Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Backdoor.Bot ist nach jedem Neustart wieder da (https://www.trojaner-board.de/91776-backdoor-bot-neustart.html)

glasnost 13.10.2010 09:26
Backdoor.Bot ist nach jedem Neustart wieder da
 
Hallo,
so langsam verzweifele ich. Ich habe Malwarebytes mehrfach einen Quicksscann durchführen lassen und die besagten Ereignisse löschen lassen, auch Antivir lief drüber und hat alles in Quarantäne gepackt, was gefunden wurde.
Nach jedem neustart ist aber diese backdoor.bot wieder da.
Beim Googlen bin ich darauf gestoßen, dass ich die Systemwiederherstellung mal ausmachen solle, das habe ich auch getan, aber alles ohne Erfolg.
Anbei die Logfiles...
Gruß glasnost
HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:24, on 13.10.10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Logi_MwX.Exe
E:\Programme\REVOLTEC\FightBoard Advanced 1.00\FightBoard.exe
C:\Programme\XpertVision\TBPanel.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Programme\Logitech\SetPoint\SetPoint.exe
c:\Programme\Avira\AntiVir Desktop\avguard.exe
c:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
E:\Programme\SlySoft\Game Jackal\Game Jackal v4\Server.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.mini20.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\host32.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Videoraptor_WebRipPlugin Class - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - e:\Programme\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - c:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [FightBoard] e:\Programme\REVOLTEC\FightBoard Advanced 1.00\FightBoard.exe -1
O4 - HKLM\..\Run: [Gainward] c:\Programme\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DT HPW] C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe -HPW
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "c:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = E:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{48610874-3588-4A87-8CFB-E925A22BBF11}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E59E14FF-DF76-46C9-8F3A-7BC93E00911D}: NameServer = 192.168.0.1
O18 - Protocol: hio - {755F9D06-1AF6-43D0-9832-42D83A1061A9} - C:\Programme\Gemeinsame Dateien\DigiOnline GmbH\HierObjects.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - c:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - c:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Game Jackal Server (GJService) - Unknown owner - E:\Programme\SlySoft\Game Jackal\Game Jackal v4\Server.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6832 bytes
--- --- ---


Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Mittwoch, 13. Oktober 2010 09:10

Es wird nach 2925284 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows XP
Windowsversion : (Service Pack 2) [5.1.2600]
Boot Modus : Normal gebootet
Benutzername : Max Mustermann
Computername : XXX

Versionsinformationen:
BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.10 15:50:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 01.04.10 11:37:35
AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.10 10:42:16
LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.10 17:32:59
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.10 10:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.09 08:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.09 18:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.10 16:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.10 15:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.10 10:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.10 07:20:30
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.10 07:20:35
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.10 18:37:17
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13.09.10 09:14:58
VBASE009.VDF : 7.10.11.134 2048 Bytes 13.09.10 09:14:59
VBASE010.VDF : 7.10.11.135 2048 Bytes 13.09.10 09:14:59
VBASE011.VDF : 7.10.11.136 2048 Bytes 13.09.10 09:14:59
VBASE012.VDF : 7.10.11.137 2048 Bytes 13.09.10 09:14:59
VBASE013.VDF : 7.10.11.165 172032 Bytes 15.09.10 09:14:59
VBASE014.VDF : 7.10.11.202 144384 begin_of_the_skype_highlighting**************02 144384******end_of_the_skype_highlighting Bytes 18.09.10 09:15:00
VBASE015.VDF : 7.10.11.231 129024 Bytes 21.09.10 06:56:47
VBASE016.VDF : 7.10.12.4 126464 Bytes 23.09.10 06:56:47
VBASE017.VDF : 7.10.12.38 146944 Bytes 27.09.10 17:29:53
VBASE018.VDF : 7.10.12.64 133120 Bytes 29.09.10 17:52:42
VBASE019.VDF : 7.10.12.99 134144 Bytes 01.10.10 07:44:36
VBASE020.VDF : 7.10.12.122 131584 Bytes 05.10.10 18:59:34
VBASE021.VDF : 7.10.12.148 119296 Bytes 07.10.10 19:41:03
VBASE022.VDF : 7.10.12.175 142848 Bytes 11.10.10 06:33:08
VBASE023.VDF : 7.10.12.176 2048 Bytes 11.10.10 06:33:08
VBASE024.VDF : 7.10.12.177 2048 Bytes 11.10.10 06:33:08
VBASE025.VDF : 7.10.12.178 2048 Bytes 11.10.10 06:33:08
VBASE026.VDF : 7.10.12.179 2048 Bytes 11.10.10 06:33:08
VBASE027.VDF : 7.10.12.180 2048 Bytes 11.10.10 06:33:08
VBASE028.VDF : 7.10.12.181 2048 Bytes 11.10.10 06:33:08
VBASE029.VDF : 7.10.12.182 2048 Bytes 11.10.10 06:33:08
VBASE030.VDF : 7.10.12.183 2048 Bytes 11.10.10 06:33:08
VBASE031.VDF : 7.10.12.193 93184 Bytes 12.10.10 07:06:06
Engineversion : 8.2.4.78
AEVDF.DLL : 8.1.2.1 106868 Bytes 01.08.10 07:17:33
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 21.09.10 09:15:08
AESCN.DLL : 8.1.6.1 127347 Bytes 20.07.10 07:20:48
AESBX.DLL : 8.1.3.1 254324 Bytes 20.07.10 07:20:50
AERDL.DLL : 8.1.9.2 635252 Bytes 25.09.10 06:56:53
AEPACK.DLL : 8.2.3.11 471416 Bytes 12.10.10 06:33:13
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 25.07.10 18:37:24
AEHEUR.DLL : 8.1.2.33 2949496 Bytes 12.10.10 06:33:12
AEHELP.DLL : 8.1.14.0 246134 Bytes 12.10.10 06:33:10
AEGEN.DLL : 8.1.3.23 401779 Bytes 02.10.10 07:44:37
AEEMU.DLL : 8.1.2.0 393588 Bytes 20.07.10 07:20:43
AECORE.DLL : 8.1.17.0 196982 Bytes 25.09.10 06:56:49
AEBB.DLL : 8.1.1.0 53618 Bytes 20.07.10 07:20:43
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.10 10:59:10
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.10 10:59:07
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.10 15:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 01.04.10 11:35:44
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01.04.10 11:39:49
AVARKT.DLL : 10.0.0.14 227176 Bytes 01.04.10 11:22:11
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.10 08:53:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.10 11:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.10 14:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.10 13:40:55
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.10 12:10:08
RCTEXT.DLL : 10.0.53.0 98152 Bytes 09.04.10 13:14:28

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Manuelle Auswahl
Konfigurationsdatei...................: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\PROFILES\folder.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel

Beginn des Suchlaufs: Mittwoch, 13. Oktober 2010 09:10

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'thunderbird.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiapsrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KHALMNPR.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TBPanel.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FightBoard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Logi_MwX.Exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HelpSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SupServ.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'oodag.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jqs.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Server.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTSRVC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTsvcCDA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'aawservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvsvc32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2157' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\WINDOWS\host32.exe
[FUND] Ist das Trojanische Pferd TR/Agent.cbs

Beginne mit der Desinfektion:
C:\WINDOWS\host32.exe
[FUND] Ist das Trojanische Pferd TR/Agent.cbs
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ecdc888.qua' verschoben!


Ende des Suchlaufs: Mittwoch, 13. Oktober 2010 10:01
Benötigte Zeit: 50:11 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

12171 Verzeichnisse wurden überprüft
292734 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
292733 Dateien ohne Befall
1975 Archive wurden durchsucht
0 Warnungen
0 Hinweise
OTL Logfile:
Code:
OTL logfile created on: 13.10.10 10:32:07 - Run 1
OTL by OldTimer - Version 3.2.15.2    Folder = C:\Dokumente und Einstellungen\btsv\Desktop\MFTools
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = c:\Programme
Drive C: | 19,53 Gb Total Space | 4,69 Gb Free Space | 23,99% Space Free | Partition Type: NTFS
Drive E: | 100,08 Gb Total Space | 11,93 Gb Free Space | 11,92% Space Free | Partition Type: NTFS
Drive F: | 33,77 Gb Total Space | 20,78 Gb Free Space | 61,55% Space Free | Partition Type: NTFS
Drive H: | 172,79 Gb Total Space | 7,64 Gb Free Space | 4,42% Space Free | Partition Type: NTFS
Drive I: | 292,96 Gb Total Space | 18,11 Gb Free Space | 6,18% Space Free | Partition Type: NTFS
 
Computer Name: LUGL | User Name: btsv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.10.13 10:26:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\btsv\Desktop\MFTools\OTL.exe
PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.10.13 10:26:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\btsv\Desktop\MFTools\OTL.exe
MOD - [2006.08.25 09:46:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004.08.03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.09.18 16:16:24 | 002,063,808 | ---- | M] () [Auto | Stopped] -- E:\Programme\SlySoft\Game Jackal\Game Jackal v4\Server.exe -- (GJService)
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- c:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- c:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009.03.27 10:18:00 | 000,814,501 | ---- | M] () [Auto | Stopped] -- C:\nonficker.dll -- (aaaaanonficker)
SRV - [2008.08.29 10:01:22 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2008.07.14 14:43:04 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2008.07.07 09:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.12.15 14:39:16 | 000,221,696 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\xmasscsi.sys -- (xmasscsi)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - File not found [Kernel | On_Demand | Stopped] -- e:\Temp\AMDPCI.sys -- (AMDPCI)
DRV - [2010.09.30 23:25:16 | 000,030,376 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2010.09.15 18:42:18 | 000,046,528 | ---- | M] (SlySoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\maploml.sys -- (MaplomL)
DRV - [2010.09.15 10:35:32 | 000,030,144 | ---- | M] (SlySoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\maplom.sys -- (Maplom)
DRV - [2010.09.14 15:16:06 | 000,108,480 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010.04.04 00:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.01.10 14:31:32 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.01.10 14:31:32 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009.07.26 10:06:20 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- c:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.01.21 22:17:28 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.08.18 19:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008.08.01 12:36:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008.08.01 12:36:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008.02.12 20:52:08 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ezplay.sys -- (ezplay)
DRV - [2008.02.11 19:14:45 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.01.09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2008.01.07 10:37:36 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2007.12.14 08:52:36 | 000,044,000 | ---- | M] (Ray Hinchliffe) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SIVX32.sys -- (SIVDRIVER)
DRV - [2007.12.10 15:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV - [2007.12.10 15:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007.12.10 15:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV - [2007.12.10 15:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV - [2007.12.10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007.12.10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007.12.10 15:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV - [2007.08.21 20:49:28 | 000,017,912 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Programme\GIGABYTE\@BIOS\markfun.w32 -- (MarkFun_NT)
DRV - [2007.06.29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.04.11 15:33:14 | 000,028,688 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007.04.11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007.04.11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007.04.11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007.04.11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007.04.03 13:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007.04.03 13:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex)
DRV - [2007.04.03 13:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007.04.03 13:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM)
DRV - [2007.04.03 13:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007.04.03 13:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007.04.03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2007.03.15 22:50:39 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2007.02.09 13:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007.02.09 13:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2006.11.16 18:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006.09.18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
DRV - [2006.09.18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2006.09.18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
DRV - [2006.09.18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006.09.18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006.09.18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006.09.18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006.08.30 22:28:22 | 000,015,104 | ---- | M] (Copyright (C) Listan GmbH & Co.KG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\systormflb.sys -- (systormflb)
DRV - [2006.08.11 15:56:36 | 000,008,192 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfDetNT)
DRV - [2006.08.11 15:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006.08.11 15:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006.08.11 15:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2006.08.11 15:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2006.08.11 15:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2006.08.11 15:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006.08.11 15:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006.08.11 15:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006.08.11 15:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006.07.02 00:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.05.22 06:40:30 | 000,017,152 | ---- | M] (T-Online International AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2006.03.24 17:24:31 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2006.02.21 13:12:00 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005.11.10 18:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.10.22 13:38:21 | 000,108,032 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV62.sys -- (SSHDRV62)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.17 17:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.08.04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004.08.03 23:10:12 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2004.08.03 23:10:12 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2004.08.03 23:10:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2004.08.03 23:04:34 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2004.08.03 22:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004.04.05 07:57:46 | 000,966,352 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Capi20.sys -- (CAPI20)
DRV - [2004.01.26 17:36:35 | 000,095,552 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.01.26 17:01:28 | 000,052,224 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.17 09:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003.12.17 09:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003.12.17 09:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003.12.17 09:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2003.12.04 11:33:20 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003.05.14 13:42:50 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2003.05.14 13:42:48 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2003.05.14 13:42:44 | 000,044,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2003.04.17 12:19:02 | 000,120,732 | ---- | M] (DeTeWe Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ulisa.sys -- (ulisa) Telekom ISDN-Adapter (USB)
DRV - [2003.03.19 13:36:48 | 000,037,696 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\detewecp.sys -- (DETEWECP)
DRV - [2003.02.24 05:21:12 | 000,085,265 | R--- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\si3112r.sys -- (SI3112r)
DRV - [2003.02.12 05:37:48 | 000,009,600 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2002.09.16 17:32:08 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2002.07.17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2002.06.10 14:20:56 | 000,044,544 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvce.sys -- (QCEmerald) Logitech QuickCam Web(PID_0850)
DRV - [2002.06.10 14:20:32 | 000,034,816 | ---- | M] (Logitech Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\LVSound2.sys -- (lusbaudio)
DRV - [2001.08.17 15:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)
DRV - [2001.08.17 15:02:40 | 000,035,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame)
DRV - [2001.08.17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.mini20.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\software\mozilla\Firefox\extensions\\videoraptor-firefox-surf-and-catch-extension@audials.com: e:\Programme\RapidSolution\Videoraptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\ [2009.04.27 21:03:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.25 13:30:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.07 21:51:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.09.20 05:44:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.10.07 21:51:12 | 000,000,000 | ---D | M]
 
[2010.07.06 13:14:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Extensions
[2010.07.06 13:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.10.13 09:32:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions
[2010.07.09 19:56:41 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2007.12.09 13:32:52 | 000,000,000 | ---D | M] (Biet-O-Matic Firefox Extension) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}
[2007.10.20 13:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2008.09.21 10:35:58 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010.09.19 16:56:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008.02.10 12:00:17 | 000,001,670 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\searchplugins\verleihshopde.xml
[2010.10.13 09:32:50 | 000,000,000 | ---D | M] -- c:\Programme\Mozilla Firefox\extensions
[2010.02.28 12:50:41 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- c:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.09.25 13:30:23 | 000,001,392 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.25 13:30:23 | 000,002,344 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.25 13:30:23 | 000,006,805 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.25 13:30:23 | 000,001,178 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.25 13:30:24 | 000,001,105 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.02.06 20:24:55 | 000,000,137 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Videoraptor_WebRipPlugin Class) - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - e:\Programme\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll (RapidSolution Software)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - c:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] c:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DT HPW] C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [FightBoard] e:\Programme\REVOLTEC\FightBoard Advanced 1.00\FightBoard.exe ()
O4 - HKLM..\Run: [Gainward] c:\Programme\XpertVision\TBPanel.exe (Xpertvision, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz]  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = E:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00  [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\hio {755F9D06-1AF6-43D0-9832-42D83A1061A9} - C:\Programme\Gemeinsame Dateien\DigiOnline GmbH\HierObjects.dll (DigiOnline GmbH)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\host32.exe) - C:\WINDOWS\host32.exe File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2005.08.11 21:10:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{820b443e-32c7-11db-9dab-000fea271508}\Shell - "" = AutoRun
O33 - MountPoints2\{820b443e-32c7-11db-9dab-000fea271508}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{820b443e-32c7-11db-9dab-000fea271508}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d63c2e38-d82b-11da-9379-000fea271508}\Shell - "" = AutoRun
O33 - MountPoints2\{d63c2e38-d82b-11da-9379-000fea271508}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d63c2e38-d82b-11da-9379-000fea271508}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (oodbs) - C:\WINDOWS\System32\oodbs.exe (O&O Software GmbH)
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: aaaaanonficker - C:\nonficker.dll ()
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk - C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Office-Bibliothek-Direktsuche.lnk - F:\Programme\Office-Bibliothek\PCLib.exe - ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.PIM1 - C:\WINDOWS\System32\pclepim1.dll (Pinnacle Systems)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.10.13 10:26:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Desktop\MFTools
[2010.10.13 10:02:19 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\btsv\Recent
[2010.10.12 13:31:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Avira
[2010.10.12 13:06:21 | 000,000,000 | -HSD | C] -- C:\WINDOWS\jh87uhnoe3
[2010.10.07 21:50:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.09.30 23:25:16 | 000,030,376 | ---- | C] (Elaborate Bytes AG) -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys
[2010.09.30 13:18:24 | 000,089,256 | ---- | C] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll
[2010.09.18 17:04:26 | 000,049,944 | ---- | C] (Tracker Software Products Ltd.) -- C:\WINDOWS\System32\pxc40pm.dll
[2010.09.18 17:04:23 | 000,000,000 | ---D | C] -- c:\Programme\Tracker Software
[2010.09.18 17:04:10 | 000,282,624 | ---- | C] (TODO: <회사 이름>) -- C:\WINDOWS\System32\TwdFilt.dll
[2010.09.14 15:16:06 | 000,108,480 | ---- | C] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2010.09.08 16:32:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Password Solutions
[2010.09.08 16:32:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\My Password Recovery
[2010.08.31 11:58:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\StarCraft II
[2010.08.31 11:58:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Blizzard Entertainment
[2010.08.29 20:30:35 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Blizzard Entertainment
[2010.08.03 12:23:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\gp-Untis
[2010.08.03 12:05:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\Untis
[2010.07.20 09:18:58 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.07.20 09:18:58 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.07.20 09:18:58 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.07.20 09:18:58 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.07.20 09:18:57 | 000,000,000 | ---D | C] -- c:\Programme\Avira
[2010.07.20 09:18:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.01.10 14:29:09 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpe10.dll
[2007.10.20 12:14:30 | 000,094,208 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.sys
[2007.10.20 12:14:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.sys
[2006.08.11 15:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
 
========== Files - Modified Within 90 Days ==========
 
[2010.10.13 10:26:37 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Gmer.zip
[2010.10.13 10:26:37 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\defogger.exe
[2010.10.13 10:25:18 | 000,388,977 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Load.exe
[2010.10.13 10:25:16 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI
[2010.10.13 10:04:45 | 000,000,160 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2010.10.13 10:04:26 | 000,271,830 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.10.13 10:04:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.13 10:02:38 | 000,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.10.13 10:02:38 | 000,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.10.13 10:02:38 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.10.13 10:02:38 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.10.13 10:02:38 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.10.13 10:02:38 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.10.13 10:02:38 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010.10.12 13:20:45 | 000,002,425 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\ABBYY FineReader 8.0 Professional Edition.lnk
[2010.10.12 13:11:43 | 000,002,403 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Paint Shop Pro 7.lnk
[2010.10.12 08:25:14 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Skype.lnk
[2010.10.11 21:58:19 | 000,234,280 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010.10.11 21:24:04 | 000,137,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.10.07 21:51:12 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.10.07 21:38:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.03 11:45:12 | 000,000,626 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AnyDVD.lnk
[2010.09.30 23:25:16 | 000,030,376 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys
[2010.09.30 13:18:24 | 000,089,256 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll
[2010.09.27 20:40:22 | 000,000,575 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Miranda IM.lnk
[2010.09.25 09:15:58 | 000,000,699 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Game Jackal v4.lnk
[2010.09.19 19:57:14 | 000,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010.09.18 17:04:02 | 000,000,405 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MindMapper 2009.lnk
[2010.09.15 18:42:18 | 000,046,528 | ---- | M] (SlySoft Inc.) -- C:\WINDOWS\System32\drivers\maploml.sys
[2010.09.15 10:35:32 | 000,030,144 | ---- | M] (SlySoft Inc.) -- C:\WINDOWS\System32\drivers\maplom.sys
[2010.09.14 15:16:06 | 000,108,480 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2010.09.08 22:39:17 | 000,002,092 | ---- | M] () -- C:\WINDOWS\aopr.ini
[2010.09.08 22:26:50 | 000,000,115 | ---- | M] () -- C:\WINDOWS\AWOPR.INI
[2010.09.08 16:51:18 | 000,001,076 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\Bernt-Notke-Schule laufende Bearbeitung 2009-2010_2.pwcx
[2010.09.08 16:51:18 | 000,000,259 | ---- | M] () -- C:\WINDOWS\pwc62ud.INI
[2010.09.04 12:57:08 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20021102}.CDF
[2010.09.03 21:30:53 | 000,151,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\systormflb.pkg
[2010.08.31 12:14:06 | 000,000,542 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\StarCraft II.lnk
[2010.08.18 22:32:52 | 000,002,688 | ---- | M] () -- C:\WINDOWS\System32\settings.aaw
[2010.08.18 22:32:52 | 000,001,216 | ---- | M] () -- C:\WINDOWS\System32\history.aaw
[2010.08.15 20:18:11 | 000,076,326 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Besoldungstab_SchleswigHolstein_010310.pdf
[2010.08.07 11:11:28 | 000,006,097 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010.08.03 12:05:18 | 000,000,546 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Untis 2011.lnk
[2010.07.30 20:40:28 | 000,024,576 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\In Word kann man den Text in einem Textfeld oder in einer Tabelle drehen.doc
[2010.07.29 09:03:38 | 000,002,393 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ACDSee 6.0.lnk
[2010.07.26 18:00:10 | 000,081,920 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Wahlpflichtkurse-10_11-Wahlzettel_anonym.doc
[2010.07.20 09:19:05 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
 
========== Files Created - No Company Name ==========
 
[2010.10.13 10:26:23 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\defogger.exe
[2010.10.13 10:26:22 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Gmer.zip
[2010.10.13 10:25:18 | 000,388,977 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Load.exe
[2010.10.07 21:51:12 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.09.18 17:04:02 | 000,000,405 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MindMapper 2009.lnk
[2010.09.08 22:26:50 | 000,000,115 | ---- | C] () -- C:\WINDOWS\AWOPR.INI
[2010.09.08 17:52:44 | 000,002,092 | ---- | C] () -- C:\WINDOWS\aopr.ini
[2010.09.08 16:51:18 | 000,001,076 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\Bernt-Notke-Schule laufende Bearbeitung 2009-2010_2.pwcx
[2010.09.08 16:51:17 | 000,000,259 | ---- | C] () -- C:\WINDOWS\pwc62ud.INI
[2010.08.31 11:58:05 | 000,000,542 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\StarCraft II.lnk
[2010.08.15 20:18:11 | 000,076,326 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Besoldungstab_SchleswigHolstein_010310.pdf
[2010.08.03 12:05:18 | 000,000,546 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Untis 2011.lnk
[2010.07.30 20:40:28 | 000,024,576 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\In Word kann man den Text in einem Textfeld oder in einer Tabelle drehen.doc
[2010.07.26 17:58:50 | 000,081,920 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Wahlpflichtkurse-10_11-Wahlzettel_anonym.doc
[2010.07.20 09:19:05 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010.02.01 20:35:14 | 000,000,056 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\_pdf_.prt
[2010.01.26 21:30:06 | 000,000,435 | ---- | C] () -- C:\WINDOWS\MM2009Viewer.INI
[2009.12.15 22:43:19 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\TEVPXCW60.DLL
[2009.12.15 22:43:19 | 000,000,039 | ---- | C] () -- C:\WINDOWS\TDEVXCW60.DLL
[2009.12.15 22:43:19 | 000,000,038 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009.07.14 15:46:20 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Apache3.INI
[2009.04.23 14:28:13 | 000,138,960 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.02.03 18:26:19 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2009.01.12 21:12:50 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008.07.02 14:21:33 | 000,000,020 | ---- | C] () -- C:\WINDOWS\keytrans.ini
[2008.05.21 20:00:42 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI
[2008.05.21 08:03:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008.04.10 20:46:32 | 000,001,165 | ---- | C] () -- C:\WINDOWS\APDFPRP.INI
[2008.02.28 17:54:21 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\acdfcbdad_r.dll
[2008.02.21 22:24:27 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008.02.21 22:24:27 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.02.21 22:23:48 | 000,151,040 | -HS- | C] () -- C:\WINDOWS\System32\VistaUltm.dll
[2008.02.21 22:23:48 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\Smab0.dll
[2008.02.19 21:40:47 | 000,000,551 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\AutoGK.ini
[2008.02.19 00:16:09 | 000,000,160 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2008.02.17 17:05:18 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2008.02.02 16:13:18 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2008.02.02 11:17:35 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL
[2008.01.09 13:18:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.01.02 12:00:43 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\PnkBstrK.sys
[2008.01.02 12:00:12 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini
[2007.12.11 21:43:44 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007.12.09 14:00:18 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll
[2007.10.20 12:14:33 | 000,000,033 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.log
[2007.10.20 12:14:31 | 000,007,861 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.cat
[2007.10.20 12:14:30 | 000,001,104 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.inf
[2007.10.20 12:14:30 | 000,000,125 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.ini
[2007.10.20 12:14:30 | 000,000,033 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.log
[2007.10.20 12:14:25 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.cat
[2007.10.20 12:14:25 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.inf
[2007.10.17 20:03:19 | 000,137,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007.07.25 15:24:28 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007.07.09 20:25:06 | 000,015,852 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2007.04.09 23:13:27 | 000,000,022 | ---- | C] () -- C:\WINDOWS\FightBoard.INI
[2007.03.10 13:51:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.11.10 15:26:40 | 000,000,256 | ---- | C] () -- C:\WINDOWS\onlineeye.INI
[2006.10.14 15:01:13 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini
[2006.08.11 16:14:08 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2006.08.11 16:14:08 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006.08.11 15:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006.07.05 14:44:42 | 000,001,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2006.05.29 08:15:26 | 000,003,206 | ---- | C] () -- C:\WINDOWS\tm.ini
[2006.05.23 13:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006.03.24 17:24:31 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2006.03.24 17:24:31 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2006.03.11 12:43:38 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.02.04 21:27:43 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006.01.29 15:37:54 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006.01.09 16:42:07 | 000,000,557 | ---- | C] () -- C:\WINDOWS\ZEUGNIS3.INI
[2006.01.04 14:31:32 | 000,000,046 | ---- | C] () -- C:\WINDOWS\hmview.ini
[2006.01.03 21:05:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.01.03 20:25:20 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2005.11.11 14:47:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005.11.11 14:47:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005.10.31 23:03:24 | 000,006,097 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005.10.22 13:53:16 | 000,000,243 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2005.10.22 13:38:21 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV62.sys
[2005.10.16 19:32:07 | 000,000,929 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2005.09.24 10:38:14 | 000,000,316 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos4_5_dlx.INI
[2005.09.17 10:01:27 | 000,000,046 | ---- | C] () -- C:\WINDOWS\mxcdr.INI
[2005.09.15 13:01:59 | 000,000,249 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos3_5_dlx.INI
[2005.09.15 12:54:21 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005.09.15 12:33:01 | 000,000,085 | ---- | C] () -- C:\WINDOWS\magix.ini
[2005.09.15 12:33:00 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2005.09.03 09:31:25 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005.08.17 17:41:34 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2005.08.16 18:44:34 | 000,073,216 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.08.15 13:54:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Classic.INI
[2005.08.12 16:35:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ui.INI
[2005.08.12 15:54:20 | 000,000,109 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2005.08.12 14:47:49 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2005.08.12 14:42:42 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2005.08.12 14:41:59 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\LVUI2RC.dll
[2005.08.12 14:41:59 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2005.08.12 14:36:27 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WINPHONE.INI
[2005.08.12 14:25:56 | 000,000,506 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.08.12 14:00:47 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005.08.12 13:58:36 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005.08.12 13:40:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\12kCUusd.dll
[2005.08.11 23:10:30 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2005.08.11 22:35:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winpm.INI
[2005.08.11 22:33:01 | 003,592,192 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2005.08.11 21:40:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2005.08.11 04:03:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.08.10 00:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005.08.10 00:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005.06.16 19:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2005.01.02 21:02:47 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2005.01.02 21:02:39 | 000,000,478 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2004.05.27 16:52:52 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\mslffv1.dll
[2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002.03.21 14:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002.03.21 02:08:47 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002.03.20 21:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2001.12.31 16:59:52 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2001.12.31 16:59:46 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2001.12.31 16:59:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
 
========== LOP Check ==========
 
[2009.07.26 10:06:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2008.05.21 18:18:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Astonsoft
[2007.07.21 20:23:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2009.01.08 18:26:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2008.02.19 00:17:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elaborate Bytes
[2009.04.27 21:14:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution
[2008.02.19 00:16:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
[2009.04.23 19:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2007.06.29 22:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2007.04.20 14:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2009.12.07 23:41:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2005.08.12 14:28:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2009.01.19 14:08:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
[2005.08.17 14:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ACD Systems
[2005.08.11 23:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Acronis
[2009.11.23 22:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\AKVIS
[2009.12.07 15:37:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Azureus
[2007.07.21 14:06:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\BitTorrent
[2007.12.10 23:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\BOM
[2007.04.21 23:36:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
[2007.03.03 13:49:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Command & Conquer 3 Tiberium Wars Demo
[2010.04.04 18:34:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Copernic
[2008.02.11 21:37:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DAEMON Tools
[2007.10.20 13:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DAEMON Tools Pro
[2008.05.21 18:24:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DeepBurner
[2008.02.21 18:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DigiOnline GmbH
[2009.02.03 18:28:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DisplayTune
[2009.04.26 09:29:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\FileZilla
[2010.08.03 12:35:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\gp-Untis
[2010.03.01 20:36:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ImgBurn
[2009.07.26 10:00:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\IrfanView
[2006.06.15 20:19:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Jasc
[2008.04.25 15:03:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Leadertech
[2005.09.24 13:18:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\MAGIX
[2009.09.01 22:20:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\MindMapper 2008
[2010.09.02 19:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Miranda
[2006.04.14 23:16:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mp3tag
[2009.02.26 19:09:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\OpenOffice.org
[2008.09.06 10:52:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Opera
[2010.09.08 16:32:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Password Solutions
[2006.10.14 14:56:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\PPLive
[2009.07.14 12:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ppstream
[2009.04.27 21:04:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\RapidSolution
[2008.10.16 12:01:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\SanDisk
[2009.03.09 21:27:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\SlySoft
[2009.04.23 19:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Sony
[2005.11.05 20:07:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Steinberg
[2006.01.03 20:26:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\T-Online
[2009.01.21 18:52:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\TeamViewer
[2007.04.20 14:40:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Teleca
[2010.02.24 16:30:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\The Creative Assembly
[2010.07.06 13:14:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Thunderbird
[2005.08.12 14:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\TuneUp Software
[2008.02.12 20:54:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Vso
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2005.08.12 16:08:25 | 000,000,000 | ---- | M] () -- C:\.officebib.history.dat
[2005.08.11 21:10:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009.11.01 09:57:45 | 000,000,315 | RHS- | M] () -- C:\boot.ini
[2001.08.18 12:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2005.10.22 13:54:01 | 000,000,299 | ---- | M] () -- C:\clony.txt
[2005.08.11 21:10:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008.01.04 18:01:42 | 000,000,032 | ---- | M] () -- C:\csb.log
[2009.11.23 22:55:39 | 000,000,000 | ---- | M] () -- C:\DTSHDSpOut.txt
[2009.10.11 13:07:26 | 000,000,181 | ---- | M] () -- C:\InstallHelper.log
[2005.08.11 21:10:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005.08.12 14:40:07 | 000,002,695 | ---- | M] () -- C:\LGSInst.Log
[2005.08.12 14:41:18 | 000,000,090 | ---- | M] () -- C:\LogiSetup.log
[2010.10.12 19:51:50 | 000,000,158 | ---- | M] () -- C:\mbam-error.txt
[2005.08.11 21:10:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009.03.27 10:18:00 | 000,814,501 | ---- | M] () -- C:\nonficker.dll
[2005.08.11 21:39:23 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2005.08.11 21:39:23 | 000,251,184 | RHS- | M] () -- C:\ntldr
[2010.10.13 10:04:08 | 2146,938,880 | -HS- | M] () -- C:\pagefile.sys
[2009.02.03 18:26:10 | 000,000,173 | ---- | M] () -- C:\pdisdk.log
[2009.02.03 18:26:20 | 000,000,184 | ---- | M] () -- C:\pivot.log
[2009.03.16 21:03:18 | 000,000,172 | ---- | M] () -- C:\TO_InstallLog.txt
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.04.19 20:21:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006.07.02 22:37:10 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006.04.19 20:21:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006.07.02 22:37:12 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2005.08.11 21:10:02 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.10.14 16:43:18 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006.10.14 16:44:44 | 000,671,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2005.08.11 05:01:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005.08.11 05:01:06 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005.08.11 05:01:06 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\system32\user32.dll /md5 >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\system32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2004.08.04 00:57:40 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=D569240A22421D5F670BB6FB6DD522B5 -- C:\WINDOWS\system32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2004.08.04 00:57:40 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=B3ADA72D1E3E10A8F6430669DFC38ED0 -- C:\WINDOWS\system32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE  >
[2002.08.29 03:43:36 | 001,007,104 | ---- | M] (Microsoft Corporation) MD5=22B0A56E6C5847292437078B484EC61B -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\explorer.exe
[2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe
[2002.08.29 03:43:42 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Files - Unicode (All) ==========
[2010.02.01 20:35:19 | 000,015,371 | ---- | M] ()(C:\Dokumente und Einstellungen\btsv\Eigene Dateien\?Interpretationshilfe_Farben.pdf) -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\Interpretationshilfe_Farben.pdf
[2010.02.01 20:35:19 | 000,015,371 | ---- | C] ()(C:\Dokumente und Einstellungen\btsv\Eigene Dateien\?Interpretationshilfe_Farben.pdf) -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\Interpretationshilfe_Farben.pdf
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wtsapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wsock32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winspool.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winscard.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winlogon.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vct3216.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\uxtheme.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sxs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\svchost.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\smss.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shsvcs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\services.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sens.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\secur32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\schannel.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\psapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oodag.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netshell.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcrt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msutb.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msimg32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msiexec.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm32.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\midimap.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lsass.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\imm32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\processr.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\ohci1394.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nic1394.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mssmbios.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\ACPI.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CTSVCCDA.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctfmon.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\csrss.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cscdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\apphelp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\advapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\btsv\Startmenü\Programme\Autostart\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini:KAVICHS
@Alternate Data Stream - 48 bytes -> C:\WINDOWS:414D5E5B2C7E43DC
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshirda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wlnotify.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wintrust.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32spl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiavusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiaservc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webcheck.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32time.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vfwwdm32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\version.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\userenv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usbmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ups.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uniplat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unimdmat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unimdm.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsbyuv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\trkwks.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tlntsvr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\themeui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\termsrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stobject.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stdole32.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpsrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spoolss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sound.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smlogsvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sl_anet.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shmgrate.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shfolder.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdoclc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sessmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sensapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\seclogon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scesrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scecli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scardsvr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samsrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rundll32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regsvr32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rastls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rastapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasppp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\raschap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pstorsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psbase.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\progman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\profmap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pjlmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfproc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oodagrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olepro32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oledlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleaut32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oakley.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntshrui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\notepad.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netlogon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netdde.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ndptsp.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nddeapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncobjapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mydocs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msyuv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvidc32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp61.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mstlsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrle32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msprivs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msisip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msh263.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msh261.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msctf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaud32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msasn1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msadp32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPG4C32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mouse.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\modemui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mnmsrvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmsystem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfcsubs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc42loc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc42.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\locator.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\localspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lmhsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lhacm.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kmddsp.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keyboard.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javasup.vxd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iyuv_32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\irmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir50_32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir41_32.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir32_32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipsecsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipconf.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetpp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imapi.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imagehlp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imaadp32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ie4uinit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icmp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iccvid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icaapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iac25_32.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpzlnt04.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hidphone.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\h323.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventlog.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eumex4sp.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\duser.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drwtsn32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WSTCODEC.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WmXlCore.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WmVirHid.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WmBEnum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wanarp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vga.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\USBSTOR.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbohci.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbehci.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbccgp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usb8023.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\update.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ulisa.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\termdd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sysaudio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swmidi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swenum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\StreamIP.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SSHDRV62.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\sr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SONYPVU1.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SLIP.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sfhlp01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serial.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serenum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\secdrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\scsiport.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rootmdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\redbook.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdpdr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdpcdd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspti.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspptp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspppoe.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasl2tp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasirda.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasacd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ptilink.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\psched.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\prosync1.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\prohlp02.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\prodrv06.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\pciide.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\parport.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkfwd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkflt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nmnt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbios.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndiswan.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndisuio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndistapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NdisIP.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NABTSFEC.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSTEE.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSPQM.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSPCLOCK.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSKSSRV.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\msgpc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mrxdav.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LVSound2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\lvce.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LMouFlt2.Sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LHIDUSB.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LHIDFLT2.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\L8042pr2.Sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\isapnp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\irsir.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\irenum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\irda.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipsec.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipinip.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipfltdrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ip6fw.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\imapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\HIDSwvd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\GcKernel.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\ftdisk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\flpydisk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fdc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\drmkaud.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\DMusic.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmboot.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\disk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\detewecp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdrom.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\CCDECODE.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Capi20.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmarpc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\atapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\asyncmac.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\arp1394.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\afd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsrslvr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmserver.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmadmin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllhost.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrsrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMNCTR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comm.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comdlg32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnbjmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clipsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cisvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cfgmgr32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\certcli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1253.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1251.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1250.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browser.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browselc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootvid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\batmeter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\basesrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autochk.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\audiosrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asycfilt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asfsipc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\actxprxy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ACDV.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12kCUusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\regedit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\LOGI_MWX.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Eigene Dateien\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Desktop\TeamSpeak 2 RC2.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Desktop\(E).lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini:KAVICHS
@Alternate Data Stream - 146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:054B9966
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\setupapi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\explorer.exe:KAVICHS

< End of report >
--- --- ---

glasnost 13.10.2010 09:45
Und noch die Logfiles aus dem Extralog.OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 13.10.10 10:32:07 - Run 1
OTL by OldTimer - Version 3.2.15.2    Folder = C:\Dokumente und Einstellungen\btsv\Desktop\MFTools
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = c:\Programme
Drive C: | 19,53 Gb Total Space | 4,69 Gb Free Space | 23,99% Space Free | Partition Type: NTFS
Drive E: | 100,08 Gb Total Space | 11,93 Gb Free Space | 11,92% Space Free | Partition Type: NTFS
Drive F: | 33,77 Gb Total Space | 20,78 Gb Free Space | 61,55% Space Free | Partition Type: NTFS
Drive H: | 172,79 Gb Total Space | 7,64 Gb Free Space | 4,42% Space Free | Partition Type: NTFS
Drive I: | 292,96 Gb Total Space | 18,11 Gb Free Space | 6,18% Space Free | Partition Type: NTFS
 
Computer Name: LUGL | User Name: btsv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "e:\Programme\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "e:\Programme\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [Winamp.Bookmark] -- "e:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "e:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "e:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Programme\Miranda IM\miranda32.exe" = F:\Programme\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"E:\Programme\Valve\Steam\Steam.exe" = E:\Programme\Valve\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"f:\Programme\BitTorrent\bittorrent.exe" = f:\Programme\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent -- File not found
"E:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = E:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- File not found
"I:\Programme\Unreal Tournament 3\Binaries\UT3.exe" = I:\Programme\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- File not found
"E:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = E:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)  -- ()
"I:\Programme\Ubisoft\Far Cry 2\bin\FarCry2.exe" = I:\Programme\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"I:\Programme\Ubisoft\Far Cry 2\bin\FC2Launcher.exe" = I:\Programme\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft)
"I:\Programme\Ubisoft\Far Cry 2\bin\FC2Editor.exe" = I:\Programme\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment)
"H:\Programme\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe" = H:\Programme\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:*:Enabled:Call of Juarez - Bound in Blood -- (Techland)
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"E:\Programme\Sony Ericsson\Update Service\Update Service.exe" = E:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"E:\Programme\Valve\Steam\SteamApps\common\empire total war\Empire.exe" = E:\Programme\Valve\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd)
"I:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = I:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"E:\Programme\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe" = E:\Programme\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe:*:Enabled:Office Password Recovery PRO -- File not found
"E:\Programme\Valve\Steam\SteamApps\common\dawn of war 2\DOW2.exe" = E:\Programme\Valve\Steam\SteamApps\common\dawn of war 2\DOW2.exe:*:Enabled:Warhammer® 40,000™: Dawn of War® II -- (THQ Canada Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01E9CBDA-5480-4FE8-BBC9-BE29BB8AB4C0}" =
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{06204E2A-6369-43ED-A9CF-49B5F49915FA}" = Twin Digital GamePad
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{178A1098-E15E-4FCF-8748-B613DC687FF0}" = MarkAble
"{1850E508-D6C3-4820-AD23-7F73A2BC606C}_is1" = Elcomsoft Password Recovery Studio
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A20BC22-8F21-4A2A-9F4A-E31FC0E5C7E3}" = ACDSee 6.0 PowerPack
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{226CA5FA-D90E-4B78-9325-2DDA68BA691A}" = Duden Korrektor PLUS 3
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{347C6ECC-7DB2-49CC-A344-1FB0606DA662}" = WW-Essensplaner
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3648253A-C2C4-4CFB-8BE5-381D1C638B94}" = GameSpy Comrade
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{4300EF0D-2041-4179-AFFF-21E01160740F}" = Eumex 504PC USB
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A684677-2EB8-41DF-941D-BEA07D50D545}" = Videoraptor
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4CE4B975-A5C1-43C0-A565-C00F0ABFC94C}" = PC-Bibliothek 3.0
"{52809086-618D-4F0B-8BF1-B75A5BB817A4}" = Sony Ericsson PC Suite
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{53480520-7555-470E-8C69-750B0472B4BB}" = O&O Defrag Professional Edition
"{53EF6570-21A4-47ED-A40A-E6470A5677A3}" = Studio 8
"{54971F17-9D16-4D43-95D6-3A86E3D20EDB}" = Office-Bibliothek 4.1
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5D956474-97AD-4E03-87F6-37F06437359E}" = MindMapper 2009
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68F19BCC-49D3-49FF-BAAC-A147C66A9710}" = AMD Power Monitor
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{80157B54-DB3E-4EE9-8AD8-63A905765FF4}_is1" = Opti Drive Control 1.47
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{93EC14D5-7AAA-4EAD-BB75-013817A96598}" = Logitech Gaming Software
"{9665B325-3F96-11D6-A1FA-000374890932}" = TuneUp Utilities 2003
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4729BF-0396-47EF-AA0B-3A04111F19F9}" = FightBoard Advanced 1.00
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Evaluation
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1" = PDF-XChange 4
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" =  Sansa Media Converter
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"5A46830178E35AB63403A85E361CCD6FA32C9078" = Windows-Treiberpaket - Sony Ericsson (seehcri) USB  (01/09/2008 1.1.0.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced RAR Password Recovery" = Advanced RAR Password Recovery (remove only)
"Advanced RAR Repair v1.0" = Advanced RAR Repair v1.0
"Anotha ID3 Editor" = Anotha ID3 Editor 1.51
"Anti-Twin 2009-04-29 20.45.46" = Anti-Twin (Installation 29.04.2009)
"AnyDVD" = AnyDVD
"ASAPI Update" = ASAPI Update
"Ashampoo Photo Optimizer FREE_is1" = Ashampoo Photo Optimizer FREE
"AudioConSole" = Creative-Audiokonsole
"Audiograbber" = Audiograbber 1.83 SE
"AutoGK" = Auto Gordian Knot 2.45
"Avi2Dvd" = Avi2Dvd 0.4.5 beta
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Azureus Vuze" = Azureus Vuze
"Bf2SP64 2.31" = Bf2SP64 2.31
"Biet-O-Matic v2.4.1" = Biet-O-Matic v2.4.1
"Boilsoft AVI to VCD SVCD DVD Converter_is1" = Boilosft AVI to VCD SVCD DVD Converter 3.61
"BSPlayer1" = BSPlayer
"CDBF - DBF Viewer and Editor_is1" = Version 1.45.01
"CDex" = CDex extraction audio
"Clean 5" = Clean 5
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Das Neue Dr.Brain Gehirn Jogging" = Das Neue Dr.Brain Gehirn Jogging
"DBF Viewer 2000" = DBF Viewer 2000 2.45
"Digitale Bibliothek 3" = Digitale Bibliothek 3
"DirectVobSub" = DirectVobSub (remove only)
"DVD Identifier_is1" = DVD Identifier
"eMule" = eMule
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.2.4
"fotocommunity" = fotocommunity
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"FreeFileSync" = FreeFileSync
"Game Jackal v4_is1" = Game Jackal v4.1.0.8 (32 bit)
"GameSpy Arcade" = GameSpy Arcade
"Geschichtslexikon" = Geschichtslexikon
"GUI for dvdauthor" = GUI for dvdauthor 1.04
"Hamachi" = Hamachi 1.0.3.0
"HD Tune_is1" = HD Tune 2.54
"HijackThis" = HijackThis 2.0.2
"Hollywood FX 4.6" = Pinnacle Hollywood FX 4.6
"hp deskjet 960c series" = hp deskjet 960c series (nur entfernen)
"iDump" = iDump v1.1.1
"ImgBurn" = ImgBurn
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{226CA5FA-D90E-4B78-9325-2DDA68BA691A}" = Duden Korrektor PLUS 3
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.5.5
"jv16 PowerTools_is1" = jv16 PowerTools 2007
"KeyView for Lotus" = KeyView for Lotus 97
"LabelEditor" = Label Editor
"MAGIX Foto Manager" = MAGIX Foto Manager
"MAGIX Music Manager" = MAGIX Music Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.0
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Miranda IM" = Miranda IM 0.9.4
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"Mp3tag" = Mp3tag v2.41
"MusicBrainz Picard" = MusicBrainz Picard 0.11
"MUSTEK 1200 CU v2.0a" = MUSTEK 1200 CU v2.0a
"Nero - Burning Rom!UninstallKey" = Ahead Nero - Burning Rom
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.0b
"PDFCreator Toolbar" = PDFCreator Toolbar
"Photo to Sketch Pro_is1" = Photo to Sketch Pro 3.6
"Picasa 3" = Picasa 3
"Product_Name" = sbPlus
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"SCHLECKER Foto-Digital-Service" = SCHLECKER Foto-Digital-Service
"SCOLA-Zeugnis 2008" = SCOLA-Zeugnis 2008 Dezember 2007
"SiSoftware Sandra Professional_is1" = SiSoftware Sandra Professional 2003
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"SUPER ©" = SUPER © Version 2008.bld.25 (Feb 5, 2008)
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"Untis 2011" = Untis 2011
"Update Service" = Update Service
"VLC media player" = VideoLAN VLC media player 0.8.6f
"VobSub" = VobSub v2.23 (Remove Only)
"WaveLabLite" = WaveLab Lite
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Weight Watchers MP5_is1" = Weight Watchers MP5
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Winamp 5.02 Deutsche Sprachdatei v14" = Deutsche Sprachdatei für Winamp 5.02 v14
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"WW3C" = WebWeaver Client
"Xfire" = Xfire (remove only)
"XMedia Recode" = XMedia Recode 2.0.5.3
"xp-AntiSpy" = xp-AntiSpy 3.94-2
"XpertVision_is1" = XpertVision 5.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"XVid;-)" = XVid;-)
"XviD_is1" = XviD MPEG-4 Video Codec
"XviDDec" = Nic's XviD Decoder
"ZoomPlayer" = Zoom Player (remove only)
"ZoomPlayerLang" = Zoom Player German language (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced PDF Password Recovery" = Advanced PDF Password Recovery
"Sansa Updater" = Sansa Updater
"Skat-Online V4" = Skat-Online V4
"Skat-Online V7" = Skat-Online V7
 
========== Last 10 Event Log Errors ==========
 
[ System Events ]
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Creative Service for CDROM Access" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Portrait Displays Display Tune Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Machine Debug Manager" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "O&O Defrag" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Game Jackal Server" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Sony Ericsson OMSI download service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 13.10.10 04:32:23 | Computer Name = LUGL | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 13.10.10 04:32:23 | Computer Name = LUGL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:  %%2
 
 
< End of report >
--- --- ---

markusg 13.10.2010 10:53
wo ist das malwarebytes log?
bitte otl wie folgt laufen lassen:
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
bitte beide posten

glasnost 13.10.2010 11:15
Äh, die Logs von malwarebytes habe ich doch angehängt...

markusg 13.10.2010 11:39
übersehen.
malwarebytes, update, komplett scan und das neue log posten

glasnost 13.10.2010 19:38
Neue Logs:OTL Logfile:
Code:
OTL logfile created on: 13.10.10 12:11:32 - Run 2
OTL by OldTimer - Version 3.2.15.2    Folder = C:\Dokumente und Einstellungen\btsv\Desktop\MFTools
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = c:\Programme
Drive C: | 19,53 Gb Total Space | 4,66 Gb Free Space | 23,87% Space Free | Partition Type: NTFS
Drive E: | 100,08 Gb Total Space | 11,93 Gb Free Space | 11,92% Space Free | Partition Type: NTFS
Drive F: | 33,77 Gb Total Space | 20,78 Gb Free Space | 61,55% Space Free | Partition Type: NTFS
Drive H: | 172,79 Gb Total Space | 7,64 Gb Free Space | 4,42% Space Free | Partition Type: NTFS
Drive I: | 292,96 Gb Total Space | 18,11 Gb Free Space | 6,18% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: Max mustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\btsv\Desktop\MFTools\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - c:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - c:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\SurMixer.exe (Creative Technology Ltd)
PRC - C:\Programme\Creative\SBAudigy2ZS\Speaker Settings\SpkSet.exe (Creative Technology Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\btsv\Desktop\MFTools\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (GJService) -- E:\Programme\SlySoft\Game Jackal\Game Jackal v4\Server.exe ()
SRV - (AntiVirService) -- c:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- c:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (aaaaanonficker) -- C:\nonficker.dll ()
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (DTSRVC) -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (aawservice) -- C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (xmasscsi) -- C:\WINDOWS\System32\Drivers\xmasscsi.sys File not found
DRV - (vaxscsi) -- C:\WINDOWS\System32\Drivers\vaxscsi.sys File not found
DRV - (AMDPCI) -- e:\Temp\AMDPCI.sys File not found
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (MaplomL) -- C:\WINDOWS\System32\drivers\maploml.sys (SlySoft Inc.)
DRV - (Maplom) -- C:\WINDOWS\System32\drivers\maplom.sys (SlySoft Inc.)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (avgio) -- c:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (ezplay) -- C:\WINDOWS\system32\drivers\ezplay.sys (VSO Software)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (SIVDRIVER) -- C:\WINDOWS\system32\drivers\SIVX32.sys (Ray Hinchliffe)
DRV - (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) -- C:\WINDOWS\system32\drivers\s3017unic.sys (MCCI Corporation)
DRV - (s3017obex) -- C:\WINDOWS\system32\drivers\s3017obex.sys (MCCI Corporation)
DRV - (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s3017mgmt.sys (MCCI Corporation)
DRV - (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) -- C:\WINDOWS\system32\drivers\s3017nd5.sys (MCCI Corporation)
DRV - (s3017mdm) -- C:\WINDOWS\system32\drivers\s3017mdm.sys (MCCI Corporation)
DRV - (s3017mdfl) -- C:\WINDOWS\system32\drivers\s3017mdfl.sys (MCCI Corporation)
DRV - (s3017bus) Sony Ericsson Device 3017 driver (WDM) -- C:\WINDOWS\system32\drivers\s3017bus.sys (MCCI Corporation)
DRV - (MarkFun_NT) -- C:\Programme\GIGABYTE\@BIOS\markfun.w32 (Windows (R) 2000 DDK provider)
DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech Inc.)
DRV - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- C:\WINDOWS\system32\drivers\s116unic.sys (MCCI Corporation)
DRV - (s116obex) -- C:\WINDOWS\system32\drivers\s116obex.sys (MCCI Corporation)
DRV - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- C:\WINDOWS\system32\drivers\s116nd5.sys (MCCI Corporation)
DRV - (s116mgmt) Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s116mgmt.sys (MCCI Corporation)
DRV - (s116mdm) -- C:\WINDOWS\system32\drivers\s116mdm.sys (MCCI Corporation)
DRV - (s116mdfl) -- C:\WINDOWS\system32\drivers\s116mdfl.sys (MCCI Corporation)
DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation)
DRV - (TBPanel) -- C:\WINDOWS\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (Cardex) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (Pivot) -- C:\WINDOWS\system32\drivers\pivot.sys (Portrait Displays, Inc.)
DRV - (pivotmou) -- C:\WINDOWS\system32\drivers\pivotmou.sys (Portrait Displays, Inc.)
DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV - (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) -- C:\WINDOWS\system32\drivers\se27unic.sys (MCCI)
DRV - (SE27obex) -- C:\WINDOWS\system32\drivers\SE27obex.sys (MCCI)
DRV - (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) -- C:\WINDOWS\system32\drivers\se27nd5.sys (MCCI)
DRV - (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\SE27mgmt.sys (MCCI)
DRV - (SE27mdm) -- C:\WINDOWS\system32\drivers\SE27mdm.sys (MCCI)
DRV - (SE27mdfl) -- C:\WINDOWS\system32\drivers\SE27mdfl.sys (MCCI)
DRV - (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\SE27bus.sys (MCCI)
DRV - (systormflb) -- C:\WINDOWS\system32\drivers\systormflb.sys (Copyright (C) Listan GmbH & Co.KG)
DRV - (PfDetNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (MIINPazX) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys (T-Online International AG, Marmiko IT-Solutions GmbH)
DRV - (nvatabus) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (SSHDRV62) -- C:\WINDOWS\system32\drivers\SSHDRV62.sys ()
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (CAPI20) -- C:\WINDOWS\system32\drivers\Capi20.sys (DeTeWe Berlin)
DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (L8042pr2) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys (Logitech, Inc.)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS (Logitech, Inc.)
DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)
DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (prosync1) -- C:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (ulisa) Telekom ISDN-Adapter (USB) -- C:\WINDOWS\system32\drivers\ulisa.sys (DeTeWe Berlin)
DRV - (DETEWECP) -- C:\WINDOWS\System32\drivers\detewecp.sys (DeTeWe Berlin)
DRV - (SI3112r) -- C:\WINDOWS\system32\DRIVERS\si3112r.sys (Silicon Image, Inc)
DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (ASPI) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (QCEmerald) Logitech QuickCam Web(PID_0850) -- C:\WINDOWS\system32\drivers\lvce.sys (Logitech Inc.)
DRV - (lusbaudio) -- C:\WINDOWS\system32\drivers\LVSound2.sys (Logitech Inc.)
DRV - (HIDSwvd) -- C:\WINDOWS\system32\drivers\HIDSwvd.sys (Microsoft Corporation)
DRV - (msgame) -- C:\WINDOWS\system32\drivers\msgame.sys (Microsoft Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-746137067-583907252-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-746137067-583907252-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.mini20.com/
IE - HKU\S-1-5-21-746137067-583907252-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\software\mozilla\Firefox\extensions\\videoraptor-firefox-surf-and-catch-extension@audials.com: e:\Programme\RapidSolution\Videoraptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\ [2009.04.27 21:03:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.25 13:30:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.07 21:51:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.09.20 05:44:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.10.07 21:51:12 | 000,000,000 | ---D | M]
 
[2010.07.06 13:14:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Extensions
[2010.07.06 13:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.10.13 09:32:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions
[2010.07.09 19:56:41 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2007.12.09 13:32:52 | 000,000,000 | ---D | M] (Biet-O-Matic Firefox Extension) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}
[2007.10.20 13:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2008.09.21 10:35:58 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010.09.19 16:56:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008.02.10 12:00:17 | 000,001,670 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\searchplugins\verleihshopde.xml
[2010.10.13 09:32:50 | 000,000,000 | ---D | M] -- c:\Programme\Mozilla Firefox\extensions
[2010.02.28 12:50:41 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- c:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.09.25 13:30:23 | 000,001,392 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.25 13:30:23 | 000,002,344 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.25 13:30:23 | 000,006,805 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.25 13:30:23 | 000,001,178 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.25 13:30:24 | 000,001,105 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.02.06 20:24:55 | 000,000,137 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Videoraptor_WebRipPlugin Class) - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - e:\Programme\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll (RapidSolution Software)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - c:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-21-746137067-583907252-682003330-1003\..\Toolbar\WebBrowser: (no name) - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - No CLSID value found.
O3 - HKU\S-1-5-21-746137067-583907252-682003330-1003\..\Toolbar\WebBrowser: (no name) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] c:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DT HPW] C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [FightBoard] e:\Programme\REVOLTEC\FightBoard Advanced 1.00\FightBoard.exe ()
O4 - HKLM..\Run: [Gainward] c:\Programme\XpertVision\TBPanel.exe (Xpertvision, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz]  File not found
O4 - HKU\.DEFAULT..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = E:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-583907252-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00  [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\hio {755F9D06-1AF6-43D0-9832-42D83A1061A9} - C:\Programme\Gemeinsame Dateien\DigiOnline GmbH\HierObjects.dll (DigiOnline GmbH)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\host32.exe) - C:\WINDOWS\host32.exe File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2005.08.11 21:10:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{820b443e-32c7-11db-9dab-000fea271508}\Shell - "" = AutoRun
O33 - MountPoints2\{820b443e-32c7-11db-9dab-000fea271508}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{820b443e-32c7-11db-9dab-000fea271508}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d63c2e38-d82b-11da-9379-000fea271508}\Shell - "" = AutoRun
O33 - MountPoints2\{d63c2e38-d82b-11da-9379-000fea271508}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d63c2e38-d82b-11da-9379-000fea271508}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (oodbs) - C:\WINDOWS\System32\oodbs.exe (O&O Software GmbH)
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: aaaaanonficker - C:\nonficker.dll ()
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk - C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Office-Bibliothek-Direktsuche.lnk - F:\Programme\Office-Bibliothek\PCLib.exe - ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: aawservice - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000 begin_of_the_skype_highlighting**************056-444553540000******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************056-444553540000******end_of_the_skype_highlighting} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: aawservice - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup -
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Sicherheitsupdate für Windows XP (KB913433)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {9C450606-ED24-4958-92BA-B8940C99D441} - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.PIM1 - C:\WINDOWS\System32\pclepim1.dll (Pinnacle Systems)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.13 10:44:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Desktop\Gmer
[2010.10.13 10:26:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Desktop\MFTools
[2010.10.13 10:02:19 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\btsv\Recent
[2010.10.12 13:31:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Avira
[2010.10.12 13:06:21 | 000,000,000 | -HSD | C] -- C:\WINDOWS\jh87uhnoe3
[2010.10.07 21:50:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.09.30 23:25:16 | 000,030,376 | ---- | C] (Elaborate Bytes AG) -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys
[2010.09.30 13:18:24 | 000,089,256 | ---- | C] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll
[2010.09.18 17:04:26 | 000,049,944 | ---- | C] (Tracker Software Products Ltd.) -- C:\WINDOWS\System32\pxc40pm.dll
[2010.09.18 17:04:23 | 000,000,000 | ---D | C] -- c:\Programme\Tracker Software
[2010.09.18 17:04:10 | 000,282,624 | ---- | C] (TODO: <회사 이름>) -- C:\WINDOWS\System32\TwdFilt.dll
[2010.09.14 15:16:06 | 000,108,480 | ---- | C] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2010.01.10 14:29:09 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpe10.dll
[2007.10.20 12:14:30 | 000,094,208 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.sys
[2007.10.20 12:14:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.sys
[2006.08.11 15:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.13 11:03:13 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20021102}.CDF
[2010.10.13 10:26:37 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Gmer.zip
[2010.10.13 10:26:37 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\defogger.exe
[2010.10.13 10:25:18 | 000,388,977 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Load.exe
[2010.10.13 10:25:16 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI
[2010.10.13 10:04:45 | 000,000,160 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2010.10.13 10:04:26 | 000,271,830 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.10.13 10:04:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.13 10:02:38 | 000,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.10.13 10:02:38 | 000,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.10.13 10:02:38 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.10.13 10:02:38 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.10.13 10:02:38 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx
[2010.10.13 10:02:38 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.10.13 10:02:38 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010.10.12 13:20:45 | 000,002,425 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\ABBYY FineReader 8.0 Professional Edition.lnk
[2010.10.12 13:11:43 | 000,002,403 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Paint Shop Pro 7.lnk
[2010.10.12 08:25:14 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Skype.lnk
[2010.10.11 21:58:19 | 000,234,280 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010.10.11 21:24:04 | 000,137,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.10.07 21:51:12 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.10.07 21:38:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.03 11:45:12 | 000,000,626 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AnyDVD.lnk
[2010.09.30 23:25:16 | 000,030,376 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys
[2010.09.30 13:18:24 | 000,089,256 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll
[2010.09.27 20:40:22 | 000,000,575 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Miranda IM.lnk
[2010.09.25 09:15:58 | 000,000,699 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Game Jackal v4.lnk
[2010.09.19 19:57:14 | 000,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010.09.18 17:04:02 | 000,000,405 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MindMapper 2009.lnk
[2010.09.15 18:42:18 | 000,046,528 | ---- | M] (SlySoft Inc.) -- C:\WINDOWS\System32\drivers\maploml.sys
[2010.09.15 10:35:32 | 000,030,144 | ---- | M] (SlySoft Inc.) -- C:\WINDOWS\System32\drivers\maplom.sys
[2010.09.14 15:16:06 | 000,108,480 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
 
========== Files Created - No Company Name ==========
 
[2010.10.13 10:26:23 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\defogger.exe
[2010.10.13 10:26:22 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Gmer.zip
[2010.10.13 10:25:18 | 000,388,977 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Load.exe
[2010.10.07 21:51:12 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.09.18 17:04:02 | 000,000,405 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MindMapper 2009.lnk
[2010.09.08 22:26:50 | 000,000,115 | ---- | C] () -- C:\WINDOWS\AWOPR.INI
[2010.09.08 17:52:44 | 000,002,092 | ---- | C] () -- C:\WINDOWS\aopr.ini
[2010.09.08 16:51:17 | 000,000,259 | ---- | C] () -- C:\WINDOWS\pwc62ud.INI
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010.02.01 20:35:14 | 000,000,056 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\_pdf_.prt
[2010.01.26 21:30:06 | 000,000,435 | ---- | C] () -- C:\WINDOWS\MM2009Viewer.INI
[2009.12.15 22:43:19 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\TEVPXCW60.DLL
[2009.12.15 22:43:19 | 000,000,039 | ---- | C] () -- C:\WINDOWS\TDEVXCW60.DLL
[2009.12.15 22:43:19 | 000,000,038 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009.07.14 15:46:20 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Apache3.INI
[2009.04.23 14:28:13 | 000,138,960 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.02.03 18:26:19 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2009.01.12 21:12:50 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008.07.02 14:21:33 | 000,000,020 | ---- | C] () -- C:\WINDOWS\keytrans.ini
[2008.05.21 20:00:42 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI
[2008.05.21 08:03:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008.04.10 20:46:32 | 000,001,165 | ---- | C] () -- C:\WINDOWS\APDFPRP.INI
[2008.02.28 17:54:21 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\acdfcbdad_r.dll
[2008.02.21 22:24:27 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008.02.21 22:24:27 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.02.21 22:23:48 | 000,151,040 | -HS- | C] () -- C:\WINDOWS\System32\VistaUltm.dll
[2008.02.21 22:23:48 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\Smab0.dll
[2008.02.19 21:40:47 | 000,000,551 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\AutoGK.ini
[2008.02.19 00:16:09 | 000,000,160 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2008.02.17 17:05:18 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2008.02.02 16:13:18 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2008.02.02 11:17:35 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL
[2008.01.09 13:18:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.01.02 12:00:43 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\PnkBstrK.sys
[2008.01.02 12:00:12 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini
[2007.12.11 21:43:44 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007.12.09 14:00:18 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll
[2007.10.20 12:14:33 | 000,000,033 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.log
[2007.10.20 12:14:31 | 000,007,861 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.cat
[2007.10.20 12:14:30 | 000,001,104 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.inf
[2007.10.20 12:14:30 | 000,000,125 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.ini
[2007.10.20 12:14:30 | 000,000,033 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.log
[2007.10.20 12:14:25 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.cat
[2007.10.20 12:14:25 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.inf
[2007.10.17 20:03:19 | 000,137,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007.07.25 15:24:28 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007.07.09 20:25:06 | 000,015,852 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2007.04.09 23:13:27 | 000,000,022 | ---- | C] () -- C:\WINDOWS\FightBoard.INI
[2007.03.10 13:51:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.11.10 15:26:40 | 000,000,256 | ---- | C] () -- C:\WINDOWS\onlineeye.INI
[2006.10.14 15:01:13 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini
[2006.08.11 16:14:08 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2006.08.11 16:14:08 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006.08.11 15:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006.07.05 14:44:42 | 000,001,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2006.05.29 08:15:26 | 000,003,206 | ---- | C] () -- C:\WINDOWS\tm.ini
[2006.05.23 13:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006.03.24 17:24:31 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2006.03.24 17:24:31 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2006.03.11 12:43:38 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.02.04 21:27:43 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006.01.29 15:37:54 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006.01.09 16:42:07 | 000,000,557 | ---- | C] () -- C:\WINDOWS\ZEUGNIS3.INI
[2006.01.04 14:31:32 | 000,000,046 | ---- | C] () -- C:\WINDOWS\hmview.ini
[2006.01.03 21:05:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.01.03 20:25:20 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2005.11.11 14:47:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005.11.11 14:47:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005.10.31 23:03:24 | 000,006,097 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005.10.22 13:53:16 | 000,000,243 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2005.10.22 13:38:21 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV62.sys
[2005.10.16 19:32:07 | 000,000,929 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2005.09.24 10:38:14 | 000,000,316 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos4_5_dlx.INI
[2005.09.17 10:01:27 | 000,000,046 | ---- | C] () -- C:\WINDOWS\mxcdr.INI
[2005.09.15 13:01:59 | 000,000,249 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos3_5_dlx.INI
[2005.09.15 12:54:21 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005.09.15 12:33:01 | 000,000,085 | ---- | C] () -- C:\WINDOWS\magix.ini
[2005.09.15 12:33:00 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2005.09.03 09:31:25 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005.08.17 17:41:34 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2005.08.16 18:44:34 | 000,073,216 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.08.15 13:54:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Classic.INI
[2005.08.12 16:35:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ui.INI
[2005.08.12 15:54:20 | 000,000,109 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2005.08.12 14:47:49 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2005.08.12 14:42:42 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2005.08.12 14:41:59 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\LVUI2RC.dll
[2005.08.12 14:41:59 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2005.08.12 14:36:27 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WINPHONE.INI
[2005.08.12 14:25:56 | 000,000,506 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.08.12 14:00:47 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005.08.12 13:58:36 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005.08.12 13:40:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\12kCUusd.dll
[2005.08.11 23:10:30 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2005.08.11 22:35:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winpm.INI
[2005.08.11 22:33:01 | 003,592,192 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2005.08.11 21:40:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2005.08.11 04:03:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.08.10 00:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005.08.10 00:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005.06.16 19:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2005.01.02 21:02:47 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2005.01.02 21:02:39 | 000,000,478 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2004.05.27 16:52:52 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\mslffv1.dll
[2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002.03.21 14:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002.03.21 02:08:47 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002.03.20 21:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2001.12.31 16:59:52 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2001.12.31 16:59:46 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2001.12.31 16:59:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
 
========== LOP Check ==========
 
[2009.02.25 18:29:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DisplayTune
[2009.07.26 10:06:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2008.05.21 18:18:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Astonsoft
[2007.07.21 20:23:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2009.01.08 18:26:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2008.02.19 00:17:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elaborate Bytes
[2009.04.27 21:14:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution
[2008.02.19 00:16:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
[2009.04.23 19:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2007.06.29 22:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2007.04.20 14:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2009.12.07 23:41:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2005.08.12 14:28:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2009.01.19 14:08:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
[2005.08.17 14:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ACD Systems
[2005.08.11 23:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Acronis
[2009.11.23 22:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\AKVIS
[2009.12.07 15:37:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Azureus
[2007.07.21 14:06:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\BitTorrent
[2007.12.10 23:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\BOM
[2007.04.21 23:36:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
[2007.03.03 13:49:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Command & Conquer 3 Tiberium Wars Demo
[2010.04.04 18:34:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Copernic
[2008.02.11 21:37:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DAEMON Tools
[2007.10.20 13:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DAEMON Tools Pro
[2008.05.21 18:24:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DeepBurner
[2008.02.21 18:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DigiOnline GmbH
[2009.02.03 18:28:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DisplayTune
[2009.04.26 09:29:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\FileZilla
[2010.08.03 12:35:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\gp-Untis
[2010.03.01 20:36:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ImgBurn
[2009.07.26 10:00:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\IrfanView
[2006.06.15 20:19:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Jasc
[2008.04.25 15:03:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Leadertech
[2005.09.24 13:18:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\MAGIX
[2009.09.01 22:20:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\MindMapper 2008
[2010.09.02 19:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Miranda
[2006.04.14 23:16:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mp3tag
[2009.02.26 19:09:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\OpenOffice.org
[2008.09.06 10:52:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Opera
[2010.09.08 16:32:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Password Solutions
[2006.10.14 14:56:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\PPLive
[2009.07.14 12:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ppstream
[2009.04.27 21:04:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\RapidSolution
[2008.10.16 12:01:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\SanDisk
[2009.03.09 21:27:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\SlySoft
[2009.04.23 19:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Sony
[2005.11.05 20:07:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Steinberg
[2006.01.03 20:26:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\T-Online
[2009.01.21 18:52:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\TeamViewer
[2007.04.20 14:40:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Teleca
[2010.02.24 16:30:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\The Creative Assembly
[2010.07.06 13:14:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Thunderbird
[2005.08.12 14:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\TuneUp Software
[2008.02.12 20:54:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Vso
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2006.03.07 16:18:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ABBYY
[2005.08.17 14:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ACD Systems
[2005.08.11 23:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Acronis
[2008.04.05 14:12:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Adobe
[2008.01.05 11:53:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\AdobeUM
[2009.11.23 22:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\AKVIS
[2006.03.23 18:13:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Apple Computer
[2010.10.12 13:31:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Avira
[2009.12.07 15:37:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Azureus
[2007.07.21 14:06:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\BitTorrent
[2007.12.10 23:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\BOM
[2007.04.21 23:36:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
[2007.03.03 13:49:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Command & Conquer 3 Tiberium Wars Demo
[2010.04.04 18:34:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Copernic
[2008.02.02 11:18:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Creative
[2008.02.11 21:37:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DAEMON Tools
[2007.10.20 13:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DAEMON Tools Pro
[2008.05.21 18:24:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DeepBurner
[2008.02.21 18:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DigiOnline GmbH
[2009.02.03 18:28:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DisplayTune
[2007.01.06 09:11:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DivX
[2010.10.13 10:45:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\dvdcss
[2009.04.26 09:29:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\FileZilla
[2006.07.20 00:32:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Google
[2010.08.03 12:35:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\gp-Untis
[2009.02.05 23:16:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Hamachi
[2005.08.12 13:47:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Help
[2005.08.11 21:17:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Identities
[2010.03.01 20:36:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ImgBurn
[2008.04.25 15:01:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\InstallShield
[2008.02.12 16:20:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\InstallShield Installation Information
[2009.07.26 10:00:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\IrfanView
[2006.06.15 20:19:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Jasc
[2008.02.27 18:40:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Lavasoft
[2008.04.25 15:03:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Leadertech
[2008.04.25 15:04:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Logitech
[2005.08.12 16:14:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Macromedia
[2005.09.24 13:18:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\MAGIX
[2010.04.13 15:20:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Malwarebytes
[2009.04.23 20:46:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Media Player Classic
[2009.12.29 00:44:30 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft
[2009.09.01 22:20:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\MindMapper 2008
[2010.09.02 19:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Miranda
[2005.08.11 23:03:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla
[2006.04.14 23:16:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mp3tag
[2010.04.19 18:20:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\NVIDIA
[2009.02.26 19:09:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\OpenOffice.org
[2008.09.06 10:52:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Opera
[2010.09.08 16:32:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Password Solutions
[2006.10.14 14:56:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\PPLive
[2009.07.14 12:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ppstream
[2009.04.27 21:04:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\RapidSolution
[2006.10.14 15:18:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Real
[2008.10.16 12:01:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\SanDisk
[2007.04.09 23:13:34 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\SecuROM
[2010.10.12 08:54:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Skype
[2010.10.12 08:26:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\skypePM
[2009.03.09 21:27:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\SlySoft
[2009.04.23 19:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Sony
[2007.04.20 14:37:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Sony Ericsson
[2005.11.05 20:07:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Steinberg
[2005.08.23 14:14:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Sun
[2006.01.03 20:26:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\T-Online
[2006.01.22 11:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Talkback
[2010.10.12 19:53:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\teamspeak2
[2009.01.21 18:52:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\TeamViewer
[2007.04.20 14:40:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Teleca
[2010.02.24 16:30:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\The Creative Assembly
[2010.07.06 13:14:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Thunderbird
[2005.08.12 14:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\TuneUp Software
[2009.06.28 19:50:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\U3
[2008.05.21 20:35:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\vlc
[2008.02.12 20:54:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Vso
[2010.10.12 10:34:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Xfire
 
< %APPDATA%\*.exe /s >
[2005.08.12 15:26:37 | 000,015,872 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
[2006.04.15 18:41:31 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{178A1098-E15E-4FCF-8748-B613DC687FF0}\_18be6784.exe
[2006.04.15 18:41:31 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{178A1098-E15E-4FCF-8748-B613DC687FF0}\_294823.exe
[2010.05.01 15:32:22 | 000,000,766 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{347C6ECC-7DB2-49CC-A344-1FB0606DA662}\_18be6784.exe
[2010.05.01 15:32:22 | 000,000,766 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{347C6ECC-7DB2-49CC-A344-1FB0606DA662}\_294823.exe
[2010.05.01 15:32:22 | 000,000,766 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{347C6ECC-7DB2-49CC-A344-1FB0606DA662}\_4ae13d6c.exe
[2008.04.25 15:03:52 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2008.04.25 15:02:03 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{56918C0C-0D87-4CA6-92BF-4975A43AC719}\ARPPRODUCTICON.exe
[2008.04.25 15:03:10 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe
[2006.03.07 16:13:44 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}\ARPPRODUCTICON.exe
[2006.03.07 16:13:44 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}\ICON_FineReader.exe
[2006.03.07 16:13:44 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}\ICON_ScreenshotReader.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2002.08.29 03:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2002.08.29 03:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002.08.29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll
[2002.08.29 03:43:22 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2002.08.29 03:43:36 | 001,007,104 | ---- | M] (Microsoft Corporation) MD5=22B0A56E6C5847292437078B484EC61B -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\explorer.exe
[2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2002.08.29 03:43:26 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: NVATA.SYS  >
[2005.05.17 17:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\nvata.sys
[2005.05.17 17:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\ReinstallBackups\0030\DriverFiles\nvata.sys
 
< MD5 for: NVATABUS.SYS  >
[2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\drivers\nvatabus.sys
[2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvatabus.sys
[2004.09.02 09:24:38 | 000,082,816 | R--- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\nvatabus.sys
 
< MD5 for: NVGTS.SYS  >
[2008.08.18 19:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=EA98BFE4931BD13D747D647C1859796E -- C:\WINDOWS\system32\drivers\nvgts.sys
 
< MD5 for: SCECLI.DLL  >
[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll
[2002.08.29 03:43:30 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\system32\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2002.08.29 03:43:32 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2002.08.29 03:43:42 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe
[2002.08.29 03:43:42 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.18 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.18 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.02.11 19:14:45 | 000,716,272 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2005.08.11 05:01:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005.08.11 05:01:06 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005.08.11 05:01:06 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2010.02.01 20:35:19 | 000,015,371 | ---- | M] ()(C:\Dokumente und Einstellungen\btsv\Eigene Dateien\?Interpretationshilfe_Farben.pdf) -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\Interpretationshilfe_Farben.pdf
[2010.02.01 20:35:19 | 000,015,371 | ---- | C] ()(C:\Dokumente und Einstellungen\btsv\Eigene Dateien\?Interpretationshilfe_Farben.pdf) -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\Interpretationshilfe_Farben.pdf
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wtsapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wsock32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winspool.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winscard.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winlogon.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vct3216.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\uxtheme.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sxs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\svchost.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\smss.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shsvcs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\services.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sens.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\secur32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\schannel.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\psapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oodag.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netshell.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcrt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msutb.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msimg32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msiexec.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm32.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\midimap.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lsass.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\imm32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\processr.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\ohci1394.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nic1394.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mssmbios.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\ACPI.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CTSVCCDA.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctfmon.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\csrss.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cscdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\apphelp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\advapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\btsv\Startmenü\Programme\Autostart\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini:KAVICHS
@Alternate Data Stream - 48 bytes -> C:\WINDOWS:414D5E5B2C7E43DC
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshirda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wlnotify.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wintrust.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32spl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiavusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiaservc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webcheck.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32time.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vfwwdm32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\version.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\userenv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usbmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ups.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uniplat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unimdmat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unimdm.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsbyuv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\trkwks.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tlntsvr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\themeui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\termsrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stobject.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stdole32.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpsrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spoolss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sound.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smlogsvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sl_anet.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shmgrate.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shfolder.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdoclc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sessmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sensapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\seclogon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scesrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scecli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scardsvr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samsrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rundll32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regsvr32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rastls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rastapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasppp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\raschap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pstorsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psbase.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\progman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\profmap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pjlmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfproc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oodagrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olepro32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oledlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleaut32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oakley.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntshrui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\notepad.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netlogon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netdde.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ndptsp.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nddeapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncobjapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mydocs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msyuv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvidc32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp61.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mstlsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrle32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msprivs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msisip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msh263.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msh261.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msctf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaud32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msasn1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msadp32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPG4C32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mouse.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\modemui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mnmsrvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmsystem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfcsubs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc42loc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc42.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\locator.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\localspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lmhsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lhacm.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kmddsp.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keyboard.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javasup.vxd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iyuv_32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\irmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir50_32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir41_32.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir32_32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipsecsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipconf.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetpp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imapi.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imagehlp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imaadp32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ie4uinit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icmp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iccvid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icaapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iac25_32.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpzlnt04.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hidphone.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\h323.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventlog.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eumex4sp.tsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\duser.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drwtsn32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WSTCODEC.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WmXlCore.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WmVirHid.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WmBEnum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wanarp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vga.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\USBSTOR.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbohci.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbehci.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbccgp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usb8023.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\update.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ulisa.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\termdd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sysaudio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swmidi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swenum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\StreamIP.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SSHDRV62.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\sr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SONYPVU1.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SLIP.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sfhlp01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serial.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serenum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\secdrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\scsiport.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rootmdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\redbook.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdpdr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdpcdd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspti.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspptp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspppoe.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasl2tp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasirda.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasacd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ptilink.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\psched.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\prosync1.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\prohlp02.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\prodrv06.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\pciide.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\parport.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkfwd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkflt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nmnt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbios.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndiswan.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndisuio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndistapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NdisIP.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NABTSFEC.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSTEE.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSPQM.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSPCLOCK.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSKSSRV.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\msgpc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mrxdav.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LVSound2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\lvce.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LMouFlt2.Sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LHIDUSB.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LHIDFLT2.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\L8042pr2.Sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\isapnp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\irsir.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\irenum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\irda.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipsec.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipinip.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipfltdrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ip6fw.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\imapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\HIDSwvd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\GcKernel.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\ftdisk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\flpydisk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fdc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\drmkaud.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\DMusic.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmboot.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\disk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\detewecp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdrom.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\CCDECODE.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Capi20.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmarpc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\atapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\asyncmac.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\arp1394.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\afd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsrslvr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmserver.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmadmin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllhost.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrsrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMNCTR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comm.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comdlg32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnbjmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clipsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cisvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cfgmgr32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\certcli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1253.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1251.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1250.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browser.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browselc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootvid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\batmeter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\basesrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autochk.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\audiosrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asycfilt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asfsipc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\actxprxy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ACDV.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12kCUusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\regedit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\LOGI_MWX.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\$NtUninstallKB890859$\user32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Eigene Dateien\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Desktop\TeamSpeak 2 RC2.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Desktop\(E).lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini:KAVICHS
@Alternate Data Stream - 146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:054B9966
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\setupapi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\explorer.exe:KAVICHS

< End of report >
--- --- ---

glasnost 13.10.2010 19:39
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 13.10.10 12:11:33 - Run 2
OTL by OldTimer - Version 3.2.15.2    Folder = C:\Dokumente und Einstellungen\btsv\Desktop\MFTools
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = c:\Programme
Drive C: | 19,53 Gb Total Space | 4,66 Gb Free Space | 23,87% Space Free | Partition Type: NTFS
Drive E: | 100,08 Gb Total Space | 11,93 Gb Free Space | 11,92% Space Free | Partition Type: NTFS
Drive F: | 33,77 Gb Total Space | 20,78 Gb Free Space | 61,55% Space Free | Partition Type: NTFS
Drive H: | 172,79 Gb Total Space | 7,64 Gb Free Space | 4,42% Space Free | Partition Type: NTFS
Drive I: | 292,96 Gb Total Space | 18,11 Gb Free Space | 6,18% Space Free | Partition Type: NTFS
 
Computer Name: LUGL | User Name: btsv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "e:\Programme\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "e:\Programme\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [Winamp.Bookmark] -- "e:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "e:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "e:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Programme\Miranda IM\miranda32.exe" = F:\Programme\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"E:\Programme\Valve\Steam\Steam.exe" = E:\Programme\Valve\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"f:\Programme\BitTorrent\bittorrent.exe" = f:\Programme\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent -- File not found
"E:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = E:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- File not found
"I:\Programme\Unreal Tournament 3\Binaries\UT3.exe" = I:\Programme\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- File not found
"E:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = E:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)  -- ()
"I:\Programme\Ubisoft\Far Cry 2\bin\FarCry2.exe" = I:\Programme\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"I:\Programme\Ubisoft\Far Cry 2\bin\FC2Launcher.exe" = I:\Programme\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft)
"I:\Programme\Ubisoft\Far Cry 2\bin\FC2Editor.exe" = I:\Programme\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment)
"H:\Programme\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe" = H:\Programme\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:*:Enabled:Call of Juarez - Bound in Blood -- (Techland)
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"E:\Programme\Sony Ericsson\Update Service\Update Service.exe" = E:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"E:\Programme\Valve\Steam\SteamApps\common\empire total war\Empire.exe" = E:\Programme\Valve\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd)
"I:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = I:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"E:\Programme\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe" = E:\Programme\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe:*:Enabled:Office Password Recovery PRO -- File not found
"E:\Programme\Valve\Steam\SteamApps\common\dawn of war 2\DOW2.exe" = E:\Programme\Valve\Steam\SteamApps\common\dawn of war 2\DOW2.exe:*:Enabled:Warhammer® 40,000™: Dawn of War® II -- (THQ Canada Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01E9CBDA-5480-4FE8-BBC9-BE29BB8AB4C0}" =
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{06204E2A-6369-43ED-A9CF-49B5F49915FA}" = Twin Digital GamePad
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{178A1098-E15E-4FCF-8748-B613DC687FF0}" = MarkAble
"{1850E508-D6C3-4820-AD23-7F73A2BC606C}_is1" = Elcomsoft Password Recovery Studio
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A20BC22-8F21-4A2A-9F4A-E31FC0E5C7E3}" = ACDSee 6.0 PowerPack
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{226CA5FA-D90E-4B78-9325-2DDA68BA691A}" = Duden Korrektor PLUS 3
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{347C6ECC-7DB2-49CC-A344-1FB0606DA662}" = WW-Essensplaner
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3648253A-C2C4-4CFB-8BE5-381D1C638B94}" = GameSpy Comrade
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{4300EF0D-2041-4179-AFFF-21E01160740F}" = Eumex 504PC USB
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A684677-2EB8-41DF-941D-BEA07D50D545}" = Videoraptor
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4CE4B975-A5C1-43C0-A565-C00F0ABFC94C}" = PC-Bibliothek 3.0
"{52809086-618D-4F0B-8BF1-B75A5BB817A4}" = Sony Ericsson PC Suite
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{53480520-7555-470E-8C69-750B0472B4BB}" = O&O Defrag Professional Edition
"{53EF6570-21A4-47ED-A40A-E6470A5677A3}" = Studio 8
"{54971F17-9D16-4D43-95D6-3A86E3D20EDB}" = Office-Bibliothek 4.1
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5D956474-97AD-4E03-87F6-37F06437359E}" = MindMapper 2009
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68F19BCC-49D3-49FF-BAAC-A147C66A9710}" = AMD Power Monitor
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{80157B54-DB3E-4EE9-8AD8-63A905765FF4}_is1" = Opti Drive Control 1.47
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{93EC14D5-7AAA-4EAD-BB75-013817A96598}" = Logitech Gaming Software
"{9665B325-3F96-11D6-A1FA-000374890932}" = TuneUp Utilities 2003
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4729BF-0396-47EF-AA0B-3A04111F19F9}" = FightBoard Advanced 1.00
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Evaluation
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1" = PDF-XChange 4
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" =  Sansa Media Converter
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"5A46830178E35AB63403A85E361CCD6FA32C9078" = Windows-Treiberpaket - Sony Ericsson (seehcri) USB  (01/09/2008 1.1.0.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced RAR Password Recovery" = Advanced RAR Password Recovery (remove only)
"Advanced RAR Repair v1.0" = Advanced RAR Repair v1.0
"Anotha ID3 Editor" = Anotha ID3 Editor 1.51
"Anti-Twin 2009-04-29 20.45.46" = Anti-Twin (Installation 29.04.2009)
"AnyDVD" = AnyDVD
"ASAPI Update" = ASAPI Update
"Ashampoo Photo Optimizer FREE_is1" = Ashampoo Photo Optimizer FREE
"AudioConSole" = Creative-Audiokonsole
"Audiograbber" = Audiograbber 1.83 SE
"AutoGK" = Auto Gordian Knot 2.45
"Avi2Dvd" = Avi2Dvd 0.4.5 beta
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Azureus Vuze" = Azureus Vuze
"Bf2SP64 2.31" = Bf2SP64 2.31
"Biet-O-Matic v2.4.1" = Biet-O-Matic v2.4.1
"Boilsoft AVI to VCD SVCD DVD Converter_is1" = Boilosft AVI to VCD SVCD DVD Converter 3.61
"BSPlayer1" = BSPlayer
"CDBF - DBF Viewer and Editor_is1" = Version 1.45.01
"CDex" = CDex extraction audio
"Clean 5" = Clean 5
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Das Neue Dr.Brain Gehirn Jogging" = Das Neue Dr.Brain Gehirn Jogging
"DBF Viewer 2000" = DBF Viewer 2000 2.45
"Digitale Bibliothek 3" = Digitale Bibliothek 3
"DirectVobSub" = DirectVobSub (remove only)
"DVD Identifier_is1" = DVD Identifier
"eMule" = eMule
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.2.4
"fotocommunity" = fotocommunity
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"FreeFileSync" = FreeFileSync
"Game Jackal v4_is1" = Game Jackal v4.1.0.8 (32 bit)
"GameSpy Arcade" = GameSpy Arcade
"Geschichtslexikon" = Geschichtslexikon
"GUI for dvdauthor" = GUI for dvdauthor 1.04
"Hamachi" = Hamachi 1.0.3.0
"HD Tune_is1" = HD Tune 2.54
"HijackThis" = HijackThis 2.0.2
"Hollywood FX 4.6" = Pinnacle Hollywood FX 4.6
"hp deskjet 960c series" = hp deskjet 960c series (nur entfernen)
"iDump" = iDump v1.1.1
"ImgBurn" = ImgBurn
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{226CA5FA-D90E-4B78-9325-2DDA68BA691A}" = Duden Korrektor PLUS 3
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.5.5
"jv16 PowerTools_is1" = jv16 PowerTools 2007
"KeyView for Lotus" = KeyView for Lotus 97
"LabelEditor" = Label Editor
"MAGIX Foto Manager" = MAGIX Foto Manager
"MAGIX Music Manager" = MAGIX Music Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.0
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Miranda IM" = Miranda IM 0.9.4
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"Mp3tag" = Mp3tag v2.41
"MusicBrainz Picard" = MusicBrainz Picard 0.11
"MUSTEK 1200 CU v2.0a" = MUSTEK 1200 CU v2.0a
"Nero - Burning Rom!UninstallKey" = Ahead Nero - Burning Rom
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.0b
"PDFCreator Toolbar" = PDFCreator Toolbar
"Photo to Sketch Pro_is1" = Photo to Sketch Pro 3.6
"Picasa 3" = Picasa 3
"Product_Name" = sbPlus
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"SCHLECKER Foto-Digital-Service" = SCHLECKER Foto-Digital-Service
"SCOLA-Zeugnis 2008" = SCOLA-Zeugnis 2008 Dezember 2007
"SiSoftware Sandra Professional_is1" = SiSoftware Sandra Professional 2003
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"SUPER ©" = SUPER © Version 2008.bld.25 (Feb 5, 2008)
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"Untis 2011" = Untis 2011
"Update Service" = Update Service
"VLC media player" = VideoLAN VLC media player 0.8.6f
"VobSub" = VobSub v2.23 (Remove Only)
"WaveLabLite" = WaveLab Lite
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Weight Watchers MP5_is1" = Weight Watchers MP5
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Winamp 5.02 Deutsche Sprachdatei v14" = Deutsche Sprachdatei für Winamp 5.02 v14
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"WW3C" = WebWeaver Client
"Xfire" = Xfire (remove only)
"XMedia Recode" = XMedia Recode 2.0.5.3
"xp-AntiSpy" = xp-AntiSpy 3.94-2
"XpertVision_is1" = XpertVision 5.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"XVid;-)" = XVid;-)
"XviD_is1" = XviD MPEG-4 Video Codec
"XviDDec" = Nic's XviD Decoder
"ZoomPlayer" = Zoom Player (remove only)
"ZoomPlayerLang" = Zoom Player German language (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-746137067-583907252-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced PDF Password Recovery" = Advanced PDF Password Recovery
"Sansa Updater" = Sansa Updater
"Skat-Online V4" = Skat-Online V4
"Skat-Online V7" = Skat-Online V7
 
========== Last 10 Event Log Errors ==========
 
[ System Events ]
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Machine Debug Manager" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "O&O Defrag" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Game Jackal Server" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Sony Ericsson OMSI download service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 13.10.10 04:32:23 | Computer Name = LUGL | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 13.10.10 04:32:23 | Computer Name = LUGL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:  %%2
 
Error - 13.10.10 06:58:19 | Computer Name = LUGL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:  %%2
 
Error - 13.10.10 06:58:19 | Computer Name = LUGL | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
 
< End of report >
--- --- ---



Rest folgt...

markusg 13.10.2010 19:40
ok und dann gehts weiter :-)

glasnost 13.10.2010 22:00
So, hier ist noch der letzte fehlende Log.

markusg 14.10.2010 11:08
nutze dieses tool von kaspersky
Wie bekämpft man Schadprogramme Trojan-Spy.Win32.ZBot?

glasnost 14.10.2010 11:18
Habe ich gemacht, hat aber nichts gefunden. "1 Unhooked Action", ansonsten nichts.
Bin ich es jetzt los, oder?

markusg 14.10.2010 11:25
bitte nutze gmer und poste das log
http://www.trojaner-board.de/74908-a...t-scanner.html

glasnost 14.10.2010 12:06
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit quick scan 2010-10-14 13:04:13
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: e:\Temp\pxtdapod.sys


---- System - GMER 1.0.15 ----

SSDT spkw.sys ZwEnumerateKey [0xB7EC8CA2]
SSDT spkw.sys ZwEnumerateValueKey [0xB7EC9030]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A7561F8

---- EOF - GMER 1.0.15 ----

markusg 14.10.2010 12:10
jo und jetzt den vollständigen scan starten

glasnost 14.10.2010 18:43
Sorry, aber nach jetzt 6,5 h habe ich den scan abgebrochen. Leider konnte ich nicht mal das log sichern, da danach mein Rechner eingefroren war.
Hm. Wenn man bedenkt, wie viel Zeit man in die Scans steckt, dann frage ich mich, warum man nicht gleich neuinstalliert.

markusg 14.10.2010 18:59
weil die meisten das nicht wollen, aber wir können das machen, ist das sicherste. ich würde dir dann helfen beim vernünftigem absichern des systems.

glasnost 14.10.2010 19:19
Tja, ich habe im Moment keine Zeit, daher habe ich auch keine Lust auf eine format c Aktion. Außerdem habe ich mir festvorgenommen, erst alles platt zu machen, wenn ich win7 besitze und eine bessere Hardware. da aber kein Geld da ist, werde ich wohl oder übel noch einmal gmer über Nacht laufen lassen.
Erstmal Danke bis hierher, fahre morgen in den Urlaub und werde, falls der Scan fertig ist, diesen posten, bevor ich losfahre.
Würde mich aber interessieren, was Du mit Hilfe bei Sicherung meinst. Dachte bisher, dass ich nicht so schlecht gesichert bin und auch nicht total ahnungslos.

markusg 14.10.2010 19:36
naja n bissel könnte man da schon tun, sandboxie zb
ich bin ab übermorgen auch nicht da bis dienstag

glasnost 15.10.2010 07:13
So da ist der Log.upsGMER Logfile:
Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-10-15 07:26:26
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: e:\Temp\pxtdapod.sys


---- System - GMER 1.0.15 ----

SSDT      B8702706                                                                                                            ZwCreateKey
SSDT      B87026FC                                                                                                            ZwCreateThread
SSDT      B870270B                                                                                                            ZwDeleteKey
SSDT      B8702715                                                                                                            ZwDeleteValueKey
SSDT      spiq.sys                                                                                                            ZwEnumerateKey [0xB7EC8CA2]
SSDT      spiq.sys                                                                                                            ZwEnumerateValueKey [0xB7EC9030]
SSDT      B870271A                                                                                                            ZwLoadKey
SSDT      spiq.sys                                                                                                            ZwOpenKey [0xB7EAB0C0]
SSDT      B87026E8                                                                                                            ZwOpenProcess
SSDT      B87026ED                                                                                                            ZwOpenThread
SSDT      spiq.sys                                                                                                            ZwQueryKey [0xB7EC9108]
SSDT      spiq.sys                                                                                                            ZwQueryValueKey [0xB7EC8F88]
SSDT      B8702724                                                                                                            ZwReplaceKey
SSDT      B870271F                                                                                                            ZwRestoreKey
SSDT      B8702710                                                                                                            ZwSetValueKey

INT 0x62  ?                                                                                                                    8A758BF8
INT 0x63  ?                                                                                                                    8A4FBBF8
INT 0x73  ?                                                                                                                    8A75CBF8
INT 0x82  ?                                                                                                                    8A758BF8
INT 0xB4  ?                                                                                                                    8A4FBBF8

---- Kernel code sections - GMER 1.0.15 ----

.text    ntkrnlpa.exe!ZwCallbackReturn + 2D1C                                                                                8050391C 4 Bytes  CALL A508A947
?        spiq.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !
.text    USBPORT.SYS!DllUnload                                                                                                B7A2962C 5 Bytes  JMP 8A4FB1D8
.text    C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                            section is writeable [0xB4CD7380, 0x566445, 0xE8000020]
.text    atutsjoc.SYS                                                                                                        B4C5E384 1 Byte  [20]
.text    atutsjoc.SYS                                                                                                        B4C5E384 37 Bytes  [20, 00, 00, 68, 00, 00, 00, ...]
.text    atutsjoc.SYS                                                                                                        B4C5E3AA 24 Bytes  [00, 00, 20, 00, 00, E0, 00, ...]
.text    atutsjoc.SYS                                                                                                        B4C5E3C4 3 Bytes  [00, 00, 00]
.text    atutsjoc.SYS                                                                                                        B4C5E3C9 1 Byte  [00]
.text    ...                                                                                                                 
.text    C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0xB11B2300, 0x3ACC8, 0xE8000020]
.text    C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0xB224B300, 0x1B7E, 0xE8000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT      atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [B7EAC040] spiq.sys
IAT      atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [B7EAC13C] spiq.sys
IAT      atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                  [B7EAC0BE] spiq.sys
IAT      atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                          [B7EAC7FC] spiq.sys
IAT      atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                  [B7EAC6D2] spiq.sys
IAT      \SystemRoot\System32\Drivers\atutsjoc.SYS[HAL.dll!KfAcquireSpinLock]                                                0A64D90F
IAT      \SystemRoot\System32\Drivers\atutsjoc.SYS[HAL.dll!READ_PORT_UCHAR]                                                  046FD406
IAT      \SystemRoot\System32\Drivers\atutsjoc.SYS[HAL.dll!KeGetCurrentIrql]                                                  1672C31D
IAT      \SystemRoot\System32\Drivers\atutsjoc.SYS[HAL.dll!KfRaiseIrql]                                                      1879CE14
IAT      \SystemRoot\System32\Drivers\atutsjoc.SYS[HAL.dll!KfLowerIrql]                                                      3248ED2B
IAT      \SystemRoot\System32\Drivers\atutsjoc.SYS[HAL.dll!HalGetInterruptVector]                                            3C43E022
IAT      \SystemRoot\System32\Drivers\atutsjoc.SYS[HAL.dll!HalTranslateBusAddress]                                            2E5EF739
IAT      \SystemRoot\System32\Drivers\atutsjoc.SYS[HAL.dll!KeStallExecutionProcessor]                                        2055FA30
IAT      \SystemRoot\System32\Drivers\atutsjoc.SYS[HAL.dll!KfReleaseSpinLock]                                                EC01B79A
IAT      \SystemRoot\System32\Drivers\atutsjoc.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          E20ABA93
IAT      \SystemRoot\System32\Drivers\atutsjoc.SYS[HAL.dll!READ_PORT_USHORT]                                                  F017AD88
IAT      \SystemRoot\System32\Drivers\atutsjoc.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                          FE1CA081
IAT      \SystemRoot\System32\Drivers\atutsjoc.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                  D42D83BE
IAT      \SystemRoot\System32\Drivers\atutsjoc.SYS[WMILIB.SYS!WmiSystemControl]                                              C83B99AC
IAT      \SystemRoot\System32\Drivers\atutsjoc.SYS[WMILIB.SYS!WmiCompleteRequest]                                            C63094A5
IAT      \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [B7EBBD92] spiq.sys

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                              8A7561F8
Device    \Driver\usbohci \Device\USBPDO-0                                                                                    8A5BD1F8
Device    \Driver\dmio \Device\DmControl\DmIoDaemon                                                                            8A7CB1F8
Device    \Driver\dmio \Device\DmControl\DmConfig                                                                              8A7CB1F8
Device    \Driver\dmio \Device\DmControl\DmPnP                                                                                8A7CB1F8
Device    \Driver\dmio \Device\DmControl\DmInfo                                                                                8A7CB1F8
Device    \Driver\usbehci \Device\USBPDO-1                                                                                    8A5B91F8
Device    \Driver\sptd \Device\1436803402                                                                                      spiq.sys
Device    \Driver\prodrv06 \Device\ProDrv06                                                                                    E1D48408
Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                              8A75A1F8
Device    \Driver\Ftdisk \Device\HarddiskVolume2                                                                              8A75A1F8
Device    \Driver\Cdrom \Device\CdRom0                                                                                        8A59A1F8
Device    \Driver\Ftdisk \Device\HarddiskVolume3                                                                              8A75A1F8
Device    \Driver\Cdrom \Device\CdRom1                                                                                        8A59A1F8
Device    \Driver\Ftdisk \Device\HarddiskVolume4                                                                              8A75A1F8
Device    \Driver\NetBT \Device\NetBT_Tcpip_{E59E14FF-DF76-46C9-8F3A-7BC93E00911D}                                            8846C1F8
Device    \Driver\Ftdisk \Device\HarddiskVolume5                                                                              8A75A1F8
Device    \Driver\prohlp02 \Device\ProHlp02                                                                                    E18930B8
Device    \Driver\PCI_PNP8402 \Device\00000076                                                                                spiq.sys
Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                              8846C1F8
Device    \Driver\NetBT \Device\NetbiosSmb                                                                                    8846C1F8
Device    \Driver\nvata \Device\00000095                                                                                      8A7581F8
Device    \Driver\nvata \Device\00000095                                                                                      prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device    \Driver\nvata \Device\00000096                                                                                      8A7581F8
Device    \Driver\nvata \Device\00000096                                                                                      prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device                                                                                                                        ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device    \Driver\usbohci \Device\USBFDO-0                                                                                    8A5BD1F8
Device    \Driver\usbehci \Device\USBFDO-1                                                                                    8A5B91F8
Device    \Driver\nvata \Device\NvAta0                                                                                        8A7581F8
Device    \Driver\nvata \Device\NvAta0                                                                                        prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    884561F8
Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          884561F8
Device    \Driver\Ftdisk \Device\FtControl                                                                                    8A75A1F8
Device    \Driver\atutsjoc \Device\Scsi\atutsjoc1Port2Path0Target0Lun0                                                        8A377500
Device    \Driver\atutsjoc \Device\Scsi\atutsjoc1Port2Path0Target0Lun0                                                        sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device    \Driver\nvgts \Device\Scsi\nvgts1Port1Path1Target1Lun0                                                              8A7571F8
Device    \Driver\nvgts \Device\Scsi\nvgts1Port1Path1Target1Lun0                                                              prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device    \Driver\atutsjoc \Device\Scsi\atutsjoc1                                                                              8A377500
Device    \Driver\atutsjoc \Device\Scsi\atutsjoc1                                                                              sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device    \Driver\nvgts \Device\Scsi\nvgts1                                                                                    8A7571F8
Device    \Driver\nvgts \Device\Scsi\nvgts1                                                                                    prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device    \FileSystem\Cdfs \Cdfs                                                                                              884031F8

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  422843683
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  -111860077
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  3
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                  0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                              0x00 0x87 0x0C 0x91 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                  1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x30 0xCD 0xC6 0x8A ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  e:\Programme\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  2
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                              0x10 0xA0 0xED 0xBC ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                           
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x5B 0xBF 0x9D 0x65 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                     
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0xFF 0xCE 0xDF 0xF7 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)               
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                      0
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                  0x00 0x87 0x0C 0x91 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                      1
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x30 0xCD 0xC6 0x8A ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      e:\Programme\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      2
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0x10 0xA0 0xED 0xBC ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x5B 0xBF 0x9D 0x65 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xFF 0xCE 0xDF 0xF7 ...
Reg      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                               
Reg      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG06.00.00.01WORKSTATION                                3E9CBA167DC28B85924F2E4C070B45DD42C88F086154F578FBC35EB605E149685319D0E89C2C631FD38D710B4431E1755F2B7BC10ADF2549613817C3CB0BF0A04C2FD2525FEFD4EE6DCE073888CE6A550AB9EBDE4390E0055224176EDAFDDD22A0143D035582A3C60BAB466B29088F07C30CB200C5DB690EC542D002EDA0FC47DDC33D0F605B091B7081BBA3CC07F73823015B2D9E3A70EB498F692E19DE2E8F237E356FB7F6320570EEA641EEF73DB9D2B8A14F2FAA9C4979CEBA0640A544A025C43C7F6654C041F5597909618A6E03FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6679DB7CE019D40AA5CA2D97226D213B555BA7FD869164D67944D04184B552FDF62ECE9F6F71A33DE423D9932EE25F6B27FB237CECDA953056C5DEECC095C605C99327F00F2F586D91433DD32C572264249D95D94CFB2D161EB5B720D22DC8CAF703703BFCF9AAAD1179B40FDC49FAD66090E15F0277EC59FFD722AA6C9D84DB0F9DC70612C51688D982BBC3E1258A6F0E37AFDA821BFB93FC2E5759D9728BDAE7198864589B58DC60AAD96D0B81FAD2A26DEFA34737BBC357E08F6A78973FC6A31F34A7D4DB7EA2B038051C4264865CCBC0F3142348B60691AC0162F00BCAD17BC8A0552C09AD35EBB96B6602DFB73073D710A345D1F3CB72

---- EOF - GMER 1.0.15 ----
--- --- ---

markusg 15.10.2010 09:50
Lade SystemLook von jpshortstuff herunter und speichere das Tool auf dem Desktop.
http://jpshortstuff.247fixes.com/SystemLook.exe
Doppelklick auf die SystemLook.exe, um das Tool zu starten.
user von windows seven und vista rechtsklick und als admin ausführen.
kopiere ein:

:filefind
atutsjoc.SYS
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert, diese posten.

glasnost 15.10.2010 10:21
Wird gemacht, Commander!:)

SystemLook 04.09.10 by jpshortstuff
Log created at 11:19 on 15/10/2010 by btsv
Administrator - Elevation successful

========== filefind ==========

Searching for "atutsjoc.SYS "
No files found.

-= EOF =-

markusg 15.10.2010 10:31
avira
http://www.trojaner-board.de/54192-a...tellungen.html
avira 10 so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm.
klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten.

glasnost 25.10.2010 12:29
So, bin wieder da und habe über nacht antivir laufen lassen, morgens komme ich ins Arbeitszimmer und es wird keine Systemplatte mehr gefunden. Kabel habe ich schon ausgetauscht und man hört, dass die Platte auch anläuft. Nur zur Sicherheit: Kann daran Antivir mit den Änderungen der Einstellungen zu tun haben?

markusg 28.10.2010 13:00
mein computer war kaputt. normalerweise hat avira nichts damit zu tun, so was hab ich zu mindest noch nicht gehört.
was genau für fehlermeldungen gibt es?

glasnost 28.10.2010 16:34
Tja, gar keine, der rechner hat irgendwann in der Nach einen Neustart veranlasst, was an sich schon sehr komisch war. Morgends war dann keine Systemplatte mehr da! Wurde nicht mal mehr vom Bios gefunden.
Platte ausgetauscht und neues System drauf - nun gehts wieder. Trotzdem merkwürdig, zumal ich kein "klackern" oder sonst etwas höre, die Platte läuft auch an...

markusg 28.10.2010 16:51
und wenn du die platte jetzt als slafe anschließt, kannst du drauf zugreifen?

glasnost 28.10.2010 17:57
Unter xp nicht und bei win7 komme ich nur bis zum Laufwerk. Dann geht nichts mehr.
Allerdings habe ich sie mit eine USB-Adapter angeschlossen. Es klingt jetzt schon so, dass sie hakt.

markusg 28.10.2010 17:59
na dann ist sie wohl kaputt.
welches bs nutzt du jetzt? damit ich dir tipps zum absichern geben kann.

glasnost 28.10.2010 18:21
noch xp, warte auf win7 home premium,
gruß

markusg 28.10.2010 18:31
du kannst dich ja melden, wenn du win7 hast, dann helfe ich dir beim absichern, so machen wir uns net 2x die arbeit


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:55 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55