Hi all,
my XP System probabely is infected.
Symptom:
I cannot run or install any anti-virus software.
Any non-anti-virus software is executable.
I tried:
AVG, Avast, Malwaredestroyer, rkill, tdskiller, ...
OTL.exe is the only one that i can start.
I tried 2 boot CDs too.
Kaspersky 10 rescue disk had problems with a database...did not work.
Avira Rescue-Disk was running without problems but did not find any virus.
History:
First suspicious thing was that XP now 'detects' hundreds of SCSI controllers on every start and pops up hardware installation wizard infinitely.
I did not change any hardware components, except some USB devices. No SCSI controller.
Then i randomly used Wireshark an noticed that my PC was communicating with some IP in russia (whois). Though no programs were running. (currently not reproducable, i think it was 94.142.140.90)
Then tried to install anti-virus software....
an here i am.
Any help appreciated.
The source of infection is also something i very much would like to know.
greets, jo
here's the OTL.Txt quick-scan contents. (created with default settings):
-----
OTL logfile created on: 24.10.2014 12:31:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\picard\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 74,50% Memory free
3,72 Gb Paging File | 3,40 Gb Available in Paging File | 91,21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,61 Gb Total Space | 255,16 Gb Free Space | 54,80% Space Free | Partition Type: NTFS
Computer Name: ENTERPRI-B7D308 | User Name: picard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014.10.24 12:26:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\picard\Desktop\OTL.exe
PRC - [2013.04.02 05:27:32 | 000,079,872 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\9.2\bin\pg_ctl.exe
PRC - [2013.04.02 05:27:00 | 004,525,568 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\9.2\bin\postgres.exe
PRC - [2011.11.05 06:32:34 | 000,094,208 | ---- | M] (Adaptec Incorporated) -- C:\Programme\Adaptec\Adaptec Storage Manager\StorServ.exe
PRC - [2009.05.08 16:07:40 | 000,114,793 | ---- | M] (http://subversion.tigris.org/) -- C:\Programme\CollabNet Subversion Server\svnserve.exe
PRC - [2008.04.14 09:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011.08.24 22:30:50 | 000,065,024 | ---- | M] () -- C:\Programme\TortoiseGit\bin\zlib132.dll
MOD - [2011.07.18 23:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2009.04.27 23:49:26 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2001.07.31 09:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\Programme\LSBWebServer\Jetty-Service.exe -- (LSBWebServer)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\Programme\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Disabled | Stopped] -- C:\Programme\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - [2014.07.03 19:12:30 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.11.02 18:05:40 | 000,182,696 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013.07.03 00:15:41 | 000,535,320 | ---- | M] (Tanuki Software, Ltd.) [On_Demand | Stopped] -- C:\Programme\OPC-UA\Inductive Automation\Ignition\IgnitionGateway.exe -- (Ignition)
SRV - [2013.05.08 17:09:12 | 000,204,800 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\VisioControl\Jetty-Service.exe -- (VisioControl)
SRV - [2013.04.02 05:27:32 | 000,079,872 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Programme\PostgreSQL\9.2\bin\pg_ctl.exe -- (postgresql-9.2)
SRV - [2013.03.01 03:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [Disabled | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2011.11.05 06:32:34 | 000,094,208 | ---- | M] (Adaptec Incorporated) [Auto | Running] -- C:\Programme\Adaptec\Adaptec Storage Manager\StorServ.exe -- (AdaptecStorageManagerAgent)
SRV - [2010.11.27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.11.08 23:04:26 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009.05.08 16:07:40 | 000,114,793 | ---- | M] (http://subversion.tigris.org/) [Auto | Running] -- C:\Programme\CollabNet Subversion Server\svnserve.exe -- (CSVNsvnserve)
SRV - [2008.03.19 13:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Disabled | Stopped] -- C:\WINDOWS\system32\hasplms.exe -- (hasplms)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\picard\LOKALE~1\Temp\NTFS.sys -- (BS951220212)
DRV - [2014.09.09 18:34:28 | 000,741,488 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2014.09.09 18:32:52 | 000,127,584 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2014.09.09 18:32:52 | 000,117,272 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2014.09.09 18:32:52 | 000,105,472 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2014.05.16 15:24:52 | 000,095,520 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2014.03.19 03:27:24 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2014.03.19 03:27:24 | 000,088,832 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013.03.30 14:39:41 | 000,259,584 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\XHASP.sys -- (XHASP)
DRV - [2013.03.03 14:13:58 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2013.03.01 03:48:42 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2013.01.29 15:00:52 | 000,068,856 | ---- | M] (SYS TEC electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcanl4.sys -- (USBCANL4)
DRV - [2013.01.29 15:00:20 | 000,024,824 | ---- | M] (SYS TEC electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcanl2.sys -- (USBCANL2)
DRV - [2013.01.29 15:00:10 | 000,026,872 | ---- | M] (SYS TEC electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcanld.sys -- (USBCANLD)
DRV - [2013.01.29 14:59:54 | 000,034,040 | ---- | M] (SYS TEC electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcan.sys -- (USBCAN)
DRV - [2013.01.29 14:59:38 | 000,035,576 | ---- | M] (SYS TEC electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ucannet.sys -- (UCANNET)
DRV - [2010.11.08 23:04:26 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.12.15 09:20:56 | 000,061,440 | ---- | M] (Vyacheslav Frolov) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\com0com.sys -- (com0com)
DRV - [2009.03.30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008.03.18 16:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.02.11 16:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007.12.12 09:23:54 | 000,322,048 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\adp3132.sys -- (adp3132)
DRV - [2007.10.16 19:38:30 | 004,615,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007.03.06 13:27:00 | 000,058,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007.03.06 13:27:00 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007.02.16 02:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2006.11.02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005.11.07 19:10:00 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(WLAN)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\v18.0.2\components [2014.07.03 19:12:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\v18.0.2\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Programme\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
[2013.03.03 13:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Extensions
[2014.10.09 02:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\extensions
[2014.09.06 12:49:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.05.19 11:50:17 | 000,854,402 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\extensions\[email protected]
[2014.04.19 11:36:03 | 002,298,147 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\extensions\[email protected]
[2014.07.11 02:03:49 | 000,194,964 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\extensions\[email protected]
[2014.07.11 02:12:46 | 000,389,107 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\extensions\[email protected]
[2014.10.09 02:41:55 | 000,558,509 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi
[2014.07.03 19:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2014.07.03 19:12:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA}
[2014.07.03 19:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2014.07.03 19:12:33 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014.07.03 19:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\v18.0.2\extensions
[2014.07.03 19:12:21 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\v18.0.2\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014.07.03 19:12:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\v18.0.2\extensions\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google-aktuell\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google-aktuell\Chrome\Application\35.0.1916.153\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google-aktuell\Chrome\Application\35.0.1916.153\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java Platform SE 7 U45 (Enabled) = C:\Programme\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
O1 HOSTS File: ([2013.11.21 03:13:41 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1362307452276 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_43)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04BDE12A-8D68-4AD5-AE91-EFE53BB62713}: NameServer = 8.8.8.8,50.23.197.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D04F6895-5CD4-4A78-949A-182C27D560C3}: NameServer = 8.8.8.8,59.23.197.95
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.03.03 11:22:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{19c3e677-83f5-11e2-a442-00e04d77ee78}\Shell\AutoRun\command - "" = H:\PMBP_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014.10.24 12:21:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\picard\Desktop\OTL.exe
[2014.10.23 22:48:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014.10.23 14:59:56 | 004,181,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\picard\Desktop\tdsskiller(1).exe
[2014.10.23 14:58:02 | 001,944,824 | ---- | C] (Bleeping Computer, LLC) -- C:\Dokumente und Einstellungen\picard\Desktop\rkill.exe
[2014.10.19 00:09:13 | 000,000,000 | ---D | C] -- C:\cmdcons
[2014.10.19 00:05:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014.10.19 00:03:35 | 000,368,256 | ---- | C] (RegNow.com) -- C:\Dokumente und Einstellungen\picard\Desktop\Download_MaxSDDMnew (1).exe
[2014.10.19 00:00:34 | 000,368,256 | ---- | C] (RegNow.com) -- C:\Dokumente und Einstellungen\picard\Desktop\Download_MaxSDDMnew.exe
[2014.10.18 11:28:07 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2014.10.18 10:56:20 | 053,532,144 | ---- | C] (EMCO Software ) -- C:\Dokumente und Einstellungen\picard\Desktop\Kopie von malwaredestroyersetup.exe.msi
[2014.10.18 10:33:28 | 053,532,144 | ---- | C] (EMCO Software ) -- C:\Dokumente und Einstellungen\picard\Desktop\malwaredestroyersetup.exe
[2014.10.18 10:20:54 | 000,519,488 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\picard\Desktop\avastclear.com
[2014.10.18 09:37:43 | 091,906,368 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\picard\Desktop\v9-a-st.exe
[2014.10.18 09:29:01 | 030,408,704 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\picard\Desktop\avast_free_antivirus_setup_9.0.2021.exe.crdownload
[2014.10.18 01:35:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2014.10.18 01:33:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\picard\Desktop\avg
[2014.10.18 01:30:03 | 091,906,368 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\picard\Desktop\Kopie von avast_free_antivirus_setup_9_0_2021.exe
[2014.10.18 01:02:21 | 153,796,568 | ---- | C] (AVG Technologies) -- C:\Dokumente und Einstellungen\picard\Desktop\a_v_g_free_x86_all_2015_5315a8160.exe.exe
[2014.10.18 00:23:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Wireshark
[2014.10.18 00:21:23 | 091,906,368 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\picard\Desktop\avast_free_antivirus_setup_9_0_2021.exe
[2014.10.17 23:30:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinPcap
[2014.10.17 23:30:20 | 000,000,000 | ---D | C] -- C:\Programme\WinPcap
[2014.10.17 23:28:17 | 000,000,000 | ---D | C] -- C:\Programme\Wireshark
[2014.10.17 23:06:25 | 000,069,880 | ---- | C] (SYS TEC electronic GmbH) -- C:\WINDOWS\System32\drivers\usbcanl5.sys
[2014.10.17 23:06:25 | 000,068,856 | ---- | C] (SYS TEC electronic GmbH) -- C:\WINDOWS\System32\drivers\usbcanl4.sys
[2014.10.17 23:06:25 | 000,061,176 | ---- | C] (SYS TEC electronic GmbH) -- C:\WINDOWS\System32\drivers\usbcanl21.sys
[2014.10.17 23:06:25 | 000,046,328 | ---- | C] (SYS TEC electronic GmbH) -- C:\WINDOWS\System32\drivers\usbcanl3.sys
[2014.10.17 23:06:25 | 000,035,576 | ---- | C] (SYS TEC electronic GmbH) -- C:\WINDOWS\System32\drivers\ucannet.sys
[2014.10.17 23:06:25 | 000,034,040 | ---- | C] (SYS TEC electronic GmbH) -- C:\WINDOWS\System32\drivers\usbcan.sys
[2014.10.17 23:06:25 | 000,026,872 | ---- | C] (SYS TEC electronic GmbH) -- C:\WINDOWS\System32\drivers\usbcanld.sys
[2014.10.17 23:06:25 | 000,024,824 | ---- | C] (SYS TEC electronic GmbH) -- C:\WINDOWS\System32\drivers\usbcanl2.sys
[2014.10.17 23:06:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\USB-CANmodul Utilities
[2014.10.17 01:34:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\picard\Desktop\dkb-oktober
[2014.10.13 23:02:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\picard\Desktop\ba
[2014.10.09 02:31:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\picard\Desktop\re
[2014.10.08 04:39:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\picard\Desktop\testdll-141008
[2014.10.07 22:22:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\picard\Desktop\testdll
[2014.10.01 16:57:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Visual Studio 2010 Express
[2014.10.01 16:55:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\symbols
[2014.10.01 16:55:19 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SDKs
[2014.10.01 16:55:19 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Merge Modules
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2014.10.24 12:26:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\picard\Desktop\OTL.exe
[2014.10.24 11:48:48 | 000,581,544 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2014.10.24 11:48:48 | 000,558,412 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014.10.24 11:48:48 | 000,125,818 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2014.10.24 11:48:48 | 000,108,944 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014.10.24 11:44:51 | 000,051,282 | ---- | M] () -- C:\WINDOWS\StorShMem-512-0-evt
[2014.10.24 11:44:39 | 000,124,172 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2014.10.24 11:44:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014.10.24 11:44:32 | 000,135,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014.10.23 15:31:14 | 000,011,936 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014.10.23 15:00:24 | 004,181,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\picard\Desktop\tdsskiller(1).exe
[2014.10.23 14:58:09 | 001,944,824 | ---- | M] (Bleeping Computer, LLC) -- C:\Dokumente und Einstellungen\picard\Desktop\rkill.exe
[2014.10.23 12:54:03 | 000,002,183 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Desktop\integrallenker.jpeg
[2014.10.23 12:30:32 | 000,020,117 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2014.10.23 01:01:12 | 000,011,068 | ---- | M] () -- C:\WINDOWS\System32\CFG951220212
[2014.10.19 00:09:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014.10.19 00:03:35 | 000,368,256 | ---- | M] (RegNow.com) -- C:\Dokumente und Einstellungen\picard\Desktop\Download_MaxSDDMnew (1).exe
[2014.10.19 00:00:35 | 000,368,256 | ---- | M] (RegNow.com) -- C:\Dokumente und Einstellungen\picard\Desktop\Download_MaxSDDMnew.exe
[2014.10.18 20:43:37 | 642,560,000 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Desktop\rescue-system.iso
[2014.10.18 19:59:07 | 000,110,106 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Desktop\imst-landeck.pdf
[2014.10.18 16:29:07 | 338,690,048 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_1032.iso (1).crdownload
[2014.10.18 16:29:07 | 338,686,652 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_1032 (1).iso.crdownload.iso
[2014.10.18 16:26:04 | 306,671,616 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_10.iso
[2014.10.18 12:10:46 | 000,011,878 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2014.10.18 12:05:35 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2014.10.18 11:15:58 | 087,018,856 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_1032.iso.crdownload
[2014.10.18 10:40:45 | 053,532,144 | ---- | M] (EMCO Software ) -- C:\Dokumente und Einstellungen\picard\Desktop\malwaredestroyersetup.exe
[2014.10.18 10:40:45 | 053,532,144 | ---- | M] (EMCO Software ) -- C:\Dokumente und Einstellungen\picard\Desktop\Kopie von malwaredestroyersetup.exe.msi
[2014.10.18 10:21:18 | 000,519,488 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\picard\Desktop\avastclear.com
[2014.10.18 09:51:00 | 091,906,368 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\picard\Desktop\v9-a-st.exe
[2014.10.18 09:29:01 | 030,408,704 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\picard\Desktop\avast_free_antivirus_setup_9.0.2021.exe.crdownload
[2014.10.18 01:22:47 | 153,796,568 | ---- | M] (AVG Technologies) -- C:\Dokumente und Einstellungen\picard\Desktop\a_v_g_free_x86_all_2015_5315a8160.exe.exe
[2014.10.18 00:33:52 | 091,906,368 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\picard\Desktop\Kopie von avast_free_antivirus_setup_9_0_2021.exe
[2014.10.18 00:33:52 | 091,906,368 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\picard\Desktop\avast_free_antivirus_setup_9_0_2021.exe
[2014.10.17 23:53:32 | 004,609,376 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Desktop\94.142.140.90.pcapng
[2014.10.08 05:14:49 | 000,004,234 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Desktop\lamtec32-28.bmp
[2014.10.08 04:35:57 | 000,086,962 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Desktop\testdll.2.zip
[2014.10.08 02:34:04 | 000,084,549 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Desktop\testdll.zip
[2014.10.02 00:31:50 | 000,002,269 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Eigene Dateien\new02.xcf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2014.10.23 12:54:02 | 000,002,183 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Desktop\integrallenker.jpeg
[2014.10.23 12:30:32 | 000,020,117 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2014.10.19 00:09:17 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014.10.19 00:09:14 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2014.10.18 19:58:33 | 000,110,106 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Desktop\imst-landeck.pdf
[2014.10.18 19:54:22 | 642,560,000 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Desktop\rescue-system.iso
[2014.10.18 15:06:13 | 306,671,616 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_10.iso
[2014.10.18 13:49:02 | 338,690,048 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_1032.iso (1).crdownload
[2014.10.18 12:31:54 | 338,686,652 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_1032 (1).iso.crdownload.iso
[2014.10.18 11:04:07 | 087,018,856 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_1032.iso.crdownload
[2014.10.17 23:53:32 | 004,609,376 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Desktop\94.142.140.90.pcapng
[2014.10.17 23:28:24 | 000,001,465 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Wireshark.lnk
[2014.10.08 05:13:37 | 000,004,234 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Desktop\lamtec32-28.bmp
[2014.10.08 04:35:56 | 000,086,962 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Desktop\testdll.2.zip
[2014.10.08 02:34:04 | 000,084,549 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Desktop\testdll.zip
[2014.10.02 00:31:50 | 000,002,269 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Eigene Dateien\new02.xcf
[2014.07.19 00:20:22 | 000,027,296 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2014.05.01 20:06:44 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.04.30 19:47:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2014.04.30 19:47:48 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2014.04.30 19:47:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2014.04.30 19:47:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2014.04.30 19:47:46 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2014.04.17 12:12:45 | 001,755,400 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1343024091-287218729-682003330-1003-0.dat
[2014.04.17 12:12:45 | 000,170,638 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2014.04.05 18:25:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2014.03.24 21:07:48 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\lmd010util.exe
[2014.02.06 02:43:44 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\midas.dll
[2013.10.19 00:31:55 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2013.10.17 23:50:00 | 000,032,768 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\EEPROM_HP.BIN
[2013.06.23 12:51:01 | 000,001,447 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\.h2.server.properties
[2013.05.21 10:28:35 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2013.05.21 10:28:35 | 000,020,894 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2013.04.11 10:57:46 | 000,000,937 | -H-- | C] () -- C:\Dokumente und Einstellungen\picard\.gitk
[2013.04.11 09:37:18 | 000,000,117 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\.gitconfig
[2013.03.30 15:22:05 | 001,183,089 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2013.03.30 15:22:05 | 000,159,765 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2013.03.30 14:40:00 | 000,004,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\A3396D81.bin
[2013.03.30 14:38:52 | 000,259,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\XHASP.sys
[2013.03.19 03:43:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.03.03 11:34:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2013.03.03 11:32:51 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2013.03.03 11:24:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013.03.03 11:19:35 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013.03.03 11:14:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013.03.03 11:13:47 | 000,135,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.03.01 03:47:36 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008.04.14 09:00:00 | 000,000,242 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\PBS951220212.ini
[2008.04.14 09:00:00 | 000,000,242 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\PBS951220212.ini
========== ZeroAccess Check ==========
[2013.03.06 02:19:44 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 09:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 09:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.04.01 22:54:06 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2014.05.04 12:30:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2014.10.18 10:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2013.09.27 23:19:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Navigator
[2014.05.30 22:25:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2014.10.17 07:33:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\AIMP3
[2013.04.01 23:04:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Canon
[2014.05.04 12:30:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\elsterformular
[2014.07.29 04:50:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\FileZilla
[2013.03.03 13:56:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Foxit
[2013.03.03 11:43:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\FreeCommander
[2013.05.19 17:06:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\ImgBurn
[2013.09.05 14:26:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\ISTool
[2014.06.11 03:04:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Lamtec
[2013.03.03 13:52:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mael
[2014.04.30 01:18:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\MPC-HC
[2013.09.27 23:17:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Navigator
[2013.03.03 16:11:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\NetBeans
[2013.03.03 11:56:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Notepad++
[2013.03.20 01:03:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\OpenOffice.org
[2013.06.14 10:33:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\PacificPoker
[2013.03.03 14:06:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\pdfforge
[2013.05.08 22:59:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\postgresql
[2014.05.30 22:39:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Samsung
[2013.03.03 14:17:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Subversion
[2014.10.17 23:06:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\SYSTEC-electronic
[2013.03.03 17:12:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Thunderbird
[2013.03.03 14:35:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\TrueCrypt
[2014.10.18 00:24:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Wireshark
[2014.07.29 04:18:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\WSOP.com
========== Purity Check ==========
< End of report >