Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Log-Analyse und Auswertung

Log-Analyse und Auswertung


Log-Analyse und Auswertung: Log-Analyse und Auswertung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 14.01.2012, 13:02   #1
tippis
 
Log-Analyse und Auswertung - Standard

Log-Analyse und Auswertung


OTL logfile created on: 14.01.2012 12:48:12 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lilly\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 65,66% Memory free
6,49 Gb Paging File | 5,19 Gb Available in Paging File | 79,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 270,45 Gb Total Space | 204,09 Gb Free Space | 75,46% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 81,79 Gb Free Space | 83,75% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 232,75 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Drive F: | 39,60 Gb Total Space | 39,50 Gb Free Space | 99,75% Space Free | Partition Type: NTFS
Drive G: | 98,64 Gb Total Space | 64,56 Gb Free Space | 65,45% Space Free | Partition Type: NTFS
Drive H: | 98,63 Gb Total Space | 59,70 Gb Free Space | 60,53% Space Free | Partition Type: NTFS
Drive I: | 135,74 Gb Total Space | 64,00 Gb Free Space | 47,15% Space Free | Partition Type: NTFS
Drive J: | 102,77 Gb Total Space | 78,51 Gb Free Space | 76,39% Space Free | Partition Type: NTFS
Drive K: | 97,66 Gb Total Space | 73,00 Gb Free Space | 74,75% Space Free | Partition Type: NTFS
Drive L: | 97,66 Gb Total Space | 97,55 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
Drive M: | 97,66 Gb Total Space | 97,55 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
Drive N: | 3,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive O: | 14,64 Gb Total Space | 11,48 Gb Free Space | 78,40% Space Free | Partition Type: FAT32
Drive P: | 15,12 Gb Total Space | 14,99 Gb Free Space | 99,13% Space Free | Partition Type: FAT32

Computer Name: LILLY-PC | User Name: Lilly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.01.14 12:47:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lilly\Downloads\OTL.exe
PRC - [2012.01.05 19:48:43 | 000,246,272 | -HS- | M] () -- C:\Users\Lilly\AppData\Local\Temp\sysdown .exe
PRC - [2012.01.02 21:14:17 | 000,127,040 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.7\ICQ.exe
PRC - [2011.11.10 04:11:50 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.11.10 04:11:20 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.07.28 20:18:59 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 22:29:12 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2010.11.20 22:29:11 | 001,169,224 | -HS- | M] (Microsoft Corporation) -- C:\Windows\Temp\svhost.exe
PRC - [2010.10.05 21:26:46 | 000,129,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
PRC - [2010.04.14 20:45:22 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeacoms.exe
PRC - [2009.07.14 02:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe
PRC - [2009.06.04 00:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2009.06.04 00:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012.01.12 03:08:36 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll
MOD - [2012.01.12 03:02:13 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012.01.12 03:02:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2012.01.05 19:48:43 | 000,246,272 | -HS- | M] () -- C:\Users\Lilly\AppData\Local\Temp\sysdown .exe
MOD - [2011.12.28 14:10:07 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll
MOD - [2011.12.28 14:09:04 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011.12.28 14:08:45 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011.12.28 14:08:45 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2011.12.28 14:08:34 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011.12.28 14:08:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011.12.28 14:08:18 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011.12.28 14:07:00 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.12.28 14:00:18 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.12.28 14:00:07 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.12.28 14:00:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.12.28 14:00:02 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.12.28 13:59:57 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.11.09 22:10:38 | 000,369,152 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.08.23 18:58:06 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2009.03.26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL
MOD - [2006.06.09 15:20:04 | 000,003,072 | ---- | M] () -- C:\Windows\CTXFIGER.DLL


========== Win32 Services (SafeList) ==========

SRV - [2012.01.10 18:26:35 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2011.12.26 19:58:06 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.12.23 19:41:27 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2011.12.23 19:33:33 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011.11.10 04:11:20 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.06.29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.04.14 20:45:22 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeacoms.exe -- (lxea_device)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - [2012.01.09 18:54:28 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012.01.09 18:54:28 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2012.01.02 21:23:48 | 000,428,088 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.12.23 19:22:16 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011.11.10 04:44:12 | 008,913,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.11.10 03:12:20 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.10.17 18:40:44 | 000,085,520 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.11.20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010.11.20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\terminpt.sys -- (terminpt)
DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010.06.09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010.04.22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.06.04 02:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009.06.04 02:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009.06.04 02:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009.06.04 02:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009.06.04 02:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009.06.04 02:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009.06.04 02:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009.06.04 02:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009.06.04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009.06.04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009.06.04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009.06.04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009.06.04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009.06.04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2005.08.17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005.08.17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005.08.17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 1B 3E 21 A0 C1 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011.12.23 19:41:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011.12.23 19:41:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011.12.23 19:41:27 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012.01.14 12:49:21 | 000,000,193 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 virustotal.com
O1 - Hosts: 127.0.0.1 vscan.novirusthanks.org
O1 - Hosts: 127.0.0.1 irusscan.jotti.org
O1 - Hosts: 127.0.0.1 virscan.org
O1 - Hosts: 127.0.0.1 www.virus-trap.org
O1 - Hosts: 127.0.0.1 www.filterbit.com
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Service Agent] C:\Windows\System32\agl23s.exe ()
O4 - HKLM..\Run: [WindowsUpdate] C:\Google.exe File not found
O4 - HKLM..\Run: [WindowsUpdateService] WindowsUpdateService.exe File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Microsoft] C:\Users\Lilly\AppData\Roaming\Microsoft\service.exe (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile)
O4 - HKCU..\Run: [rundll32] C:\Users\Lilly\AppData\Local\Temp\rundll32 .exe File not found
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [sysdown] C:\Users\Lilly\AppData\Local\Temp\sysdown .exe ()
O4 - HKCU..\Run: [Windows Service Agent] C:\Windows\System32\agl23s.exe ()
O4 - HKCU..\Run: [WindowsUpdate] C:\Google.exe File not found
O4 - HKCU..\Run: [WinUpdtr] C:\Users\Lilly\AppData\Roaming\WinUpdtr\botables.exe (Don HO don.h@free.fr)
O4 - HKLM..\RunServices: [Windows Service Agent] C:\Windows\System32\agl23s.exe ()
O4 - Startup: C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe ()
O4 - Startup: C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sysdown .exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Lilly\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lilly\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6532558-479D-4DA7-8292-9951C32A15CE}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) -C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.13 10:58:45 | 000,000,000 | ---D | M] - H:\Auto NEU -- [ NTFS ]
O33 - MountPoints2\O\Shell - "" = AutoRun
O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.01.11 19:42:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.11 19:42:49 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.11 19:42:49 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.01.10 19:07:17 | 000,516,096 | ---- | C] (ashampoo GmbH & Co. KG ) -- C:\Users\Lilly\AppData\Roaming\CDC6.exe
[2012.01.10 18:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2012.01.10 18:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia Shared
[2012.01.10 18:26:31 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70.dll
[2012.01.10 18:26:31 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp70.dll
[2012.01.10 18:26:31 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll
[2012.01.10 18:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
[2012.01.10 18:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia
[2012.01.10 18:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Macromedia
[2012.01.10 18:14:54 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\FileZilla
[2012.01.10 18:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012.01.10 18:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012.01.09 20:59:39 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.01.09 20:50:50 | 000,516,096 | ---- | C] (ashampoo GmbH & Co. KG ) -- C:\Users\Lilly\AppData\Roaming\66A0.exe
[2012.01.09 18:54:28 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2012.01.09 18:54:28 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2012.01.09 18:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2012.01.09 18:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
[2012.01.09 18:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2012.01.09 12:59:01 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\WinRAR
[2012.01.09 12:59:01 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.01.09 12:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.01.09 12:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.01.09 12:55:24 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
[2012.01.09 12:55:15 | 000,000,000 | ---D | C] -- C:\Flashtool
[2012.01.07 21:44:17 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\ImgBurn
[2012.01.07 21:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012.01.07 21:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012.01.07 19:38:33 | 000,000,000 | ---D | C] -- C:\Users\Lilly\.dvdcss
[2012.01.07 19:17:14 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\vlc
[2012.01.07 19:00:29 | 000,230,962 | ---- | C] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp03402.exe
[2012.01.07 19:00:18 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Local\MPlayer
[2012.01.07 18:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.01.07 18:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.01.07 18:59:29 | 000,544,656 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.01.07 18:59:29 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.01.07 18:59:29 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.01.07 18:59:29 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.01.07 18:59:23 | 000,230,962 | ---- | C] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp00670.exe
[2012.01.07 18:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.01.07 18:58:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2012.01.07 18:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS
[2012.01.07 18:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server
[2012.01.07 18:40:22 | 000,230,962 | ---- | C] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp82133.exe
[2012.01.07 18:11:54 | 000,230,962 | ---- | C] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp34854.exe
[2012.01.07 18:04:14 | 000,230,962 | ---- | C] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp06121.exe
[2012.01.06 19:22:13 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\DVDVideoSoft
[2012.01.06 19:22:07 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.06 19:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.01.06 19:22:03 | 000,000,000 | ---D | C] -- C:\Users\Lilly\Documents\DVDVideoSoft
[2012.01.06 19:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.01.06 19:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.01.05 12:26:27 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\WinUpdtr
[2012.01.05 12:26:24 | 000,785,920 | ---- | C] (Don HO don.h@free.fr) -- C:\botables.exe
[2012.01.02 21:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.01.02 21:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012.01.02 21:23:10 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\DAEMON Tools Lite
[2012.01.02 21:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.01.02 21:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7
[2012.01.02 21:14:20 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\ICQ
[2012.01.02 21:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.7
[2011.12.28 16:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2011.12.28 13:16:28 | 000,000,000 | ---D | C] -- C:\Users\Lilly\Documents\ConvertXToDVD
[2011.12.28 13:15:11 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Lilly\AppData\Roaming\pcouffin.sys
[2011.12.28 13:15:10 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\Vso
[2011.12.28 13:15:10 | 000,000,000 | ---D | C] -- C:\Users\Lilly\Documents\PcSetup
[2011.12.28 13:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2011.12.28 13:15:07 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc1dmod.dll
[2011.12.28 13:15:07 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2011.12.28 13:15:07 | 000,273,408 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\Pncrt.dll
[2011.12.28 13:15:07 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv43260.dll
[2011.12.28 13:15:07 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv33260.dll
[2011.12.28 13:15:07 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv23260.dll
[2011.12.28 13:15:07 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\sipr3260.dll
[2011.12.28 13:15:07 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\cook3260.dll
[2011.12.28 13:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\VSO
[2011.12.28 13:11:16 | 000,000,000 | ---D | C] -- C:\Users\Lilly\Desktop\Der Grinch 1080p
[2011.12.28 13:07:38 | 000,000,000 | ---D | C] -- C:\Users\Lilly\Desktop\Big Daddy 1080p
[2011.12.28 13:07:21 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\DYA_GMGSLTBCQOCCSBQMB
[2011.12.28 13:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\DYA_GMGSLTBCQOCCSBQMB
[2011.12.26 20:32:50 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\Macromedia
[2011.12.26 20:32:48 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.12.26 20:19:23 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Local\Adobe
[2011.12.26 20:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011.12.26 20:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.12.26 20:00:47 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\Adobe
[2011.12.26 19:59:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011.12.26 19:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011.12.26 19:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2011.12.26 19:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark
[2011.12.26 19:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\lx_Cats
[2011.12.26 19:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.12.26 19:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark S300-S400 Series
[2011.12.26 19:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark
[2011.12.26 03:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011.12.25 03:00:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.25 03:00:48 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.25 03:00:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.25 03:00:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.25 03:00:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.25 03:00:45 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.24 09:28:31 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Local\ScriptPower OHG
[2011.12.24 09:28:31 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Local\CrashRpt
[2011.12.24 09:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.12.24 09:28:02 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011.12.24 09:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLoad
[2011.12.24 09:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\iLoad
[2011.12.24 09:27:39 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\Paloma Networks, Inc
[2011.12.24 09:26:29 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.24 09:26:28 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011.12.24 09:26:28 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011.12.24 09:26:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.24 09:26:14 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.24 09:26:13 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.24 09:26:12 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.24 09:26:11 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.23 19:45:32 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\Creative
[2011.12.23 19:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2011.12.23 19:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared
[2011.12.23 19:33:22 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2011.12.23 19:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2011.12.23 19:32:55 | 000,102,400 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\cttele32.dll
[2011.12.23 19:32:49 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011.12.23 19:32:49 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011.12.23 19:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011.12.23 19:31:45 | 000,020,480 | ---- | C] (Creative Technology Limited) -- C:\Windows\INRESGER.DLL
[2011.12.23 19:31:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\Data
[2011.12.23 19:31:38 | 022,691,984 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\AppSetup.exe
[2011.12.23 19:31:37 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011.12.23 19:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011.12.23 19:30:00 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\ATI
[2011.12.23 19:30:00 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Local\ATI
[2011.12.23 19:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.12.23 19:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011.12.23 19:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011.12.23 19:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.12.23 19:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011.12.23 19:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011.12.23 19:26:39 | 000,000,000 | ---D | C] -- C:\ATI
[2011.12.23 19:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2011
[2011.12.23 19:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011.12.23 19:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.12.23 19:22:16 | 000,488,536 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011.12.23 19:21:33 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011.12.23 19:16:59 | 000,000,000 | R--D | C] -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.12.23 19:16:59 | 000,000,000 | R--D | C] -- C:\Users\Lilly\Searches
[2011.12.23 19:16:59 | 000,000,000 | R--D | C] -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.12.23 19:16:52 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\Identities
[2011.12.23 19:16:50 | 000,000,000 | R--D | C] -- C:\Users\Lilly\Contacts
[2011.12.23 19:16:44 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Local\VirtualStore
[2011.12.23 19:16:43 | 000,000,000 | --SD | C] -- C:\Users\Lilly\AppData\Roaming\Microsoft
[2011.12.23 19:16:43 | 000,000,000 | R--D | C] -- C:\Users\Lilly\Videos
[2011.12.23 19:16:43 | 000,000,000 | R--D | C] -- C:\Users\Lilly\Saved Games
[2011.12.23 19:16:43 | 000,000,000 | R--D | C] -- C:\Users\Lilly\Pictures
[2011.12.23 19:16:43 | 000,000,000 | R--D | C] -- C:\Users\Lilly\Music
[2011.12.23 19:16:43 | 000,000,000 | R--D | C] -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.12.23 19:16:43 | 000,000,000 | R--D | C] -- C:\Users\Lilly\Links
[2011.12.23 19:16:43 | 000,000,000 | R--D | C] -- C:\Users\Lilly\Favorites
[2011.12.23 19:16:43 | 000,000,000 | R--D | C] -- C:\Users\Lilly\Downloads
[2011.12.23 19:16:43 | 000,000,000 | R--D | C] -- C:\Users\Lilly\Documents
[2011.12.23 19:16:43 | 000,000,000 | R--D | C] -- C:\Users\Lilly\Desktop
[2011.12.23 19:16:43 | 000,000,000 | R--D | C] -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Vorlagen
[2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\AppData\Local\Verlauf
[2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\AppData\Local\Temporary Internet Files
[2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Startmenü
[2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\SendTo
[2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Recent
[2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Netzwerkumgebung
[2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Lokale Einstellungen
[2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Documents\Eigene Videos
[2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Documents\Eigene Musik
[2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Eigene Dateien
[2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Documents\Eigene Bilder
[2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Druckumgebung
[2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Cookies
[2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\AppData\Local\Anwendungsdaten
[2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Anwendungsdaten
[2011.12.23 19:16:43 | 000,000,000 | -H-D | C] -- C:\Users\Lilly\AppData
[2011.12.23 19:16:43 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Local\Temp
[2011.12.23 19:16:43 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Local\Microsoft
[2011.12.23 19:16:43 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\Media Center Programs
[2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.12.23 19:16:29 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011.12.23 18:33:21 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011.12.23 18:33:16 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2011.12.23 18:31:49 | 000,000,000 | -HSD | C] -- C:\Boot
[2010.04.14 20:45:24 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxeaih.exe
[2010.04.14 20:45:22 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeacoms.exe
[2010.04.14 20:45:22 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeacfg.exe
[2010.04.13 19:41:34 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeacoin.dll
[2009.12.09 19:47:50 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxeapmui.dll
[2009.12.09 19:43:14 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxeaserv.dll
[2009.12.09 19:41:22 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeahbn3.dll
[2009.12.09 19:40:12 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxeausb1.dll
[2009.12.09 19:37:34 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxeahcp.dll
[2009.12.09 19:36:32 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxealmpm.dll
[2009.12.09 19:35:50 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeaiesc.dll
[2009.12.09 19:35:44 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeacomc.dll
[2009.12.09 19:35:32 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeainpa.dll
[2009.06.04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009.06.04 00:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.01.14 12:50:04 | 000,000,193 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.01.14 12:47:12 | 000,032,746 | ---- | M] () -- C:\Users\Lilly\Desktop\85104-otl-otlogfile-by-oldtimer.htm
[2012.01.14 12:45:58 | 000,012,933 | -H-- | M] () -- C:\Users\Lilly\AppData\Roaming\logs.dat
[2012.01.14 12:45:58 | 000,006,181 | -H-- | M] () -- C:\Users\Lilly\AppData\Roaming\Lillyv1.18.0 - Trial versionlog.dat
[2012.01.14 12:43:55 | 000,132,597 | ---- | M] () -- C:\Users\Lilly\Desktop\Flash_Disinfector.exe
[2012.01.14 12:39:56 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.14 12:39:56 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.14 12:39:56 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.14 12:39:56 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.14 12:33:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.14 12:33:10 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.13 23:26:38 | 000,055,084 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00261102}.rfx
[2012.01.13 23:26:38 | 000,055,084 | ---- | M] () -- C:\Windows\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00261102}.rfx
[2012.01.13 23:26:38 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00261102}.rfx
[2012.01.13 23:26:09 | 000,017,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.13 23:26:09 | 000,017,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.13 23:19:57 | 007,871,362 | ---- | M] () -- C:\Users\Lilly\Desktop\SHADE+OF+GALAXY+v2.0++SP1+VRT+black+statusbar.zip
[2012.01.12 11:25:53 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\AACF.exe
[2012.01.12 03:30:18 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\70BD.exe
[2012.01.12 03:18:39 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\C5ED.exe
[2012.01.12 03:09:21 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\C4EF.exe
[2012.01.11 21:49:25 | 000,761,856 | ---- | M] () -- C:\ex.exe
[2012.01.11 20:30:59 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\D0D.exe
[2012.01.11 20:29:44 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\E81E.exe
[2012.01.11 20:04:57 | 000,166,159 | ---- | M] () -- C:\Users\Lilly\Desktop\Unbenannt.png
[2012.01.11 19:40:15 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\9A2C.exe
[2012.01.10 19:07:17 | 000,516,096 | ---- | M] (ashampoo GmbH & Co. KG ) -- C:\Users\Lilly\AppData\Roaming\CDC6.exe
[2012.01.10 18:46:04 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\6081.exe
[2012.01.10 18:37:14 | 000,001,334 | ---- | M] () -- C:\Users\Lilly\Desktop\weihnachten.html
[2012.01.10 18:37:08 | 000,001,334 | ---- | M] () -- C:\Users\Lilly\Desktop\weinachten.html
[2012.01.10 18:34:44 | 000,024,660 | ---- | M] () -- C:\Users\Lilly\Desktop\_wsb_310x256_Fotolia_Sonderaktion.jpg
[2012.01.10 18:01:10 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\4542.exe
[2012.01.10 13:40:51 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\F375.exe
[2012.01.09 21:18:48 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\D95D.exe
[2012.01.09 21:18:29 | 001,348,096 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe
[2012.01.09 21:18:29 | 001,348,096 | ---- | M] () -- C:\Windows\System32\Ganja17.exe
[2012.01.09 20:50:50 | 000,516,096 | ---- | M] (ashampoo GmbH & Co. KG ) -- C:\Users\Lilly\AppData\Roaming\66A0.exe
[2012.01.09 19:49:03 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\D527.exe
[2012.01.09 18:59:55 | 000,000,386 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\DBCA.exe
[2012.01.09 18:55:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2012.01.09 18:55:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2012.01.09 18:54:28 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2012.01.09 18:54:28 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2012.01.09 18:38:54 | 000,000,386 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\9C66.exe
[2012.01.09 18:18:41 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\1829.exe
[2012.01.09 13:02:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.01.09 12:20:03 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\C3EA.exe
[2012.01.07 19:00:29 | 000,230,962 | ---- | M] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp03402.exe
[2012.01.07 18:59:24 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.01.07 18:59:24 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.01.07 18:59:24 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.01.07 18:59:24 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.01.07 18:59:23 | 000,230,962 | ---- | M] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp00670.exe
[2012.01.07 18:58:46 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2012.01.07 18:40:22 | 000,230,962 | ---- | M] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp82133.exe
[2012.01.07 18:11:54 | 000,230,962 | ---- | M] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp34854.exe
[2012.01.07 18:04:16 | 000,230,962 | ---- | M] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp06121.exe
[2012.01.05 19:48:43 | 000,246,272 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sysdown .exe
[2012.01.05 19:48:43 | 000,246,272 | ---- | M] () -- C:\rundll.exe
[2012.01.05 19:47:07 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\6EF6.exe
[2012.01.05 12:26:27 | 000,785,920 | ---- | M] (Don HO don.h@free.fr) -- C:\botables.exe
[2012.01.05 12:09:56 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\DD96.exe
[2012.01.04 20:20:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.01.04 20:20:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.01.04 20:20:02 | 000,000,386 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\36F8.exe
[2012.01.04 19:43:42 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\F131.exe
[2012.01.01 19:00:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.12.30 16:24:09 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\BD36.exe
[2011.12.29 16:52:32 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2011.12.29 16:52:13 | 000,161,628 | ---- | M] () -- C:\Users\Lilly\Desktop\fb.rtf
[2011.12.29 16:10:39 | 000,916,543 | ---- | M] () -- C:\Users\Lilly\Desktop\Facebook_php.mht
[2011.12.29 16:06:24 | 003,680,801 | ---- | M] () -- C:\Users\Lilly\Desktop\fb.xps
[2011.12.28 16:43:19 | 000,001,057 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\vso_ts_preview.xml
[2011.12.28 13:15:54 | 000,000,000 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\chrtmp
[2011.12.28 13:15:11 | 000,087,608 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\inst.exe
[2011.12.28 13:15:11 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Lilly\AppData\Roaming\pcouffin.sys
[2011.12.28 13:15:11 | 000,007,887 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\pcouffin.cat
[2011.12.28 13:15:11 | 000,001,144 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\pcouffin.inf
[2011.12.28 13:15:10 | 000,001,190 | ---- | M] () -- C:\Users\Lilly\Desktop\ConvertXtoDVD 4.lnk
[2011.12.28 13:07:20 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\6D91.exe
[2011.12.28 13:05:19 | 001,612,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.26 20:32:48 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.12.26 20:20:18 | 001,418,565 | ---- | M] () -- C:\Users\Lilly\Desktop\fe4b3a6cdd3fe87bb41be87acb8ecc6a_b.jpg
[2011.12.26 19:58:01 | 000,000,384 | ---- | M] () -- C:\Users\Public\Desktop\Vollständige Support-Software von Lexmark abrufen.LNK
[2011.12.26 19:57:56 | 000,000,154 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2011.12.24 09:28:12 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.12.24 09:27:57 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\iLoad.lnk
[2011.12.24 09:19:49 | 001,814,553 | ---- | M] () -- C:\Users\Lilly\Desktop\oO.png
[2011.12.24 09:19:27 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.12.23 19:41:26 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011.12.23 19:41:26 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011.12.23 19:40:06 | 000,000,803 | ---- | M] () -- C:\Users\Lilly\Desktop\Steam - Verknüpfung.lnk
[2011.12.23 19:32:49 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011.12.23 19:32:49 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011.12.23 19:32:48 | 000,000,087 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2011.12.23 19:29:36 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011.12.23 19:22:16 | 000,488,536 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011.12.23 18:36:11 | 000,000,771 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011.12.23 18:31:51 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.14 12:47:07 | 000,032,746 | ---- | C] () -- C:\Users\Lilly\Desktop\85104-otl-otlogfile-by-oldtimer.htm
[2012.01.14 12:43:50 | 000,132,597 | ---- | C] () -- C:\Users\Lilly\Desktop\Flash_Disinfector.exe
[2012.01.13 23:20:15 | 007,871,362 | ---- | C] () -- C:\Users\Lilly\Desktop\SHADE+OF+GALAXY+v2.0++SP1+VRT+black+statusbar.zip
[2012.01.12 11:25:53 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\AACF.exe
[2012.01.12 03:30:18 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\70BD.exe
[2012.01.12 03:18:39 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\C5ED.exe
[2012.01.12 03:09:21 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\C4EF.exe
[2012.01.11 21:49:23 | 000,761,856 | ---- | C] () -- C:\ex.exe
[2012.01.11 20:30:59 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\D0D.exe
[2012.01.11 20:29:44 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\E81E.exe
[2012.01.11 20:04:57 | 000,166,159 | ---- | C] () -- C:\Users\Lilly\Desktop\Unbenannt.png
[2012.01.11 19:40:15 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\9A2C.exe
[2012.01.10 18:46:04 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\6081.exe
[2012.01.10 18:34:52 | 000,024,660 | ---- | C] () -- C:\Users\Lilly\Desktop\_wsb_310x256_Fotolia_Sonderaktion.jpg
[2012.01.10 18:28:11 | 000,001,334 | ---- | C] () -- C:\Users\Lilly\Desktop\weinachten.html
[2012.01.10 18:28:11 | 000,001,334 | ---- | C] () -- C:\Users\Lilly\Desktop\weihnachten.html
[2012.01.10 18:01:10 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\4542.exe
[2012.01.10 13:40:51 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\F375.exe
[2012.01.09 21:18:48 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\D95D.exe
[2012.01.09 21:18:33 | 001,348,096 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe
[2012.01.09 21:18:28 | 001,348,096 | ---- | C] () -- C:\Windows\System32\Ganja17.exe
[2012.01.09 19:49:03 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\D527.exe
[2012.01.09 18:59:55 | 000,000,386 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\DBCA.exe
[2012.01.09 18:55:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2012.01.09 18:55:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2012.01.09 18:38:54 | 000,000,386 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\9C66.exe
[2012.01.09 18:18:41 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\1829.exe
[2012.01.09 13:02:35 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.01.09 12:20:03 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\C3EA.exe
[2012.01.07 21:35:40 | 000,001,827 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012.01.07 18:58:46 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2012.01.05 19:48:45 | 000,246,272 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sysdown .exe
[2012.01.05 19:48:42 | 000,246,272 | ---- | C] () -- C:\rundll.exe
[2012.01.05 19:47:07 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\6EF6.exe
[2012.01.05 12:09:56 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\DD96.exe
[2012.01.04 20:20:04 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.01.04 20:20:04 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.01.04 20:20:02 | 000,000,386 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\36F8.exe
[2012.01.04 19:43:42 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\F131.exe
[2012.01.02 21:34:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.01.01 19:00:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.12.30 16:24:09 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\BD36.exe
[2011.12.29 16:52:32 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.12.29 16:52:13 | 000,161,628 | ---- | C] () -- C:\Users\Lilly\Desktop\fb.rtf
[2011.12.29 16:10:37 | 000,916,543 | ---- | C] () -- C:\Users\Lilly\Desktop\Facebook_php.mht
[2011.12.29 16:06:22 | 003,680,801 | ---- | C] () -- C:\Users\Lilly\Desktop\fb.xps
[2011.12.28 13:15:54 | 000,000,000 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\chrtmp
[2011.12.28 13:15:52 | 000,001,057 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\vso_ts_preview.xml
[2011.12.28 13:15:11 | 000,087,608 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\inst.exe
[2011.12.28 13:15:11 | 000,007,887 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\pcouffin.cat
[2011.12.28 13:15:11 | 000,001,144 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\pcouffin.inf
[2011.12.28 13:15:10 | 000,001,190 | ---- | C] () -- C:\Users\Lilly\Desktop\ConvertXtoDVD 4.lnk
[2011.12.28 13:07:20 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\6D91.exe
[2011.12.26 20:18:18 | 001,418,565 | ---- | C] () -- C:\Users\Lilly\Desktop\fe4b3a6cdd3fe87bb41be87acb8ecc6a_b.jpg
[2011.12.26 20:01:28 | 000,001,095 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
[2011.12.26 20:00:38 | 000,001,181 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2011.12.26 20:00:04 | 000,001,361 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2011.12.26 19:59:53 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
[2011.12.26 19:58:59 | 000,001,057 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
[2011.12.26 19:58:01 | 000,000,384 | ---- | C] () -- C:\Users\Public\Desktop\Vollständige Support-Software von Lexmark abrufen.LNK
[2011.12.26 19:57:56 | 000,000,154 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf
[2011.12.24 09:28:12 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.12.24 09:27:57 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\iLoad.lnk
[2011.12.24 09:19:49 | 001,814,553 | ---- | C] () -- C:\Users\Lilly\Desktop\oO.png
[2011.12.24 09:19:27 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.12.23 19:40:06 | 000,000,803 | ---- | C] () -- C:\Users\Lilly\Desktop\Steam - Verknüpfung.lnk
[2011.12.23 19:34:31 | 000,055,084 | ---- | C] () -- C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00261102}.rfx
[2011.12.23 19:34:31 | 000,055,084 | ---- | C] () -- C:\Windows\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00261102}.rfx
[2011.12.23 19:34:31 | 000,000,788 | ---- | C] () -- C:\Windows\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00261102}.rfx
[2011.12.23 19:34:04 | 000,007,062 | ---- | C] () -- C:\Windows\System32\audiopid.vxd
[2011.12.23 19:32:48 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2011.12.23 19:32:48 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2011.12.23 19:32:48 | 000,000,087 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2011.12.23 19:31:45 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIGER.DLL
[2011.12.23 19:29:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.23 19:22:43 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.12.23 19:22:43 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011.12.23 19:17:00 | 000,001,413 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.12.23 18:32:54 | 2616,057,856 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.23 18:31:51 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2011.12.23 18:31:49 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2011.11.10 03:28:32 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011.11.10 03:28:32 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.10.21 20:30:14 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.07.28 20:23:32 | 001,049,837 | RHS- | C] () -- C:\Windows\System32\agl23s.exe
[2010.11.21 01:30:51 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.11.21 01:30:51 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.11.21 01:30:51 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.11.21 01:30:51 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 22:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.11.09 08:06:26 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeainsb.dll
[2009.11.09 08:06:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeacub.dll
[2009.11.09 08:06:06 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeacu.dll
[2009.11.09 08:05:54 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeains.dll
[2009.11.09 07:59:58 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxeagcfg.dll
[2009.10.21 10:06:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeacui.dll
[2009.09.09 19:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 001,612,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.06.08 00:40:42 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxeainsr.dll
[2009.06.08 00:40:40 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeacur.dll
[2009.06.08 00:40:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeajswr.dll
[2009.06.08 00:36:22 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeagrd.dll
[2009.06.08 00:20:10 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeacuir.dll
[2009.06.04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009.06.04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009.06.04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009.06.04 00:40:44 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2009.06.04 00:40:44 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2009.06.04 00:36:30 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2009.06.04 00:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2009.05.27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2009.04.28 07:56:30 | 000,024,064 | ---- | C] () -- C:\Windows\System32\lxeasmr.dll
[2009.02.20 08:48:04 | 000,299,008 | ---- | C] () -- C:\Windows\System32\lxeasm.dll
[2008.03.05 02:55:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeavs.dll
[2005.04.08 03:16:43 | 000,012,933 | -H-- | C] () -- C:\Users\Lilly\AppData\Roaming\logs.dat
[2005.04.08 03:16:43 | 000,006,181 | -H-- | C] () -- C:\Users\Lilly\AppData\Roaming\Lillyv1.18.0 - Trial versionlog.dat

========== LOP Check ==========

[2012.01.04 19:44:03 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\DAEMON Tools Lite
[2012.01.06 19:24:30 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\DVDVideoSoft
[2012.01.06 19:23:55 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.28 13:07:21 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\DYA_GMGSLTBCQOCCSBQMB
[2012.01.10 18:37:45 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\FileZilla
[2012.01.14 12:33:40 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\ICQ
[2012.01.07 22:58:10 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\ImgBurn
[2011.12.24 09:27:39 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\Paloma Networks, Inc
[2011.12.28 16:43:20 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\Vso
[2012.01.05 12:26:27 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\WinUpdtr
[2009.07.14 05:53:46 | 000,008,696 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BFM6JT01H5GK4MX1T3WF6XJ7KJKXFSVF7VB4VP4GV

< End of report >

Alt 14.01.2012, 16:14   #2
markusg
/// Malware-holic
 
Log-Analyse und Auswertung - Standard

Log-Analyse und Auswertung


hi
würdest du es persönlich nicht höflicher finden, wenn andere etwas wollen das sie vllt erst einmal eine kurze einleitung schreiben, du hast weder nen vernünftigen themen titel noch ne problembeschreibung gewählt.
ich sehe zwar schon einiges, aber es ist immer hilfreich zu wissen, welche probleme den leuten aufgefallen sind.
:-)

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
PRC - [2010.11.20 22:29:11 | 001,169,224 | -HS- | M] (Microsoft Corporation) -- C:\Windows\Temp\svhost.exe
MOD - [2012.01.05 19:48:43 | 000,246,272 | -HS- | M] () -- C:\Users\Lilly\AppData\Local\Temp\sysdown .exe
O1 - Hosts: 127.0.0.1 virustotal.com
O1 - Hosts: 127.0.0.1 vscan.novirusthanks.org
O1 - Hosts: 127.0.0.1 irusscan.jotti.org
O1 - Hosts: 127.0.0.1 virscan.org
O1 - Hosts: 127.0.0.1 www.virus-trap.org
O1 - Hosts: 127.0.0.1 www.filterbit.com
O4 - HKLM..\Run: [Windows Service Agent] C:\Windows\System32\agl23s.exe ()
O4 - HKLM..\Run: [WindowsUpdate] C:\Google.exe File not found
O4 - HKLM..\Run: [WindowsUpdateService] WindowsUpdateService.exe File not found
O4 - HKCU..\Run: [Microsoft] C:\Users\Lilly\AppData\Roaming\Microsoft\service.exe (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi
sei spesi mense vino degna rubate du marmo more svelti canile)
O4 - HKCU..\Run: [rundll32] C:\Users\Lilly\AppData\Local\Temp\rundll32 .exe File not found
O4 - HKCU..\Run: [sysdown] C:\Users\Lilly\AppData\Local\Temp\sysdown .exe ()
O4 - HKCU..\Run: [Windows Service Agent] C:\Windows\System32\agl23s.exe ()
O4 - HKCU..\Run: [WindowsUpdate] C:\Google.exe File not found
O4 - HKCU..\Run: [WinUpdtr] C:\Users\Lilly\AppData\Roaming\WinUpdtr\botables.exe (Don HO don.h@free.fr)
O4 - HKLM..\RunServices: [Windows Service Agent] C:\Windows\System32\agl23s.exe ()
O4 - Startup: C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe ()
O4 - Startup: C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sysdown .exe ()
[2012.01.10 19:07:17 | 000,516,096 | ---- | C] (ashampoo GmbH & Co. KG ) -- C:\Users\Lilly\AppData\Roaming\CDC6.exe
[2012.01.09 20:50:50 | 000,516,096 | ---- | C] (ashampoo GmbH & Co. KG ) -- C:\Users\Lilly\AppData\Roaming\66A0.exe
[2012.01.07 19:00:29 | 000,230,962 | ---- | C] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du
marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp03402.exe
[2012.01.07 18:59:23 | 000,230,962 | ---- | C] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du
marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp00670.exe
[2012.01.07 18:40:22 | 000,230,962 | ---- | C] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du
marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp82133.exe
[2012.01.07 18:11:54 | 000,230,962 | ---- | C] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du
marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp34854.exe
[2012.01.07 18:04:14 | 000,230,962 | ---- | C] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du
marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp06121.exe
[2012.01.05 12:26:24 | 000,785,920 | ---- | C] (Don HO don.h@free.fr) -- C:\botables.exe
[2012.01.14 12:45:58 | 000,012,933 | -H-- | M] () -- C:\Users\Lilly\AppData\Roaming\logs.dat
[2012.01.12 11:25:53 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\AACF.exe
[2012.01.12 03:18:39 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\C5ED.exe
[2012.01.12 03:30:18 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\70BD.exe
[2012.01.12 03:09:21 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\C4EF.exe
[2012.01.11 21:49:25 | 000,761,856 | ---- | M] () -- C:\ex.exe
[2012.01.11 20:30:59 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\D0D.exe
[2012.01.11 20:29:44 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\E81E.exe
[2012.01.11 19:40:15 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\9A2C.exe
[2012.01.10 19:07:17 | 000,516,096 | ---- | M] (ashampoo GmbH & Co. KG ) -- C:\Users\Lilly\AppData\Roaming\CDC6.exe
[2012.01.10 18:46:04 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\6081.exe
[2012.01.10 18:01:10 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\4542.exe
[2012.01.10 13:40:51 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\F375.exe
[2012.01.09 21:18:48 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\D95D.exe
[2012.01.09 21:18:29 | 001,348,096 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe
[2012.01.09 21:18:29 | 001,348,096 | ---- | M] () -- C:\Windows\System32\Ganja17.exe
[2012.01.09 20:50:50 | 000,516,096 | ---- | M] (ashampoo GmbH & Co. KG ) -- C:\Users\Lilly\AppData\Roaming\66A0.exe
[2012.01.09 19:49:03 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\D527.exe
[2012.01.09 18:59:55 | 000,000,386 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\DBCA.exe
[2012.01.09 18:38:54 | 000,000,386 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\9C66.exe
[2012.01.09 18:18:41 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\1829.exe
 :Files
C:\Windows\Temp\svhost.exe
C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sysdown .exe
C:\Users\Lilly\AppData\Local\Temp\sysdown .exe
C:\Windows\System32\agl23s.exe
C:\Users\Lilly\AppData\Roaming\Microsoft\service.exe
C:\Users\Lilly\AppData\Roaming\WinUpdtr
C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html
__________________

__________________
Antwort

Themen zu Log-Analyse und Auswertung
adobe, alternate, autorun, avp.exe, bho, black, bonjour, converter, defender, device driver, explorer, firefox, format, ftp, galaxy, helper, installation, kaspersky, langs, log-analyse und auswertung, logfile, mp3, photoshop, plug-in, registry, rundll, scan, security, software, tastatur, temp, virus, webcheck, windows


« Nach Trojaner werden die Ordner auf den externen Festplatten nur noch als Verküpfung angezeigt | "GEMA-Virus" entfernt, nun aber Desktop leer »


Ähnliche Themen: Log-Analyse und Auswertung


  1. firefox und avast probleme mysteriöse windows aktivierung. brauche hilfe bei analyse auswertung
    Log-Analyse und Auswertung - 17.06.2014 (5)
  2. log-analyse
    Log-Analyse und Auswertung - 16.04.2013 (8)
  3. Auswertung meiner Malwarebyte Analyse
    Log-Analyse und Auswertung - 26.10.2012 (3)
  4. einfache Log-Analyse
    Log-Analyse und Auswertung - 19.05.2012 (17)
  5. Verschlüsselungstrojaner LOG-Analyse
    Log-Analyse und Auswertung - 07.05.2012 (5)
  6. Log-Analyse und Auswertung
    Log-Analyse und Auswertung - 20.04.2012 (29)
  7. OTL Auswertung nach Hijackthis Online-Auswertung
    Log-Analyse und Auswertung - 11.11.2011 (3)
  8. Log File Analyse, was tun ?
    Log-Analyse und Auswertung - 10.10.2011 (9)
  9. Mein erstes Log File zur Analyse und Auswertung
    Log-Analyse und Auswertung - 31.03.2011 (1)
  10. Analyse von Log
    Log-Analyse und Auswertung - 17.04.2009 (2)
  11. logfile analyse
    Mülltonne - 03.02.2009 (2)
  12. log analyse
    Log-Analyse und Auswertung - 12.03.2008 (2)
  13. Bitte um Log-Analyse!
    Log-Analyse und Auswertung - 07.09.2007 (23)
  14. Please analyse this!
    Log-Analyse und Auswertung - 10.08.2006 (4)
  15. Bitte um analyse
    Log-Analyse und Auswertung - 07.08.2006 (2)
  16. Dringende Analyse!!
    Log-Analyse und Auswertung - 27.07.2006 (1)
  17. Analyse
    Plagegeister aller Art und deren Bekämpfung - 28.12.2004 (27)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Log-Analyse und Auswertung - OTL logfile created on: 14.01.2012 12:48:12 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lilly\Downloads Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation - Log-Analyse und Auswertung...
Archiv
Du betrachtest: Log-Analyse und Auswertung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129