04 23:22:45 Anti-Spyware Incremental definition update 5.0.71.8 successfully applied. Block/Extraction NT Service enforcer 2010-08-04 23:04:09 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 23:04:09 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 22:57:45 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 22:57:33 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-04 22:57:32 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-04 22:57:32 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-04 22:57:32 Inspecting registered Explorer bars Information Registry enforcer 2010-08-04 22:57:27 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-04 22:57:26 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-04 22:57:26 Inspecting registered Browser Helper Objects (BHOs) Block/Extraction NT Service enforcer 2010-08-04 22:57:15 Disabled service: messenger - Information Process enforcer 2010-08-04 22:57:14 Starting process watcher Block/Extraction NT Service enforcer 2010-08-04 22:23:55 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 22:23:55 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 22:23:42 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 22:23:42 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 22:16:28 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 22:16:28 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 21:58:10 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 21:58:10 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 21:57:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 21:57:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 21:36:09 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 21:36:09 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:30:03 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:30:03 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:28:38 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:28:38 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:28:17 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:28:17 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:28:01 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:28:01 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:24:58 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-04 20:24:50 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-04 20:24:49 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-04 20:24:49 Inspecting registered Explorer bars Block/Extraction NT Service enforcer 2010-08-04 20:24:48 Disabled service: messenger - Information Registry enforcer 2010-08-04 20:24:45 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-04 20:24:45 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-04 20:24:44 Inspecting registered Browser Helper Objects (BHOs) Block/Extraction NT Service enforcer 2010-08-04 20:24:33 Disabled service: messenger - Information Process enforcer 2010-08-04 20:24:32 Starting process watcher Block/Extraction NT Service enforcer 2010-08-04 20:22:08 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:22:06 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:18:01 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 20:18:01 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:18:01 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:17:59 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 20:17:58 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:17:58 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 19:33:12 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 19:33:12 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 19:33:12 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:46:52 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 18:46:51 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:46:51 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:37:37 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 18:37:37 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:37:37 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-04 18:37:36 Deleted registry value system in hklm\software\microsoft\windows nt\currentversion\winlogon Block/Extraction Registry enforcer 2010-08-04 18:37:36 Deleted registry value DisableRegistryTools in hklm\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:37:36 Detected malicious registry entry DisableRegistryTools in hklm\software\microsoft\windows\currentversion\policies\system Block/Extraction NT Service enforcer 2010-08-04 18:37:36 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 18:37:36 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:37:36 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:37:19 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 18:37:19 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:37:19 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:32:59 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 18:32:59 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:32:59 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-04 18:32:58 Deleted registry value system in hklm\software\microsoft\windows nt\currentversion\winlogon Block/Extraction Registry enforcer 2010-08-04 18:32:58 Deleted registry value DisableRegistryTools in hklm\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:32:58 Detected malicious registry entry DisableRegistryTools in hklm\software\microsoft\windows\currentversion\policies\system Block/Extraction NT Service enforcer 2010-08-04 18:32:57 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 18:32:57 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:32:56 Disabled service: messenger - Block/Extraction File enforcer 2010-08-04 18:32:54 Deleted file: c:\windows\mbr.exe Block/Extraction Process enforcer 2010-08-04 18:32:53 Terminated process: (2548) c:\windows\mbr.exe Block/Extraction File enforcer 2010-08-04 18:32:53 Quarantined file: c:\windows\mbr.exe Block/Extraction NT Service enforcer 2010-08-04 18:32:49 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 18:32:49 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:32:48 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:32:42 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction Registry enforcer 2010-08-04 18:32:42 Deleted registry value DisableRegistryTools in hklm\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:32:42 Detected malicious registry entry DisableRegistryTools in hklm\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-08-04 18:32:42 Deleted registry value system in hklm\software\microsoft\windows nt\currentversion\winlogon Block/Extraction NT Service enforcer 2010-08-04 18:32:42 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:32:41 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:32:37 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 18:32:37 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:32:37 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:25:43 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 18:25:43 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:25:43 Disabled service: messenger - Block/Extraction File enforcer 2010-08-04 18:25:42 Deleted file: c:\combofix\mbr.cfxxe Block/Extraction Process enforcer 2010-08-04 18:25:41 Terminated process: (1844) c:\combofix\mbr.cfxxe Block/Extraction File enforcer 2010-08-04 18:25:41 Quarantined file: c:\combofix\mbr.cfxxe Block/Extraction NT Service enforcer 2010-08-04 18:25:38 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 18:25:38 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:25:38 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:25:34 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 18:25:34 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:25:34 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:25:33 Removed service: catchme - Block/Extraction Registry enforcer 2010-08-04 18:25:29 Extracted registry key HKLM\SYSTEM\CurrentControlSet\Services\catchme Block/Extraction Registry enforcer 2010-08-04 18:25:27 Extracted registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME Block/Extraction NT Service enforcer 2010-08-04 18:25:26 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:25:26 Disabled service: messenger - Block/Extraction File enforcer 2010-08-04 18:19:04 Deleted file: c:\windows\pev.exe Block/Extraction File enforcer 2010-08-04 18:19:02 Quarantined file: c:\windows\pev.exe Block/Extraction File enforcer 2010-08-04 18:18:49 Deleted file: c:\windows\pev.exe Block/Extraction File enforcer 2010-08-04 18:18:46 Quarantined file: c:\windows\pev.exe Block/Extraction Registry enforcer 2010-08-04 18:18:35 Deleted registry value disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:18:35 Detected malicious registry entry disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-08-04 18:18:31 Deleted registry value disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:18:31 Detected malicious registry entry disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Block/Extraction NT Service enforcer 2010-08-04 18:18:26 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:18:25 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-04 18:18:08 Deleted registry value disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:18:08 Detected malicious registry entry disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-08-04 18:17:50 Deleted registry value disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:17:50 Detected malicious registry entry disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-08-04 18:17:42 Deleted registry value disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:17:42 Detected malicious registry entry disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-08-04 18:17:40 Deleted registry value DisableRegistryTools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:17:40 Detected malicious registry entry DisableRegistryTools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-08-04 18:17:40 Deleted registry value disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:17:40 Detected malicious registry entry disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-08-04 18:10:57 Deleted registry value disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:10:57 Detected malicious registry entry disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-08-04 18:08:33 Deleted registry value disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:08:33 Detected malicious registry entry disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-08-04 18:08:26 Deleted registry value disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:08:26 Detected malicious registry entry disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-08-04 18:08:24 Deleted registry value DisableRegistryTools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:08:24 Detected malicious registry entry DisableRegistryTools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Block/Extraction NT Service enforcer 2010-08-04 18:04:07 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:04:07 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:01:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:01:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:51:11 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:51:11 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:43:01 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:43:01 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:39:04 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:39:04 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:36:54 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:36:54 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:36:31 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:36:31 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:05:25 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:05:25 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:04:41 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:04:41 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 16:59:07 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 16:59:07 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 14:32:36 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 14:32:36 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 14:32:33 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 14:32:33 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 14:32:30 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 20:30:15 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 20:30:15 Disabled service: messenger - |
Liste der Anhänge anzeigen (Anzahl: 5) Habe die Screenshots hochgeladen. |
versuchs mal wie ichs beschrieben hab und dann schau mal ob noch gemeckert wird |
Zitat:
GMER und Norman TDSS Cleaner sind immer noch auf dem Desktop |
hmm aber otm hätte qoobox usw entfernen müssen kannst du die meldungen auch als text kopieren und posten? nutze außerdem den ccleaner: http://www.trojaner-board.de/51464-a...-ccleaner.html dateien + registry bereinigen. |
Sch... jetzt habe ich bei STOPzilla auf REMOVE now gedrückt, obwohl ich das ja stehen lassen sollen oder habe ich bei der Müdigkeit etwas missverstanden? Apropos Missverstehen: Bitte verstehe es nicht falsch, dass ich eine komplette Neuinstallation ablehne, ich fürchte mich bloß vor dem, was danach kommt ( du hast wahrscheinlich gesehen, dass das kein Spielzeug-PC ist sondern eine Arbeitsmaschine für einen Biologen). Wenn es keine andere Möglichkeit gibt, komme ich gerne darauf zurück, wenn ich darf. Oups gerade kommt 'ne E-Mail von dir. |
ok dann lasse stopzilla mal removen, dann ccleaner und dann neustart und schaue ob er immernoch rum jault :-) und noch ein neues otl log |
Also erstmal muss ich ein großes Lob aussprechen für dich und das Trojanerboard! Das ist auch für die Mitleser interessant - finde ich. Einfach Super: Soviel Ausdauer und Hilfe. Und gelernt habe ich auch noch eine Menge (weil ich die Möglichkeit hatte, mich parallel auf meinem Netbook oder dem PC meiner Frau zu informieren). Und dann noch das Angebot einer weiteren Hilfe zu einer (sicheren) Neuinstallation, die verlockend ist, wenn dieser "Rattenschwanz" der eigenen PC-Konfiguration nicht wäre... Ich werde mich am Ende der Prozedur erkundigen, wie ich mich dafür erkenntlich zeigen kann. Vor ein paar Jahren hatte meine Frau bei einem PC ein Problem, welches lokale "Helfer" nicht, bzw. nur unzureichend lösen könnten, dafür aber viel Geld bekamen. Ich hoffe das wird jetzt nicht als "flatratelabern" (hat der Opa heute aus der ZEitung gelernt) missverstanden... ... zurück zum Thema: STOPzilla hat nix mehr zu meckern, nachdem er alles removed hat. CCleaner ist durchgelaufen und aufgeräumt. Neustart warm und kalt haben funktioniert (obwohl ich dem Braten ja nicht traue). OTL Scan läuft. Erstmal QuickScan, wenn's Recht ist!? |
OTL Teil 1 OTL logfile created on: 06.08.2010 22:27:53 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = D:\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 255,32 Gb Total Space | 221,99 Gb Free Space | 86,94% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 418,84 Gb Free Space | 89,93% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 202,18 Gb Free Space | 43,41% Space Free | Partition Type: NTFS Drive F: | 312,61 Gb Total Space | 113,07 Gb Free Space | 36,17% Space Free | Partition Type: NTFS Drive G: | 465,76 Gb Total Space | 214,40 Gb Free Space | 46,03% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SACHFACH Current User Name: Gerhard Ott Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.08.04 12:39:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe PRC - [2010.07.31 21:05:11 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2010.07.28 21:19:32 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Programme\Tools\STOPzilla\STOPzilla.exe PRC - [2010.07.28 21:19:28 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Programme\Gemeinsame Dateien\iS3\Anti-Spyware\SZServer.exe PRC - [2010.07.28 15:35:15 | 000,413,696 | ---- | M] (BitDefender SRL) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe PRC - [2010.07.28 15:35:14 | 001,638,240 | ---- | M] (BitDefender S. R. L.) -- C:\Programme\BitDefender\BitDefender 2009\vsserv.exe PRC - [2010.07.28 15:35:12 | 000,782,336 | ---- | M] (BitDefender S.R.L.) -- C:\Programme\BitDefender\BitDefender 2009\bdagent.exe PRC - [2010.07.28 15:35:11 | 000,442,368 | ---- | M] () -- C:\Programme\BitDefender\BitDefender 2009\seccenter.exe PRC - [2010.06.24 16:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010.02.14 02:53:52 | 000,352,256 | ---- | M] (Realtime Soft Ltd) -- C:\Programme\UltraMon\UltraMonTaskbar.exe PRC - [2010.02.14 02:53:28 | 000,492,544 | ---- | M] (Realtime Soft Ltd) -- C:\Programme\UltraMon\UltraMon.exe PRC - [2009.12.03 12:17:49 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe PRC - [2009.11.13 09:30:50 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2009.11.13 09:28:44 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2008.10.15 02:03:55 | 000,045,936 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe PRC - [2008.10.13 13:16:44 | 000,554,264 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe PRC - [2008.09.19 16:21:58 | 001,262,336 | ---- | M] (Matrox Graphics Inc.) -- c:\Programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe PRC - [2008.09.19 16:21:32 | 000,343,296 | ---- | M] (Matrox Graphics Inc) -- c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe PRC - [2007.09.13 09:40:02 | 000,106,496 | ---- | M] (Bibliographisches Institut & F. A. Brockhaus AG) -- C:\Programme\Gemeinsame Dateien\DKOO\dpfserv.exe PRC - [2007.09.07 11:40:34 | 000,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe PRC - [2007.09.07 11:40:04 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe PRC - [2007.06.08 04:56:31 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe PRC - [2007.05.29 12:06:44 | 000,598,960 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdfcoms.exe PRC - [2007.05.29 12:06:20 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfserv.exe PRC - [2001.09.17 10:00:22 | 000,266,310 | ---- | M] (DataViz Inc.) -- C:\Programme\Conversions Plus\FormatM.exe ========== Modules (SafeList) ========== MOD - [2010.08.04 12:39:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe MOD - [2010.07.31 21:04:43 | 002,843,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msi.dll MOD - [2010.07.31 21:04:43 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2010.02.14 02:53:56 | 000,210,432 | ---- | M] (Realtime Soft Ltd) -- C:\Programme\UltraMon\RTSUltraMonHook.dll MOD - [2010.02.14 02:52:06 | 000,325,120 | ---- | M] (Realtime Soft Ltd) -- C:\Programme\UltraMon\UltraMonResButtons.dll MOD - [2009.08.13 15:55:39 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2010.07.31 22:52:44 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.07.28 21:19:28 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\iS3\Anti-Spyware\SZServer.exe -- (szserver) SRV - [2010.07.28 15:35:15 | 000,413,696 | ---- | M] (BitDefender SRL) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV) SRV - [2010.07.28 15:35:14 | 001,638,240 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Programme\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV) SRV - [2010.07.28 15:35:10 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan) SRV - [2010.06.24 16:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.03 12:17:49 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2009.11.13 09:28:44 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2009.11.13 09:24:42 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2009.01.20 19:16:20 | 000,172,032 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3) SRV - [2008.10.13 13:16:44 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2008.09.19 16:21:58 | 001,262,336 | ---- | M] (Matrox Graphics Inc.) [Auto | Running] -- c:\Programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe -- (Matrox Centering Service) SRV - [2008.09.19 16:21:32 | 000,343,296 | ---- | M] (Matrox Graphics Inc) [Auto | Running] -- c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe -- (Matrox.Pdesk.ServicesHost) SRV - [2007.11.26 14:50:04 | 000,294,912 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand | Stopped] -- C:\Programme\Tools\DSL Manager\DslMgrSvc.exe -- (TDslMgrService) SRV - [2007.10.17 14:49:46 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007.09.13 09:40:02 | 000,106,496 | ---- | M] (Bibliographisches Institut & F. A. Brockhaus AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\DKOO\dpfserv.exe -- (DPFService) SRV - [2007.09.07 11:40:04 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom) SRV - [2007.06.27 20:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2007.06.08 04:56:31 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV) SRV - [2007.05.29 12:06:44 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdfcoms.exe -- (lxdf_device) SRV - [2007.05.29 12:06:20 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe -- (lxdfCATSCustConnectService) SRV - [2007.03.20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3) SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2001.09.17 10:00:22 | 000,266,310 | ---- | M] (DataViz Inc.) [Auto | Running] -- C:\Programme\Conversions Plus\FORMATM.EXE -- (MacFormatService) SRV - [2000.05.24 15:20:36 | 000,015,360 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\ATMsrvc.exe -- (ATMsrvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\XrUsb.sys -- (X-Rite) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UltraMonMirror.sys -- (UltraMonMirror) DRV - File not found [Kernel | On_Demand | Stopped] -- H:\MEMIO.SYS -- (DOSMEMIO) DRV - [2010.07.31 21:04:21 | 001,485,824 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MTXPARM.sys -- (MTXPAR) DRV - [2010.07.31 21:04:21 | 001,184,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2010.07.31 21:04:21 | 000,971,232 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm147.sys -- (tdrpman147) Acronis Try&Decide and Restore Points filter (build 147) DRV - [2010.07.31 21:04:21 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.07.31 21:04:21 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2010.07.31 21:04:21 | 000,256,568 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6) DRV - [2010.07.31 21:04:21 | 000,176,715 | ---- | M] (DataViz Inc.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\MacOpen.sys -- (MacOpen) DRV - [2010.07.31 21:04:21 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380) DRV - [2010.07.31 21:04:21 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel) DRV - [2010.07.31 21:04:21 | 000,054,272 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32) DRV - [2010.07.31 21:04:21 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2010.07.31 21:04:21 | 000,029,184 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone) DRV - [2010.07.31 21:04:21 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem) DRV - [2010.07.31 21:04:21 | 000,019,712 | R--- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxofwfp.sys -- (MaxtorFrontPanel1) DRV - [2010.07.31 21:04:21 | 000,013,824 | ---- | M] (T-Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tsmpkt.sys -- (TSMPacket) DRV - [2010.07.31 21:04:21 | 000,013,396 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (MagicTune) DRV - [2010.07.31 21:04:21 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2010.07.31 21:04:21 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid) DRV - [2010.07.31 21:04:21 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2010.07.31 21:04:21 | 000,005,504 | ---- | M] (Matrox Graphics Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mtxparmx.sys -- (Mtxparmx) DRV - [2010.07.31 21:04:20 | 000,537,600 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fpcibase.sys -- (fpcibase) DRV - [2010.07.31 21:04:20 | 000,254,872 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R) DRV - [2010.07.31 21:04:20 | 000,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr) DRV - [2010.07.31 21:04:20 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2010.07.31 21:04:20 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm) DRV - [2010.07.31 21:04:20 | 000,106,432 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2010.07.31 21:04:20 | 000,080,384 | R--- | M] (OMNIKEY) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys -- (cxbu0wdm) DRV - [2010.07.31 21:04:20 | 000,053,632 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN) DRV - [2010.07.31 21:04:20 | 000,044,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2010.07.31 21:04:20 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2010.07.31 21:04:20 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DslTestSp5.sys -- (dsltestSp5) DRV - [2010.07.31 21:04:20 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2010.07.31 21:04:18 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) DRV - [2010.07.31 21:04:18 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394) DRV - [2010.07.31 21:04:17 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN) DRV - [2010.07.28 15:35:10 | 000,137,224 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif) DRV - [2010.05.12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs) DRV - [2009.12.07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5) DRV - [2009.12.07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv) DRV - [2009.10.14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009.04.03 17:49:38 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos) DRV - [2009.01.12 12:27:58 | 000,008,832 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Programme\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr) DRV - [2008.11.14 02:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Programme\Gemeinsame Dateien\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility) DRV - [2008.09.02 14:32:06 | 000,013,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos) DRV - [2008.04.13 20:40:12 | 000,015,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum) DRV - [2004.08.03 22:29:38 | 000,452,736 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtxparhm.sys -- (MTXPARH) DRV - [2003.09.03 06:02:42 | 000,020,064 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\MLPTDR_B.SYS -- (MLPTDR_B) DRV - [2000.10.15 19:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\T-Com\DSLCheck\Pcandis5.sys -- (PCANDIS5) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.sach-fach.de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com: C:\Programme\BitDefender\BitDefender 2009\FFToolbar\ [2010.07.28 15:37:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.28 15:30:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.31 23:54:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.08.06 14:29:57 | 000,000,000 | ---D | M] [2010.05.13 12:48:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Mozilla\Extensions [2010.05.13 12:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2008.05.14 18:41:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2010.08.02 15:42:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.28 15:35:13 | 000,065,536 | ---- | M] () -- C:\Programme\Mozilla Firefox\components\FFComm.dll [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\SnagIt\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Tools\Free Download Manager\iefdm2.dll () O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Programme\Tools\STOPzilla\SZIEBHO.dll (iS3, Inc.) O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\SnagIt\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [BDAgent] C:\Programme\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UltraMon.lnk = C:\WINDOWS\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Programme\Tools\Free Download Manager\dllink.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Programme\Tools\Free Download Manager\dlfvideo.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///H:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.02.07 16:26:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.07.31 22:22:34 | 000,001,352 | ---- | M] () - D:\AutoHotkey.ahk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 90 Days ========== [2010.08.06 22:17:09 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Gerhard Ott\Recent [2010.08.06 21:04:12 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\iS3 [2010.08.06 14:11:04 | 002,661,704 | ---- | C] (Norman ASA) -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Norman_TDSS_Cleaner.exe [2010.08.04 20:20:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.08.04 18:21:47 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.08.04 09:22:51 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.08.03 19:11:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2010.08.03 00:07:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Google [2010.08.02 20:50:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2010.08.02 18:57:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2010.08.02 10:11:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\STOPzilla! [2010.08.01 21:23:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2010.08.01 16:53:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.08.01 16:05:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Malwarebytes [2010.08.01 16:04:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.01 16:04:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.01 16:04:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.01 16:04:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.01 12:37:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\QuickScan [2010.07.31 23:55:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.07.31 22:52:46 | 000,029,512 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe [2010.07.31 22:52:45 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll [2010.07.31 22:52:14 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010 [2010.07.31 22:44:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\FileOpen [2010.07.31 22:44:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe [2010.07.31 22:44:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2010.07.31 22:37:10 | 000,000,000 | ---D | C] -- C:\Programme\UltraMon [2010.07.31 22:37:10 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Realtime Soft [2010.07.31 22:37:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Realtime Soft [2010.07.31 21:04:20 | 000,242,184 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys [2010.07.31 21:04:20 | 000,111,112 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys [2010.07.28 21:19:22 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll [2010.07.28 21:19:22 | 000,447,952 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll [2010.07.28 21:19:22 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll [2010.07.28 21:19:22 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll [2010.07.28 21:19:20 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll [2010.07.28 21:19:20 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll [2010.07.28 21:19:20 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll [2010.07.28 21:19:20 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll [2010.07.28 21:19:20 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll [2010.07.28 21:19:18 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll [2010.07.28 21:19:18 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll [2010.07.28 21:19:18 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll [2010.07.28 15:28:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\BitDefender [2010.07.28 15:22:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop [2010.07.28 10:34:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.07.24 17:53:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Map Maker [2010.06.24 23:11:59 | 000,023,936 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motmodem.sys [2010.06.24 22:54:07 | 000,000,000 | ---D | C] -- D:\MemoMaster [2010.06.23 16:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm [2010.06.23 16:56:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$ [2010.06.09 22:41:03 | 000,106,432 | ---- | C] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys [2010.05.25 11:23:13 | 000,000,000 | ---D | C] -- D:\Zwischenlager [2010.05.20 18:41:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gerhard Ott\Lokale Einstellungen\Anwendungsdaten\Opera [2010.05.20 18:41:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Opera [2010.05.17 18:07:19 | 000,000,000 | ---D | C] -- C:\Programme\MapCreator 2 [2010.05.16 12:15:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\TechSmith [2010.05.12 18:01:06 | 000,059,280 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\drivers\SZKGFS.sys [2009.02.12 17:07:56 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfhcp.dll [2009.02.12 17:07:52 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfinpa.dll [2009.02.12 17:07:52 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfiesc.dll [2009.02.12 17:07:51 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfusb1.dll [2009.02.12 17:07:50 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfserv.dll [2009.02.12 17:07:49 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfpmui.dll [2009.02.12 17:07:49 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfprox.dll [2009.02.12 17:07:48 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdflmpm.dll [2009.02.12 17:07:44 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfhbn3.dll [2009.02.12 17:07:40 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcomc.dll [2009.02.12 17:07:40 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcomm.dll [7 C:\Dokumente und Einstellungen\All Users\*.tmp files -> C:\Dokumente und Einstellungen\All Users\*.tmp -> ] [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.08.06 22:26:24 | 000,000,960 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg [2010.08.06 22:25:33 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\Automatische Problemsuche.job [2010.08.06 22:25:10 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.06 22:24:44 | 000,002,283 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UltraMon.lnk [2010.08.06 22:24:43 | 000,002,321 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk [2010.08.06 22:24:41 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.08.06 22:24:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.06 22:24:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.06 22:23:23 | 013,893,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\ntuser.dat [2010.08.06 22:23:19 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\ntuser.ini [2010.08.06 22:15:41 | 000,000,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Verknüpfung mit OTL.lnk [2010.08.06 22:11:45 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin [2010.08.06 22:08:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.08.06 22:07:25 | 000,000,766 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\CCleaner.lnk [2010.08.06 21:49:04 | 000,225,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.06 14:40:18 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\defogger_reenable [2010.08.06 14:11:06 | 002,661,704 | ---- | M] (Norman ASA) -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Norman_TDSS_Cleaner.exe [2010.08.06 10:48:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.08.06 10:47:23 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.08.06 10:47:23 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2010.08.06 10:00:20 | 000,027,005 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\lxdf [2010.08.05 14:21:24 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\u4jf7786.exe [2010.08.04 22:56:37 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI [2010.08.04 22:24:22 | 000,000,815 | ---- | M] () -- C:\rtsr_eml_sr.dat [2010.08.04 22:24:22 | 000,000,141 | ---- | M] () -- C:\dwl.dat [2010.08.04 22:24:22 | 000,000,132 | ---- | M] () -- C:\httpdwl.dat [2010.08.04 18:33:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.08.04 18:21:53 | 000,000,293 | RHS- | M] () -- C:\boot.ini [2010.08.03 20:00:23 | 000,000,223 | ---- | M] () -- C:\Boot.bak [2010.08.03 15:26:57 | 000,000,118 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\JOTTI Online Scanner.url [2010.08.03 13:05:48 | 000,016,309 | ---- | M] () -- D:\Anschreiben.pdf [2010.08.03 12:56:39 | 000,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini [2010.08.02 21:33:30 | 000,000,915 | ---- | M] () -- C:\WINDOWS\win.ini [2010.08.02 18:52:25 | 000,530,748 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.02 18:52:25 | 000,484,040 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.02 18:52:25 | 000,105,570 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.02 18:52:25 | 000,080,054 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.02 18:52:24 | 001,217,868 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.02 15:33:51 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.08.01 16:04:52 | 000,000,704 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.01 14:54:38 | 009,699,328 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\NTUSER.DAT_tureg_old [2010.08.01 11:15:18 | 000,000,478 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml [2010.07.31 22:22:34 | 000,001,352 | ---- | M] () -- D:\AutoHotkey.ahk [2010.07.31 21:18:05 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\AutoPartNt.let [2010.07.31 21:16:34 | 000,117,813 | ---- | M] () -- C:\WINDOWS\System32\AutoPartNt.scr [2010.07.31 21:16:34 | 000,006,083 | ---- | M] () -- C:\WINDOWS\System32\AutoPartNt.nam [2010.07.31 21:05:15 | 000,282,624 | ---- | M] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe [2010.07.31 21:05:13 | 001,685,606 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sam.spd [2010.07.31 21:05:13 | 000,643,717 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa [2010.07.31 21:05:13 | 000,605,050 | ---- | M] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa [2010.07.31 21:05:13 | 000,000,888 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sam.sdf [2010.07.31 21:05:12 | 000,094,800 | ---- | M] (Twain-Arbeitsgruppe) -- C:\WINDOWS\twain.dll [2010.07.31 21:05:12 | 000,094,800 | ---- | M] (Twain-Arbeitsgruppe) -- C:\WINDOWS\System32\dllcache\twain.dll [2010.07.31 21:05:12 | 000,050,688 | ---- | M] (Twain-Arbeitsgruppe) -- C:\WINDOWS\twain_32.dll [2010.07.31 21:05:12 | 000,050,688 | ---- | M] (Twain-Arbeitsgruppe) -- C:\WINDOWS\System32\dllcache\twain_32.dll [2010.07.31 21:05:11 | 004,399,505 | ---- | M] () -- C:\WINDOWS\System32\dllcache\nls302en.lex [2010.07.31 21:05:11 | 000,380,416 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msinfo.dll [2010.07.31 21:05:10 | 003,374,597 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\dllcache\tourW.exe [2010.07.31 21:05:10 | 000,461,672 | ---- | M] () -- C:\WINDOWS\System32\dllcache\micross.ttf [2010.07.31 21:05:10 | 000,279,040 | ---- | M] () -- C:\WINDOWS\System32\dllcache\tshoot.dll [2010.07.31 21:05:10 | 000,152,844 | ---- | M] () -- C:\WINDOWS\System32\dllcache\framdit.ttf [2010.07.31 21:05:10 | 000,135,984 | ---- | M] () -- C:\WINDOWS\System32\dllcache\framd.ttf [2010.07.31 21:05:09 | 001,206,508 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb [2010.07.31 21:05:09 | 000,785,972 | ---- | M] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb [2010.07.31 21:05:09 | 000,237,160 | ---- | M] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb [2010.07.31 21:05:09 | 000,204,396 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msimain.sdb [2010.07.31 21:05:09 | 000,081,590 | ---- | M] () -- C:\WINDOWS\System32\dllcache\apps.chm [2010.07.31 21:05:09 | 000,034,816 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sniffpol.dll [2010.07.31 21:05:09 | 000,033,280 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sstub.dll [2010.07.31 21:05:09 | 000,009,424 | ---- | M] () -- C:\WINDOWS\System32\dllcache\drvmain.sdb [2010.07.31 21:04:57 | 000,239,616 | ---- | M] () -- C:\WINDOWS\System32\dllcache\wstrendr.ax [2010.07.31 21:04:57 | 000,239,616 | ---- | M] () -- C:\WINDOWS\System32\wstrenderer.ax [2010.07.31 21:04:57 | 000,164,352 | ---- | M] () -- C:\WINDOWS\System32\wstpager.ax [2010.07.31 21:04:57 | 000,164,352 | ---- | M] () -- C:\WINDOWS\System32\dllcache\wstpager.ax [2010.07.31 21:04:55 | 000,013,312 | ---- | M] () -- C:\WINDOWS\System32\win87em.dll [2010.07.31 21:04:55 | 000,013,312 | ---- | M] () -- C:\WINDOWS\System32\dllcache\win87em.dll [2010.07.31 21:04:54 | 000,040,448 | ---- | M] () -- C:\WINDOWS\System32\wiasf.ax [2010.07.31 21:04:54 | 000,040,448 | ---- | M] () -- C:\WINDOWS\System32\dllcache\wiasf.ax [2010.07.31 21:04:54 | 000,001,157 | ---- | M] () -- C:\WINDOWS\System32\vwipxspx.exe [2010.07.31 21:04:54 | 000,001,157 | ---- | M] () -- C:\WINDOWS\System32\dllcache\vwipxspx.exe [2010.07.31 21:04:53 | 000,089,588 | ---- | M] () -- C:\WINDOWS\System32\unicode.nls [2010.07.31 21:04:53 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\vbicodec.ax [2010.07.31 21:04:53 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\dllcache\vbicodec.ax [2010.07.31 21:04:53 | 000,015,360 | ---- | M] () -- C:\WINDOWS\System32\tsd32.dll [2010.07.31 21:04:53 | 000,015,360 | ---- | M] () -- C:\WINDOWS\System32\dllcache\tsd32.dll [2010.07.31 21:04:51 | 000,262,148 | ---- | M] () -- C:\WINDOWS\System32\sortkey.nls [2010.07.31 21:04:51 | 000,023,044 | ---- | M] () -- C:\WINDOWS\System32\sorttbls.nls [2010.07.31 21:04:51 | 000,003,144 | ---- | M] () -- C:\WINDOWS\System32\dllcache\srgb.icm [2010.07.31 21:04:50 | 000,000,882 | ---- | M] () -- C:\WINDOWS\System32\share.exe [2010.07.31 21:04:50 | 000,000,882 | ---- | M] () -- C:\WINDOWS\System32\dllcache\share.exe [2010.07.31 21:04:49 | 000,270,848 | ---- | M] () -- C:\WINDOWS\System32\sbe.dll [2010.07.31 21:04:49 | 000,270,848 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sbe.dll [2010.07.31 21:04:49 | 000,010,240 | ---- | M] () -- C:\WINDOWS\System32\scriptpw.dll [2010.07.31 21:04:49 | 000,010,240 | ---- | M] () -- C:\WINDOWS\System32\dllcache\scriptpw.dll [2010.07.31 21:04:49 | 000,000,984 | ---- | M] () -- C:\WINDOWS\System32\dllcache\srframe.mmf [2010.07.31 21:04:48 | 000,003,358 | ---- | M] () -- C:\WINDOWS\System32\redir.exe [2010.07.31 21:04:48 | 000,003,358 | ---- | M] () -- C:\WINDOWS\System32\dllcache\redir.exe [2010.07.31 21:04:47 | 000,733,696 | ---- | M] () -- C:\WINDOWS\System32\qedwipes.dll [2010.07.31 21:04:47 | 000,733,696 | ---- | M] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll [2010.07.31 21:04:47 | 000,168,720 | ---- | M] () -- C:\WINDOWS\System32\pagefileconfig.vbs [2010.07.31 21:04:47 | 000,168,720 | ---- | M] () -- C:\WINDOWS\System32\dllcache\pagefile.vbs [2010.07.31 21:04:47 | 000,157,696 | ---- | M] () -- C:\WINDOWS\System32\paqsp.dll [2010.07.31 21:04:47 | 000,157,696 | ---- | M] () -- C:\WINDOWS\System32\dllcache\paqsp.dll [2010.07.31 21:04:47 | 000,036,045 | ---- | M] () -- C:\WINDOWS\System32\prncnfg.vbs [2010.07.31 21:04:47 | 000,036,045 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prncnfg.vbs [2010.07.31 21:04:47 | 000,032,871 | ---- | M] () -- C:\WINDOWS\System32\prnmngr.vbs [2010.07.31 21:04:47 | 000,032,871 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prnmngr.vbs [2010.07.31 21:04:47 | 000,029,878 | ---- | M] () -- C:\WINDOWS\System32\prnport.vbs [2010.07.31 21:04:47 | 000,029,878 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prnport.vbs [2010.07.31 21:04:47 | 000,025,679 | ---- | M] () -- C:\WINDOWS\System32\prndrvr.vbs [2010.07.31 21:04:47 | 000,025,679 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prndrvr.vbs [2010.07.31 21:04:47 | 000,021,806 | ---- | M] () -- C:\WINDOWS\System32\prnjobs.vbs [2010.07.31 21:04:47 | 000,021,806 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prnjobs.vbs [2010.07.31 21:04:47 | 000,016,046 | ---- | M] () -- C:\WINDOWS\System32\prnqctl.vbs [2010.07.31 21:04:47 | 000,016,046 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prnqctl.vbs [2010.07.31 21:04:47 | 000,003,758 | ---- | M] () -- C:\WINDOWS\System32\pubprn.vbs [2010.07.31 21:04:47 | 000,003,758 | ---- | M] () -- C:\WINDOWS\System32\dllcache\pubprn.vbs [2010.07.31 21:04:47 | 000,001,950 | ---- | M] () -- C:\WINDOWS\System32\pid.inf [2010.07.31 21:04:47 | 000,001,950 | ---- | M] () -- C:\WINDOWS\System32\dllcache\pid.inf [2010.07.31 21:04:46 | 000,003,262 | ---- | M] () -- C:\WINDOWS\System32\nw16.exe [2010.07.31 21:04:46 | 000,003,262 | ---- | M] () -- C:\WINDOWS\System32\dllcache\nw16.exe [2010.07.31 21:04:45 | 000,035,648 | ---- | M] () -- C:\WINDOWS\System32\ntio411.sys [2010.07.31 21:04:45 | 000,035,648 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio411.sys [2010.07.31 21:04:45 | 000,035,424 | ---- | M] () -- C:\WINDOWS\System32\ntio412.sys [2010.07.31 21:04:45 | 000,035,424 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio412.sys [2010.07.31 21:04:45 | 000,034,560 | ---- | M] () -- C:\WINDOWS\System32\ntio804.sys [2010.07.31 21:04:45 | 000,034,560 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio804.sys [2010.07.31 21:04:45 | 000,034,560 | ---- | M] () -- C:\WINDOWS\System32\ntio404.sys [2010.07.31 21:04:45 | 000,034,560 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio404.sys [2010.07.31 21:04:45 | 000,034,032 | ---- | M] () -- C:\WINDOWS\System32\ntio.sys [2010.07.31 21:04:45 | 000,034,032 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio.sys [2010.07.31 21:04:45 | 000,029,370 | ---- | M] () -- C:\WINDOWS\System32\ntdos411.sys [2010.07.31 21:04:45 | 000,029,370 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntdos411.sys [2010.07.31 21:04:45 | 000,029,274 | ---- | M] () -- C:\WINDOWS\System32\ntdos412.sys [2010.07.31 21:04:45 | 000,029,274 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntdos412.sys [2010.07.31 21:04:45 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\ntdos804.sys [2010.07.31 21:04:45 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntdos804.sys [2010.07.31 21:04:45 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\ntdos404.sys [2010.07.31 21:04:45 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntdos404.sys [2010.07.31 21:04:45 | 000,027,914 | ---- | M] () -- C:\WINDOWS\System32\ntdos.sys [2010.07.31 21:04:45 | 000,027,914 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntdos.sys [2010.07.31 21:04:45 | 000,007,084 | ---- | M] () -- C:\WINDOWS\System32\nlsfunc.exe |
OTL Teil 2 [2010.07.31 21:04:45 | 000,007,084 | ---- | M] () -- C:\WINDOWS\System32\dllcache\nlsfunc.exe [2010.07.31 21:04:43 | 000,355,112 | ---- | M] () -- C:\WINDOWS\System32\msjetoledb40.dll [2010.07.31 21:04:43 | 000,355,112 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msjetol1.dll [2010.07.31 21:04:42 | 000,014,336 | ---- | M] () -- C:\WINDOWS\System32\msdmo.dll [2010.07.31 21:04:42 | 000,014,336 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msdmo.dll [2010.07.31 21:04:42 | 000,000,817 | ---- | M] () -- C:\WINDOWS\System32\mscdexnt.exe [2010.07.31 21:04:42 | 000,000,817 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mscdexnt.exe [2010.07.31 21:04:41 | 000,673,088 | ---- | M] () -- C:\WINDOWS\System32\mlang.dat [2010.07.31 21:04:41 | 000,673,088 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mlang.dat [2010.07.31 21:04:41 | 000,148,992 | ---- | M] () -- C:\WINDOWS\System32\mpg2splt.ax [2010.07.31 21:04:41 | 000,148,992 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax [2010.07.31 21:04:41 | 000,118,272 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mpg2data.ax [2010.07.31 21:04:41 | 000,118,272 | ---- | M] () -- C:\WINDOWS\System32\mpeg2data.ax [2010.07.31 21:04:40 | 000,265,948 | ---- | M] () -- C:\WINDOWS\System32\locale.nls [2010.07.31 21:04:40 | 000,039,546 | ---- | M] () -- C:\WINDOWS\System32\mem.exe [2010.07.31 21:04:40 | 000,039,546 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mem.exe [2010.07.31 21:04:39 | 000,042,809 | ---- | M] () -- C:\WINDOWS\System32\key01.sys [2010.07.31 21:04:39 | 000,042,809 | ---- | M] () -- C:\WINDOWS\System32\dllcache\key01.sys [2010.07.31 21:04:39 | 000,042,537 | ---- | M] () -- C:\WINDOWS\System32\keyboard.sys [2010.07.31 21:04:39 | 000,042,537 | ---- | M] () -- C:\WINDOWS\System32\dllcache\keyboard.sys [2010.07.31 21:04:39 | 000,007,046 | ---- | M] () -- C:\WINDOWS\System32\l_intl.nls [2010.07.31 21:04:39 | 000,007,046 | ---- | M] () -- C:\WINDOWS\System32\dllcache\l_intl.nls [2010.07.31 21:04:39 | 000,000,168 | ---- | M] () -- C:\WINDOWS\System32\l_except.nls [2010.07.31 21:04:39 | 000,000,168 | ---- | M] () -- C:\WINDOWS\System32\dllcache\l_except.nls [2010.07.31 21:04:37 | 000,144,776 | ---- | M] () -- C:\WINDOWS\System32\dllcache\archvapp.inf [2010.07.31 21:04:37 | 000,004,992 | ---- | M] () -- C:\WINDOWS\System32\himem.sys [2010.07.31 21:04:37 | 000,004,992 | ---- | M] () -- C:\WINDOWS\System32\dllcache\himem.sys [2010.07.31 21:04:36 | 000,444,416 | ---- | M] (AVM GmbH) -- C:\WINDOWS\System32\fpcibase.sys [2010.07.31 21:04:36 | 000,444,416 | ---- | M] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys [2010.07.31 21:04:36 | 000,024,772 | ---- | M] () -- C:\WINDOWS\System32\geo.nls [2010.07.31 21:04:36 | 000,024,772 | ---- | M] () -- C:\WINDOWS\System32\dllcache\geo.nls [2010.07.31 21:04:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\System32\fastopen.exe [2010.07.31 21:04:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\System32\dllcache\fastopen.exe [2010.07.31 21:04:35 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\encdec.dll [2010.07.31 21:04:35 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\dllcache\encdec.dll [2010.07.31 21:04:35 | 000,098,604 | ---- | M] () -- C:\WINDOWS\System32\dllcache\evtquery.vbs [2010.07.31 21:04:35 | 000,098,604 | ---- | M] () -- C:\WINDOWS\System32\eventquery.vbs [2010.07.31 21:04:35 | 000,057,856 | ---- | M] () -- C:\WINDOWS\System32\dvdplay.exe [2010.07.31 21:04:35 | 000,057,856 | ---- | M] () -- C:\WINDOWS\System32\dllcache\dvdplay.exe [2010.07.31 21:04:35 | 000,013,026 | ---- | M] () -- C:\WINDOWS\System32\edlin.exe [2010.07.31 21:04:35 | 000,013,026 | ---- | M] () -- C:\WINDOWS\System32\dllcache\edlin.exe [2010.07.31 21:04:35 | 000,008,584 | ---- | M] () -- C:\WINDOWS\System32\exe2bin.exe [2010.07.31 21:04:35 | 000,008,584 | ---- | M] () -- C:\WINDOWS\System32\dllcache\exe2bin.exe [2010.07.31 21:04:33 | 000,054,128 | ---- | M] () -- C:\WINDOWS\System32\dosx.exe [2010.07.31 21:04:33 | 000,054,128 | ---- | M] () -- C:\WINDOWS\System32\dllcache\dosx.exe [2010.07.31 21:04:32 | 000,021,210 | ---- | M] () -- C:\WINDOWS\System32\dllcache\debug.exe [2010.07.31 21:04:32 | 000,021,210 | ---- | M] () -- C:\WINDOWS\System32\debug.exe [2010.07.31 21:04:32 | 000,008,386 | ---- | M] () -- C:\WINDOWS\System32\ctype.nls [2010.07.31 21:04:31 | 000,027,097 | ---- | M] () -- C:\WINDOWS\System32\dllcache\country.sys [2010.07.31 21:04:31 | 000,027,097 | ---- | M] () -- C:\WINDOWS\System32\country.sys [2010.07.31 21:04:27 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_950.nls [2010.07.31 21:04:27 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\c_950.nls [2010.07.31 21:04:27 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_949.nls [2010.07.31 21:04:27 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\c_949.nls [2010.07.31 21:04:27 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_936.nls [2010.07.31 21:04:27 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\c_936.nls [2010.07.31 21:04:27 | 000,162,850 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_932.nls [2010.07.31 21:04:27 | 000,162,850 | ---- | M] () -- C:\WINDOWS\System32\c_932.nls [2010.07.31 21:04:27 | 000,139,810 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20261.nls [2010.07.31 21:04:27 | 000,139,810 | ---- | M] () -- C:\WINDOWS\System32\c_20261.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_874.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_874.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_869.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_869.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_866.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_866.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_865.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_865.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_863.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_863.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_861.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_861.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_860.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_860.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_857.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_857.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_855.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_855.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_852.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_852.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_850.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_850.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_775.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_775.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_737.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_737.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_437.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_437.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_875.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_875.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_500.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_500.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28605.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28605.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28603.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28603.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28599.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28599.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28598.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28598.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28597.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\C_28597.NLS [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28595.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\C_28595.NLS [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28594.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\C_28594.NLS [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28593.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28593.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28592.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28592.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28591.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28591.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_21866.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_21866.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20905.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_20905.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20866.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_20866.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20127.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_20127.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1258.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1258.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1257.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1257.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1256.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1256.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1255.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1255.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1254.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1254.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1253.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1252.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1252.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1251.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1250.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1026.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1026.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10082.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10082.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10081.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10081.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10079.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10079.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10029.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10029.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10017.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10017.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10010.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10010.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10007.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10007.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10006.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10006.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10000.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10000.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_037.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_037.nls [2010.07.31 21:04:26 | 000,144,384 | ---- | M] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll [2010.07.31 21:04:26 | 000,144,384 | ---- | M] (AVM GmbH) -- C:\WINDOWS\System32\avmenum.dll [2010.07.31 21:04:26 | 000,087,552 | ---- | M] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll [2010.07.31 21:04:26 | 000,087,552 | ---- | M] (AVM GmbH) -- C:\WINDOWS\System32\avmcoxp.dll [2010.07.31 21:04:25 | 000,070,656 | ---- | M] () -- C:\WINDOWS\System32\dllcache\amstream.dll [2010.07.31 21:04:25 | 000,070,656 | ---- | M] () -- C:\WINDOWS\System32\amstream.dll [2010.07.31 21:04:25 | 000,012,610 | ---- | M] () -- C:\WINDOWS\System32\dllcache\append.exe [2010.07.31 21:04:25 | 000,012,610 | ---- | M] () -- C:\WINDOWS\System32\append.exe [2010.07.31 21:04:25 | 000,009,032 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ansi.sys [2010.07.31 21:04:25 | 000,009,032 | ---- | M] () -- C:\WINDOWS\System32\ansi.sys [2010.07.31 21:04:24 | 000,004,310 | ---- | M] () -- C:\WINDOWS\System32\odbcconf.rsp [2010.07.31 21:04:24 | 000,004,310 | ---- | M] () -- C:\WINDOWS\System32\dllcache\odbcconf.rsp [2010.07.31 21:04:24 | 000,002,233 | ---- | M] () -- C:\WINDOWS\System32\dllcache\12520850.cpx [2010.07.31 21:04:24 | 000,002,233 | ---- | M] () -- C:\WINDOWS\System32\12520850.cpx [2010.07.31 21:04:24 | 000,002,151 | ---- | M] () -- C:\WINDOWS\System32\dllcache\12520437.cpx [2010.07.31 21:04:24 | 000,002,151 | ---- | M] () -- C:\WINDOWS\System32\12520437.cpx [2010.07.31 21:04:23 | 013,107,200 | ---- | M] () -- C:\WINDOWS\System32\oembios.bin [2010.07.31 21:04:23 | 013,107,200 | ---- | M] () -- C:\WINDOWS\System32\dllcache\oembios.bin [2010.07.31 21:04:23 | 000,007,208 | ---- | M] () -- C:\WINDOWS\System32\secupd.sig [2010.07.31 21:04:23 | 000,007,208 | ---- | M] () -- C:\WINDOWS\System32\dllcache\secupd.sig [2010.07.31 21:04:23 | 000,006,761 | ---- | M] () -- C:\WINDOWS\System32\oembios.sig [2010.07.31 21:04:23 | 000,006,761 | ---- | M] () -- C:\WINDOWS\System32\dllcache\oembios.sig [2010.07.31 21:04:23 | 000,004,569 | ---- | M] () -- C:\WINDOWS\System32\secupd.dat [2010.07.31 21:04:23 | 000,004,569 | ---- | M] () -- C:\WINDOWS\System32\dllcache\secupd.dat [2010.07.31 21:04:23 | 000,004,461 | ---- | M] () -- C:\WINDOWS\System32\oembios.dat [2010.07.31 21:04:23 | 000,004,461 | ---- | M] () -- C:\WINDOWS\System32\dllcache\oembios.dat [2010.07.31 21:04:21 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys [2010.07.31 21:04:21 | 000,256,568 | ---- | M] (Jungo) -- C:\WINDOWS\System32\drivers\windrvr6.sys [2010.07.31 21:04:21 | 000,176,715 | ---- | M] (DataViz Inc.) -- C:\WINDOWS\System32\drivers\MacOpen.sys [2010.07.31 21:04:21 | 000,090,688 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\System32\drivers\sentinel.sys [2010.07.31 21:04:21 | 000,054,272 | ---- | M] (Sonic Focus, Inc) -- C:\WINDOWS\System32\drivers\sfng32.sys [2010.07.31 21:04:21 | 000,029,184 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\drivers\VClone.sys [2010.07.31 21:04:21 | 000,023,936 | ---- | M] (Motorola) -- C:\WINDOWS\System32\drivers\motmodem.sys [2010.07.31 21:04:21 | 000,019,712 | R--- | M] (Maxtor Corp.) -- C:\WINDOWS\System32\drivers\mxofwfp.sys [2010.07.31 21:04:21 | 000,013,824 | ---- | M] (T-Systems) -- C:\WINDOWS\System32\drivers\tsmpkt.sys [2010.07.31 21:04:21 | 000,013,396 | ---- | M] () -- C:\WINDOWS\System32\drivers\MTictwl.sys [2010.07.31 21:04:21 | 000,012,848 | ---- | M] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacomvhid.sys [2010.07.31 21:04:21 | 000,011,984 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\drivers\RegKill.sys [2010.07.31 21:04:21 | 000,011,440 | ---- | M] (Wacom Technology) -- C:\WINDOWS\System32\drivers\WacomVKHid.sys [2010.07.31 21:04:21 | 000,011,312 | ---- | M] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacommousefilter.sys [2010.07.31 21:04:21 | 000,004,960 | ---- | M] () -- C:\WINDOWS\System32\drivers\ntiowp.sys [2010.07.31 21:04:20 | 000,537,600 | ---- | M] (AVM Berlin) -- C:\WINDOWS\System32\drivers\fpcibase.sys [2010.07.31 21:04:20 | 000,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys [2010.07.31 21:04:20 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys [2010.07.31 21:04:20 | 000,106,432 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys [2010.07.31 21:04:20 | 000,080,384 | R--- | M] (OMNIKEY) -- C:\WINDOWS\System32\drivers\cxbu0wdm.sys [2010.07.31 21:04:20 | 000,053,632 | ---- | M] (AVM GmbH) -- C:\WINDOWS\System32\drivers\avmcowan.sys [2010.07.31 21:04:20 | 000,034,760 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\ElbyCDFL.sys [2010.07.31 21:04:20 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\DslTestSp5.sys [2010.07.31 21:04:20 | 000,026,024 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys [2010.07.31 21:04:20 | 000,017,920 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\aksusb.sys [2010.07.31 21:04:18 | 003,440,660 | ---- | M] () -- C:\WINDOWS\System32\drivers\gm.dls [2010.07.31 21:04:18 | 003,440,660 | ---- | M] () -- C:\WINDOWS\System32\dllcache\gm.dls [2010.07.31 21:04:17 | 000,253,440 | ---- | M] () -- C:\WINDOWS\System32\dllcache\compatui.dll [2010.07.31 21:04:17 | 000,253,440 | ---- | M] () -- C:\WINDOWS\System32\compatui.dll [2010.07.31 21:04:17 | 000,037,568 | ---- | M] (AVM GmbH) -- C:\WINDOWS\System32\drivers\avmwan.sys [2010.07.31 21:04:17 | 000,037,568 | ---- | M] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys [2010.07.31 21:04:16 | 000,272,128 | ---- | M] () -- C:\WINDOWS\System32\perfi009.dat [2010.07.31 21:04:16 | 000,269,480 | ---- | M] () -- C:\WINDOWS\System32\perfi007.dat [2010.07.31 21:04:16 | 000,251,712 | RHS- | M] () -- C:\ntldr [2010.07.31 21:04:16 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010.07.31 21:04:16 | 000,034,478 | ---- | M] () -- C:\WINDOWS\System32\perfd007.dat [2010.07.31 21:04:16 | 000,028,626 | ---- | M] () -- C:\WINDOWS\System32\perfd009.dat [2010.07.28 21:19:22 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll [2010.07.28 21:19:22 | 000,447,952 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll [2010.07.28 21:19:22 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll [2010.07.28 21:19:22 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll [2010.07.28 21:19:20 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll [2010.07.28 21:19:20 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll [2010.07.28 21:19:20 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll [2010.07.28 21:19:20 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll [2010.07.28 21:19:20 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll [2010.07.28 21:19:18 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll [2010.07.28 21:19:18 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll [2010.07.28 21:19:18 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll [2010.07.28 15:29:06 | 003,176,030 | -H-- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.07.24 16:08:54 | 000,000,125 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Bahasa Indonesia.url [2010.07.03 15:52:27 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.25 00:16:21 | 000,000,362 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Dokumente.lnk [2010.06.20 14:12:12 | 000,000,124 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Repository Naturalis NL.url [2010.06.08 21:35:07 | 000,002,181 | ---- | M] () -- C:\WINDOWS\Helicon Debug Window.ini [2010.06.08 20:20:39 | 000,000,126 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\GDZ.url [2010.06.08 20:17:26 | 000,000,140 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Catfish Inventory Literatur.url [2010.06.08 20:16:05 | 000,000,182 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Am Mus Nov.url [2010.05.27 19:01:57 | 000,000,134 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Loaches Corner.url [2010.05.27 18:59:13 | 000,000,122 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Fische Asien Reiseplanung.url [2010.05.27 18:02:40 | 000,000,127 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\ILC 2010.url [2010.05.22 14:05:49 | 000,000,111 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Gallica.url [2010.05.20 21:49:40 | 000,000,112 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Medikamentenpreisvergleich.url [2010.05.19 11:51:43 | 000,000,159 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\DMI Südjütland.url [2010.05.19 11:50:46 | 000,000,173 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Wetter Flensburg.url [2010.05.17 18:10:49 | 001,583,019 | ---- | M] () -- C:\WINDOWS\MapCreator 2 Uninstaller.exe [2010.05.17 17:25:46 | 000,000,142 | ---- | M] () -- C:\WINDOWS\WINMAP.INI [2010.05.12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\drivers\SZKGFS.sys [7 C:\Dokumente und Einstellungen\All Users\*.tmp files -> C:\Dokumente und Einstellungen\All Users\*.tmp -> ] [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.06 22:25:46 | 000,000,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg [2010.08.06 22:15:41 | 000,000,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Verknüpfung mit OTL.lnk [2010.08.06 22:07:25 | 000,000,766 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\CCleaner.lnk [2010.08.06 14:40:13 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\defogger_reenable [2010.08.06 10:47:23 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2010.08.06 10:47:23 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2010.08.05 14:21:24 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\u4jf7786.exe [2010.08.04 22:24:22 | 000,000,815 | ---- | C] () -- C:\rtsr_eml_sr.dat [2010.08.04 22:24:22 | 000,000,132 | ---- | C] () -- C:\httpdwl.dat [2010.08.04 22:24:21 | 000,000,141 | ---- | C] () -- C:\dwl.dat [2010.08.04 18:21:53 | 000,000,223 | ---- | C] () -- C:\Boot.bak [2010.08.04 18:21:48 | 000,262,448 | ---- | C] () -- C:\cmldr [2010.08.03 15:26:43 | 000,000,118 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\JOTTI Online Scanner.url [2010.08.03 13:05:48 | 000,016,309 | ---- | C] () -- D:\Anschreiben.pdf [2010.08.01 16:04:52 | 000,000,704 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.01 14:57:07 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\NTUSER.DAT_tureg_new.LOG [2010.07.31 22:52:48 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\Automatische Problemsuche.job [2010.07.31 22:37:11 | 000,002,283 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UltraMon.lnk [2010.07.31 22:22:34 | 000,001,352 | ---- | C] () -- D:\AutoHotkey.ahk [2010.07.31 21:16:34 | 000,117,813 | ---- | C] () -- C:\WINDOWS\System32\AutoPartNt.scr [2010.07.31 21:16:34 | 000,006,083 | ---- | C] () -- C:\WINDOWS\System32\AutoPartNt.nam [2010.07.31 21:04:53 | 000,089,588 | ---- | C] () -- C:\WINDOWS\System32\unicode.nls [2010.07.31 21:04:51 | 000,262,148 | ---- | C] () -- C:\WINDOWS\System32\sortkey.nls [2010.07.31 21:04:51 | 000,023,044 | ---- | C] () -- C:\WINDOWS\System32\sorttbls.nls [2010.07.31 21:04:40 | 000,265,948 | ---- | C] () -- C:\WINDOWS\System32\locale.nls [2010.07.31 21:04:32 | 000,008,386 | ---- | C] () -- C:\WINDOWS\System32\ctype.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1253.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1251.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1250.nls [2010.07.29 16:47:43 | 013,893,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\ntuser.dat [2010.07.29 16:47:43 | 009,699,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\NTUSER.DAT_tureg_old [2010.07.24 16:08:44 | 000,000,125 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Bahasa Indonesia.url [2010.06.25 00:16:21 | 000,000,362 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Dokumente.lnk [2010.06.20 14:11:54 | 000,000,124 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Repository Naturalis NL.url [2010.06.08 20:20:32 | 000,000,126 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\GDZ.url [2010.06.08 20:17:03 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Catfish Inventory Literatur.url [2010.06.08 20:15:34 | 000,000,182 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Am Mus Nov.url [2010.05.27 19:01:50 | 000,000,134 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Loaches Corner.url [2010.05.27 18:58:59 | 000,000,122 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Fische Asien Reiseplanung.url [2010.05.27 18:02:32 | 000,000,127 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\ILC 2010.url [2010.05.22 14:05:35 | 000,000,111 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Gallica.url [2010.05.20 21:49:11 | 000,000,112 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Medikamentenpreisvergleich.url [2010.05.19 11:51:34 | 000,000,159 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\DMI Südjütland.url [2010.05.19 11:50:32 | 000,000,173 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Wetter Flensburg.url [2010.05.17 18:10:49 | 001,583,019 | ---- | C] () -- C:\WINDOWS\MapCreator 2 Uninstaller.exe [2010.05.17 17:25:46 | 000,000,142 | ---- | C] () -- C:\WINDOWS\WINMAP.INI [2009.12.17 12:26:40 | 000,002,181 | ---- | C] () -- C:\WINDOWS\Helicon Debug Window.ini [2009.09.23 22:08:25 | 000,008,640 | RHS- | C] () -- C:\WINDOWS\innova3.ini [2009.09.02 11:45:04 | 000,000,225 | ---- | C] () -- C:\WINDOWS\GraphicsDesk.INI [2009.03.11 18:17:48 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI [2009.02.12 17:21:04 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdfvs.dll [2009.02.12 17:20:54 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdfcoin.dll [2009.02.12 17:19:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdfcaps.dll [2009.02.12 17:19:41 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdfdrs.dll [2009.02.12 17:19:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdfcnv4.dll [2009.02.12 17:08:22 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdfrwrd.ini [2009.02.12 17:08:00 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdfinst.dll [2009.02.12 17:07:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdfgrd.dll [2008.12.01 20:09:14 | 000,000,131 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini [2008.12.01 18:11:22 | 000,004,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntiowp.sys [2008.12.01 17:12:44 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\MtxEscape.dll [2008.11.26 19:39:23 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008.11.01 16:15:40 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2008.10.09 16:31:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll [2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.01.15 04:31:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini [2007.12.22 20:28:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI [2007.12.22 19:17:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI [2007.12.20 20:22:30 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007.11.20 21:16:23 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2007.11.20 21:15:45 | 000,006,768 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2007.11.02 18:53:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.10.31 18:07:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATM.INI [2007.10.31 18:00:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI [2007.10.30 16:58:06 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\Photomatix_jpg.dll [2007.10.30 16:58:06 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\Photomatix25Lib.dll [2007.10.30 16:58:06 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\Photomatix25Lib2.dll [2007.10.30 16:58:06 | 000,095,525 | ---- | C] () -- C:\WINDOWS\System32\Photomatix25Lib3.dll [2007.10.30 16:39:51 | 000,353,280 | ---- | C] () -- C:\WINDOWS\System32\pmtf2.dll [2007.10.30 16:39:51 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\pmtf1.dll [2007.10.30 16:39:51 | 000,204,288 | ---- | C] () -- C:\WINDOWS\System32\pmtf3.dll [2007.10.30 16:39:51 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pmexr.dll [2007.10.30 16:39:51 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmbm.dll [2007.10.30 16:39:50 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib.dll [2007.10.30 16:39:50 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib2.dll [2007.10.30 16:39:50 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\pmjp.dll [2007.10.30 16:39:50 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib3.dll [2007.10.29 11:09:26 | 000,013,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTictwl.sys [2007.10.24 15:17:51 | 000,000,387 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2007.10.22 21:51:50 | 000,003,141 | ---- | C] () -- C:\WINDOWS\jhcfwg24.ini [2007.10.18 11:12:58 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2007.10.18 11:12:57 | 000,009,391 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini [2007.10.18 11:12:02 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL [2007.10.18 11:12:02 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\lmmonres.dll [2007.10.17 22:17:44 | 000,000,139 | ---- | C] () -- C:\WINDOWS\hbcikrnl.ini [2007.10.17 14:57:04 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll [2007.10.15 15:47:23 | 000,000,500 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.10.15 14:53:39 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System32\chksvrn.dll [2007.10.15 14:53:39 | 000,000,143 | R--- | C] () -- C:\WINDOWS\System32\cmabout.ini [2007.10.15 14:53:38 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\cmabout.dll [2007.10.15 14:53:38 | 000,010,090 | R--- | C] () -- C:\WINDOWS\System32\cmdiag.ini [2007.10.08 17:37:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007.07.10 18:49:12 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\spwini.dll [2007.01.31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll [2005.11.11 12:43:28 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll [2005.11.11 12:43:24 | 000,887,296 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2005.08.31 10:20:00 | 000,233,557 | ---- | C] () -- C:\WINDOWS\System32\esint54.dll [2004.10.07 13:50:50 | 000,072,704 | ---- | C] () -- C:\WINDOWS\System32\eminecz2.dll [2004.08.04 14:00:00 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\serenum.sys [2004.08.04 14:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\w6gfh4u.dll [2004.08.04 14:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll [2004.08.04 14:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll [2004.08.04 14:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2004.08.04 14:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2004.08.04 14:00:00 | 000,000,336 | ---- | C] () -- C:\WINDOWS\System32\v2spu75.dll [2004.08.04 14:00:00 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll [2004.08.04 14:00:00 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2004.08.04 14:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\z7cyb5u.dll [2003.09.03 06:03:10 | 000,018,932 | ---- | C] () -- C:\WINDOWS\MSUMLT_B.INI [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001.04.17 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL [1998.12.31 18:11:30 | 000,000,589 | ---- | C] () -- C:\WINDOWS\ATLI2.INI [1998.12.31 18:10:22 | 000,907,776 | ---- | C] () -- C:\WINDOWS\System32\OWL52F.DLL [1997.11.21 07:03:20 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL [1997.09.30 03:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL ========== LOP Check ========== [2008.11.13 19:43:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2009.06.14 18:06:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\aewc [2009.06.14 14:34:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BDNM [2008.09.29 12:46:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BIFAB [2009.03.11 18:06:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender [2008.10.26 16:31:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elaborate Bytes [2010.03.20 17:02:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eminec [2008.09.28 14:41:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeDownloadManager.ORG [2009.09.23 22:08:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\innoplus [2007.10.29 13:32:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch [2007.12.22 19:04:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2008.12.08 17:00:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Matrox [2008.12.08 16:59:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Matrox Graphics Inc [2009.11.24 17:26:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhraseExpress [2008.05.23 21:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Quark [2007.10.24 15:17:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2008.10.26 17:24:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2010.08.06 22:28:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\STOPzilla! [2007.11.06 17:35:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2008.10.01 20:47:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith [2010.06.08 21:46:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2009.12.05 18:51:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2007.11.20 10:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VertusTech [2008.11.17 22:25:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vokabeltrainer 3 [2009.06.11 17:51:01 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{44C0A247-3014-411F-95CB-B1729C1B82D5} [2008.11.14 17:02:45 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} [2009.12.05 18:51:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2009.06.14 14:56:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\.doos [2007.10.18 11:29:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\3Dconnexion [2008.05.27 11:25:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\6500 Series [2008.11.13 19:47:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Acronis [2008.01.07 16:43:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Anthropics [2009.06.11 17:51:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\AquaSoft [2007.10.17 21:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Axaware [2007.10.22 16:43:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Barbecue [2010.07.28 15:28:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\BitDefender [2008.09.16 18:45:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\DemoPlugin [2008.06.12 16:03:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Dexpot [2008.05.25 14:17:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\DiashowManager [2007.10.30 15:54:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\DirPrinter [2009.11.17 18:51:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\DL [2009.12.08 15:23:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\doublecmd [2009.10.19 19:15:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Duden [2009.08.12 18:53:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\eminec [2007.11.23 19:44:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\EPSON [2008.09.08 20:22:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\FileOpen [2010.08.05 14:24:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Free Download Manager [2007.10.29 13:34:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\FRITZ! [2008.06.03 18:04:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\gtk-2.0 [2009.09.02 11:38:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Hemera [2009.09.23 22:07:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\innoPlus [2007.11.28 19:24:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Keseling [2007.11.28 20:09:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\KRKsoft [2010.07.28 21:01:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Lasersoft Imaging [2008.10.13 06:54:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\LearnLift [2009.02.16 18:11:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Lexmark Productivity Studio [2007.11.20 21:19:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\MAGIX [2010.07.24 17:53:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Map Maker [2008.11.26 22:03:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\MB-Ruler Pro [2010.06.10 19:39:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\MB-Ruler Pro special [2008.11.17 18:59:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Notepad++ [2009.04.09 12:16:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\OfficeUpdate12 [2008.11.13 22:33:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\OpenOffice.org [2010.05.20 18:41:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Opera [2009.11.24 18:01:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\PhraseExpress [2009.07.28 11:06:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\PiX-ART.com [2008.05.06 21:13:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\PPTminimizer [2007.10.17 23:45:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\qliner [2008.05.23 21:04:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Quark [2010.08.01 12:40:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\QuickScan [2007.10.24 15:23:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\ScanSoft [2008.02.06 12:51:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\SmartTools [2009.09.21 19:57:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Software4u [2009.11.05 13:34:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\SpeedProject [2008.04.29 17:57:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\stickies [2008.10.12 14:40:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\TaskCoach [2010.05.16 12:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\TechSmith [2010.05.13 12:48:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Thunderbird [2007.10.24 15:57:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\TomTom [2010.04.27 17:35:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Tracker Software [2007.10.17 16:56:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\TuneUp Software [2008.10.13 06:27:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\VTrain [2009.04.21 10:38:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Windows Desktop Search [2009.04.21 10:46:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Windows Search [2007.10.24 15:23:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Zeon [2010.08.06 22:25:33 | 000,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\Automatische Problemsuche.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 96 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:20C3AB27 @Alternate Data Stream - 400 bytes -> C:\Dokumente und Einstellungen\Gerhard Ott\Lokale Einstellungen\Anwendungsdaten\desktop.ini:bf5af20ce7a419b1178ece347eddc338 @Alternate Data Stream - 253 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:1957F8A9 < End of report > |
und OTL Extras: OTL EXTRAS Logfile: Code: OTL Extras logfile created on: 06.08.2010 22:27:53 - Run 1 |
Zitat:
|
Ich lasse jetzt einen OTL-Komplettscan laufen. Bis morgen - oder so - dann, nehme ich mal an ;-) |
es geht um den ccleaner, mit dem sollst du dateien bereinigen + registry |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 11:36 Uhr. |
Copyright ©2000-2025, Trojaner-Board