Bundespolizeiamt weg nach Systemwiederherstellung?

Prekxx · 12.08.2011, 23:40

Hallo, ich habe gesehen das dass Problem mit dem Bundespolizei Trojaner, in Leiter Zeit sehr häufig stattfindet. Nun hab ich mein System auf einen älteren Standpunkt zurück gesetzt Mt der Systemwiederhertellung. Und der Trojaner ist offenbar weg. Aber ich traue dem nicht ganz. sollte ich dennoch nach der Einleitung gehen ( mit otl, cd brennen &co) oder gibt es eine andere möglichket.

Swisstreasure · 12.08.2011, 23:43

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Prekxx · 14.08.2011, 18:18

Danke für die tolle Anleitung.

Hier sind die Logdaten.

Einaml von Malware.

Zitat:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7465

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.08.2011 17:34:39
mbam-log-2011-08-14 (17-34-39).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 173992
Laufzeit: 8 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\****\AppData\Roaming\jashla.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Prekxx · 14.08.2011, 18:21

dann zu OTL

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 8/14/2011 5:54:48 PM - Run 3
OTL by OldTimer - Version 3.2.26.2     Folder = C:\Users\****\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 63.40% Memory free
5.93 Gb Paging File | 4.73 Gb Available in Paging File | 79.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 198.29 Gb Total Space | 64.83 Gb Free Space | 32.70% Space Free | Partition Type: NTFS
Drive D: | 252.37 Gb Total Space | 252.28 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive E: | 5.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe (Motorola)
PRC - C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\System32\drivers\WTSrv.exe (Tablet Driver)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Users\****\Documents\Installieren\iTunes\iTunesHelper.Resources\de.lproj\iTunesHelperLocalized.DLL (Apple Inc.)
MOD - C:\Users\****\Documents\Installieren\iTunes\iTunesHelper.dll (Apple Inc.)
MOD - C:\Users\****\Documents\Installieren\iTunes\iTunesHelper.Resources\iTunesHelper.DLL (Apple Inc.)
MOD - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
MOD - c:\program files\avira\antivir desktop\ccgen.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\ccwgrd.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\ccguard.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\ccmsg.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\ccupdate.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\cclic.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\ccupdw.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\ccwgrdw.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\ccwgrdrc.dll (Avira GmbH)
MOD - C:\Program Files\Avira\AntiVir Desktop\rcimage.dll (Avira GmbH)
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll (Apple Inc.)
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll (Apple Inc.)
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll (Open Source Software community project)
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll (The ICU Project)
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll (The ICU Project)
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll (Apple Inc.)
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll (The ICU Project)
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll (Apple Inc.)
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL (Apple, Inc.)
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll (Apple Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90DEU.DLL (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Silverlight\4.0.60531.0\coreclr.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrlUI.dll ( Microsoft Corporation)
MOD - C:\Program Files\Microsoft Silverlight\4.0.60531.0\de\mscorrc.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Silverlight\4.0.60531.0\agcore.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
MOD - C:\Windows\System32\tquery.dll (Microsoft Corporation)
MOD - c:\program files\avira\antivir desktop\ccgenrc.dll (Avira GmbH)
MOD - C:\Users\****\AppData\Local\Microsoft\Toolbar\Applications\WLExtension.dll (Microsoft Corp.)
MOD - C:\Users\****\AppData\Local\Microsoft\Toolbar\Applications\SCExtension.dll (Microsoft Corp.)
MOD - C:\Program Files\OpenOffice.org 3\program\vclmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\sal3.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\stlport_vc7145.dll (STLport Consulting, Inc.)
MOD - C:\Program Files\OpenOffice.org 3\program\xcrmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\bootstrap.uno.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\cppu3.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\vos3MSC.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\stocservices.uno.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\reg3.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\jvmfwk3.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\uwinapi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\store3.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\msci_uno.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\salhelper3MSC.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\tkmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\utlmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\tlmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\ucbhelper4MSC.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\ucpfile1.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\ucb1.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\svtmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\sfxmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\svlmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\sofficeapp.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\sotmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\sbmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\oleautobridge.uno.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\oooimprovementmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\icudt40.dll (IBM Corporation and others)
MOD - C:\Program Files\OpenOffice.org 3\program\fwkmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\i18npool.uno.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\icuin40.dll (IBM Corporation and others)
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\icuuc40.dll (IBM Corporation and others)
MOD - C:\Program Files\OpenOffice.org 3\program\libdb47.dll (Oracle)
MOD - C:\Program Files\OpenOffice.org 3\program\i18nutilMSC.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\i18npapermi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\i18nisolang1MSC.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\localebe1.uno.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\fwemi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\fwimi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\emsermi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\deploymentmiscmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\comphelp4MSC.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\basegfxmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\configmgr.uno.dll (OpenOffice.org)
MOD - C:\Windows\System32\mfc42.dll (Microsoft Corporation)
MOD - C:\Windows\explorer.exe (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll (Apple Inc.)
MOD - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
MOD - C:\Windows\System32\d3d10_1.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wscapi.dll (Microsoft Corporation)
MOD - C:\Users\****\Documents\Installieren\illu\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation)
MOD - C:\Program Files\QuickTime\QTSystem\QuickTime.qts (Apple Inc.)
MOD - C:\Program Files\QuickTime\QTSystem\QTCF.dll (Apple Inc.)
MOD - C:\Program Files\OpenOffice.org 3\program\saxmi.dll (OpenOffice.org)
MOD - C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll (Avira GmbH)
MOD - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MOD - C:\Windows\System32\taskschd.dll (Microsoft Corporation)
MOD - C:\Windows\System32\d3d10_1core.dll (Microsoft Corporation)
MOD - C:\Windows\System32\odbc32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\ExplorerFrame.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rtutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\mf.dll (Microsoft Corporation)
MOD - C:\Program Files\Motorola\MotoConnectService\mmdslang\LangDe.dll (Motorola)
MOD - C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe (Motorola)
MOD - C:\Users\****\AppData\Local\Microsoft\Toolbar\Applications\AppMgr.dll (Microsoft Corp.)
MOD - c:\program files\avira\antivir desktop\cfglib.dll (Avira GmbH)
MOD - C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE ()
MOD - C:\PROGRA~1\samsung\SAMSUN~2\HMXML.dll ()
MOD - c:\program files\avira\antivir desktop\ccgrdrc.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\ccgrdw.dll (Avira GmbH)
MOD - C:\Program Files\Avira\AntiVir Desktop\avipc.dll (Avira GmbH)
MOD - C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\ccupdrc.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\ccmainrc.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\ccmsgrc.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\cclicrc.dll (Avira GmbH)
MOD - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
MOD - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
MOD - C:\Windows\System32\nvwgf2um.dll (NVIDIA Corporation)
MOD - C:\Windows\System32\nvapi.dll (NVIDIA Corporation)
MOD - C:\Windows\System32\nvshext.dll (NVIDIA Corporation)
MOD - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
MOD - C:\Users\****\Documents\Installieren\winrar\rarext.dll ()
MOD - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
MOD - C:\Program Files\SAMSUNG\EasySpeedUpManager\Sabi3.dll (SAMSUNG ELECTRONICS)
MOD - C:\Program Files\Samsung\Easy Display Manager\SABI3.dll (SAMSUNG ELECTRONICS)
MOD - C:\Windows\System32\bcryptprimitives.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wucltux.dll (Microsoft Corporation)
MOD - C:\Windows\System32\WWanAPI.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wups2.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wwapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wscinterop.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wtsapi32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wsock32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wship6.dll (Microsoft Corporation)
MOD - C:\Windows\System32\WSHTCPIP.DLL (Microsoft Corporation)
MOD - C:\Windows\System32\winsta.dll (Microsoft Corporation)
MOD - C:\Windows\System32\WinSCard.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wlanapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wkscli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\winnsi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wlanutil.dll (Microsoft Corporation)
MOD - C:\Windows\System32\werconcpl.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wer.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wevtapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbemcomn.dll (Microsoft Corporation)
MOD - C:\Windows\System32\UIAnimation.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wbemsvc.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wbemprox.dll (Microsoft Corporation)
MOD - C:\Windows\System32\vdmdbg.dll (Microsoft Corporation)
MOD - C:\Windows\System32\uDWM.dll (Microsoft Corporation)
MOD - C:\Windows\System32\TSChannel.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SyncCenter.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sxs.dll (Microsoft Corporation)
MOD - C:\Windows\System32\srchadmin.dll (Microsoft Corporation)
MOD - C:\Windows\System32\synceng.dll (Microsoft Corporation)
MOD - C:\Windows\System32\Syncreg.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SndVolSSO.dll (Microsoft Corporation)
MOD - C:\Windows\System32\shfolder.dll (Microsoft Corporation)
MOD - C:\Windows\System32\Speech\Common\sapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SensApi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\pnidui.dll (Microsoft Corporation)
MOD - C:\Windows\System32\Query.dll (Microsoft Corporation)
MOD - C:\Windows\System32\PortableDeviceApi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\prnfldr.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rasapi32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\PhotoMetadataHandler.dll (Microsoft Corporation)
MOD - C:\Windows\System32\QAGENT.DLL (Microsoft Corporation)
MOD - C:\Windows\System32\PortableDeviceTypes.dll (Microsoft Corporation)
MOD - C:\Windows\System32\powrprof.dll (Microsoft Corporation)
MOD - C:\Windows\System32\oledlg.dll (Microsoft Corporation)
MOD - C:\Windows\System32\QUTIL.DLL (Microsoft Corporation)
MOD - C:\Windows\System32\PlaySndSrv.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rasman.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rasadhlp.dll (Microsoft Corporation)
MOD - C:\Windows\System32\npmproxy.dll (Microsoft Corporation)
MOD - C:\Windows\System32\ncrypt.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msutb.dll (Microsoft Corporation)
MOD - C:\Windows\System32\mssprxy.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msshooks.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msls31.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msftedit.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msimtf.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msdmo.dll (Microsoft Corporation)
MOD - C:\Windows\System32\MsCtfMonitor.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msacm32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\MMDevAPI.dll (Microsoft Corporation)
MOD - C:\Windows\System32\mlang.dll (Microsoft Corporation)
MOD - C:\Windows\System32\mfplat.dll (Microsoft Corporation)
MOD - C:\Windows\System32\ksuser.dll (Microsoft Corporation)
MOD - C:\Windows\System32\IPHLPAPI.DLL (Microsoft Corporation)
MOD - C:\Windows\System32\imapi2.dll (Microsoft Corporation)
MOD - C:\Windows\System32\IconCodecService.dll (Microsoft Corporation)
MOD - C:\Windows\System32\hgcpl.dll (Microsoft Corporation)
MOD - C:\Windows\System32\hcproviders.dll (Microsoft Corporation)
MOD - C:\Windows\System32\hid.dll (Microsoft Corporation)
MOD - C:\Windows\System32\gameux.dll (Microsoft Corporation)
MOD - C:\Windows\System32\FXSST.dll (Microsoft Corporation)
MOD - C:\Windows\System32\gpapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\FXSAPI.dll (Microsoft Corporation)
MOD - C:\Windows\System32\FWPUCLNT.DLL (Microsoft Corporation)
MOD - C:\Windows\System32\framedynos.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\fastprox.dll (Microsoft Corporation)
MOD - C:\Windows\System32\EhStorAPI.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmcore.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dui70.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dxgi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dsound.dll (Microsoft Corporation)
MOD - C:\Windows\System32\DXP.dll (Microsoft Corporation)
MOD - C:\Windows\System32\duser.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmredir.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dsrole.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devrtl.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dhcpcsvc6.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dimsjob.dll (Microsoft Corporation)
MOD - C:\Windows\System32\ddraw.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dciman32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cabinet.dll (Microsoft Corporation)
MOD - C:\Windows\System32\bcrypt.dll (Microsoft Corporation)
MOD - C:\Windows\System32\batmeter.dll (Microsoft Corporation)
MOD - C:\Windows\System32\avrt.dll (Microsoft Corporation)
MOD - C:\Windows\System32\authui.dll (Microsoft Corporation)
MOD - C:\Windows\System32\AudioSes.dll (Microsoft Corporation)
MOD - C:\Windows\System32\AltTab.dll (Microsoft Corporation)
MOD - C:\Windows\System32\ActionCenter.dll (Microsoft Corporation)
MOD - C:\Windows\System32\acppage.dll (Microsoft Corporation)
MOD - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
MOD - C:\Windows\System32\wscui.cpl (Microsoft Corporation)
MOD - C:\Windows\System32\timedate.cpl (Microsoft Corporation)
MOD - C:\Windows\System32\bthprops.cpl (Microsoft Corporation)
MOD - C:\Windows\System32\odbcint.dll (Microsoft Corporation)
MOD - C:\Windows\System32\FXSRESM.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) --  File not found
SRV - (Akamai) -- c:\program files\common files\akamai\netsession_win_2da1ebd.dll ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (MotoConnect Service) -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (WinTabService) -- C:\windows\System32\Drivers\WTSRV.EXE (Tablet Driver)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola)
DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (UCTblHid) -- C:\Windows\System32\drivers\UCTblHid.sys (Tablet Driver)
DRV - (TClass2k) -- C:\Windows\System32\drivers\TClass2k.sys (Tablet Driver)
DRV - (PTSimHid) -- C:\Windows\System32\drivers\PTSimHid.sys (PenTablet Driver)
DRV - (PTSimBus) -- C:\Windows\System32\drivers\PTSimBus.sys (PenTablet Driver)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {49f3fc85-dcfe-4e42-9301-226ebe658509}:0.6.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Users\****\Documents\Installieren\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/05/01 22:12:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/05/02 21:19:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 10:58:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/05 14:19:15 | 000,000,000 | ---D | M]
 
[2011/07/23 22:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2011/07/23 22:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2011/08/01 21:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions
[2011/07/31 19:15:37 | 000,000,000 | ---D | M] (kikin plugin (NO23 Edition)) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2011/05/19 10:57:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/08/01 21:51:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/02 19:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
File not found (No name found) -- 
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K1WX1KSH.DEFAULT\EXTENSIONS\{49F3FC85-DCFE-4E42-9301-226EBE658509}.XPI
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K1WX1KSH.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2011/06/27 10:58:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/06/13 18:02:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Users\****\Documents\Installieren\illu\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WTClient] C:\windows\System32\WTClient.exe (Tablet Driver)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Users\****\Documents\Installieren\illu\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil10n_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Users\****\DOCUME~1\INSTAL~1\Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Users\****\DOCUME~1\INSTAL~1\Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Users\****\DOCUME~1\INSTAL~1\Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/04/30 04:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/22 01:48:37 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{15596053-cdae-11de-b148-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{15596053-cdae-11de-b148-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/04/30 04:57:32 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{935970df-b609-11e0-b3db-00245422d769}\Shell - "" = AutoRun
O33 - MountPoints2\{935970df-b609-11e0-b3db-00245422d769}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: aux - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.YUY2 - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/08/14 17:53:26 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011/08/14 17:12:09 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{AE2A087C-53A0-4966-906D-5646E79156EE}
[2011/08/14 17:11:57 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{F449202C-E998-4100-B3CD-8CC44C35CB7A}
[2011/08/12 23:42:35 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{F13E4A2C-563A-4F0F-868A-129AA19285F3}
[2011/08/12 23:42:21 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{9787C4EA-0873-4183-9111-4505299B17AE}
[2011/08/12 20:30:19 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{4038D280-39CC-47B2-A022-AF8998E2392A}
[2011/08/12 20:30:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{E767410D-DBEA-4187-8C63-B7EC05CF7262}
[2011/08/11 22:13:13 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{FCF09858-459F-457B-9231-E57FF3C4C4C9}
[2011/08/11 22:12:59 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{BB2193FD-70FE-4EA0-94EC-E040B6F356D0}
[2011/08/11 09:39:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{CC25595D-9C8F-46FD-96C5-4A4098990E83}
[2011/08/11 09:38:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A108F6B2-BF18-437A-B2D4-235F4F287768}
[2011/08/10 23:21:53 | 000,000,000 | ---D | C] -- C:\Users\****\shirt
[2011/08/10 21:36:47 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{8E850F9A-D504-4C8F-86AB-A862A409968C}
[2011/08/10 21:36:35 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{E042D3AC-BEF1-4B3E-8B36-0C463C54B862}
[2011/08/10 09:41:58 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{DF8438DB-AFC0-4872-B8C1-BE861B687DCD}
[2011/08/09 22:51:10 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{D90F867A-0FD2-47E9-B266-C78A5CAA0316}
[2011/08/09 14:07:53 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{20B611D5-8A94-4102-82AE-1DDCE9BCBC6C}
[2011/08/09 11:37:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{0C6F7472-8906-42BF-8363-73184CDD1DF0}
[2011/08/09 10:34:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{1B157CCA-EF20-4E39-8F10-419AB34696EC}
[2011/08/09 10:34:19 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{540C0CB2-20EE-41F8-8339-2285998AACCA}
[2011/08/08 21:55:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{5965C612-8F74-4F9D-A4F0-1F99EAEE1D00}
[2011/08/08 21:55:33 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{BC3F6EB7-6D2A-4910-BA53-E2CDC04C240D}
[2011/08/08 09:51:53 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{D4785C02-8935-45C2-AE17-E1BD0B135A35}
[2011/08/08 09:51:40 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{CB77F841-DB51-45A7-9108-F7BBD583B082}
[2011/08/07 10:26:17 | 000,000,000 | ---D | C] -- C:\Users\****\d
[2011/08/07 10:15:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{2D23788A-D8C5-4AA3-A6A8-C8A3BE003699}
[2011/08/07 10:15:35 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{9A1568F3-0975-452C-B773-27F2BFE85190}
[2011/08/05 22:00:29 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A62A3A80-E506-4DD9-8511-8A56C2268354}
[2011/08/05 19:05:20 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{C8E99819-E9A0-44D0-9A5C-CACFB1869361}
[2011/08/05 16:28:45 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{0C23184E-F634-4CDD-AF9E-6BFC630070E4}
[2011/08/05 13:01:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B7B8E8F0-742A-491A-A386-D538A735E2F5}
[2011/08/04 22:34:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{F1DC22FD-F41B-445D-A255-6102E443C86E}
[2011/08/04 10:34:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{5C9E41FD-15A2-404B-A850-CC0147E38EFA}
[2011/08/03 22:33:43 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{BDFFA6FB-7DF2-4F49-946B-922D327E4C1F}
[2011/08/02 22:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/02 22:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/02 22:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/02 22:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/02 22:20:21 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{2945EBCD-7043-462A-B53F-BE70B63389C3}
[2011/08/02 10:05:57 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{2C321D23-4C37-4B0E-854E-FC066B5E1261}
[2011/08/01 21:50:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2011/08/01 21:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011/08/01 21:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[2011/08/01 21:36:26 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{60F6E17E-F355-4347-9B2C-00C5371A9BAE}
[2011/08/01 09:36:00 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B184544A-8C33-433F-98A8-BBC3DC0C2761}
[2011/07/31 22:11:55 | 000,000,000 | ---D | C] -- C:\Users\****\.thumbnails
[2011/07/31 22:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2011/07/31 20:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\RapidSolution
[2011/07/31 20:17:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials TV
[2011/07/31 20:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials 8
[2011/07/31 19:15:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No23 Recorder
[2011/07/31 19:15:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\No23 Recorder
[2011/07/31 19:15:37 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\kikin
[2011/07/31 19:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\kikin
[2011/07/31 19:08:14 | 000,000,000 | ---D | C] -- C:\Vimeo
[2011/07/31 18:28:40 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\CrashRpt
[2011/07/31 18:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution
[2011/07/31 18:20:14 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\RapidSolution
[2011/07/31 18:17:56 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Simfy
[2011/07/31 18:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
[2011/07/31 18:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/07/31 18:11:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{9F6D9588-F329-412E-AE66-E99E93285D09}
[2011/07/29 11:10:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{E5F16F7A-B823-401B-A84B-818BA1989ADE}
[2011/07/28 21:19:16 | 000,000,000 | ---D | C] -- C:\Users\****\MSYNC
[2011/07/28 21:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Phone Tunes
[2011/07/28 14:58:48 | 000,000,000 | ---D | C] -- C:\Users\****\Azubi aktion
[2011/07/28 14:11:42 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{53C0919D-8808-43EE-BE1E-47D14CC7E2C1}
[2011/07/27 12:31:48 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{04E9D222-FF2B-4EAF-88A2-B5806CD65182}
[2011/07/26 18:50:53 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{3FCF0823-BDFF-4100-9B9D-B22A96800E8F}
[2011/07/25 22:04:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{323953D5-9FCE-4794-B930-2A152EF69977}
[2011/07/25 09:20:18 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{09710D1E-7D61-48C7-88C5-7AB720129DC3}
[2011/07/25 09:20:08 | 000,000,000 | ---D | C] -- C:\Users\****\Neuer Ordner
[2011/07/24 18:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/07/24 18:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2011/07/24 18:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2011/07/24 18:42:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Driver Installer
[2011/07/24 17:29:54 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{6B56CA43-9DC7-4175-BD7E-60F35758C63F}
[2011/07/23 22:13:41 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Songbird2
[2011/07/23 22:13:41 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Songbird2
[2011/07/23 22:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songbird
[2011/07/23 10:04:41 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{FBB0AB2C-C564-4EC5-AA5F-2B999E9C3CC2}
[2011/07/22 22:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/07/22 22:45:01 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Electronic Arts
[2011/07/22 22:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2011/07/22 22:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2011/07/22 22:04:14 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{7BC1D83F-C48D-4CD8-8568-1A3A8E48464E}
[2011/07/20 11:04:29 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{EA4959D1-C66B-4CFF-A08B-2C3672F3EC00}
[2011/07/19 09:16:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{F148815D-219C-4C8B-A528-DB794649F3FE}
[2011/07/17 18:19:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{34F8623D-7970-4D7E-B156-293F6A28A331}
[2011/07/16 15:40:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{DABCAB41-794A-45DF-8546-2D7FDDCC035D}
[2011/06/13 00:04:55 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\****\AppData\Roaming\pcouffin.sys
[2010/05/24 22:27:05 | 000,018,944 | ---- | C] ( ) -- C:\windows\System32\implode.dll
[2007/08/13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\****\AppData\Local\CDRip.dll
[2007/01/18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\****\AppData\Local\No23 Recorder.exe
[2006/12/11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\****\AppData\Local\basscd.dll
[2006/12/11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\****\AppData\Local\bass.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/08/14 17:53:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011/08/14 17:37:52 | 000,054,016 | ---- | M] () -- C:\windows\System32\drivers\eninfjk.sys
[2011/08/14 17:37:52 | 000,000,130 | ---- | M] () -- C:\windows\tasks\fdethc
[2011/08/14 17:18:18 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/14 17:18:18 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/14 17:09:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/08/14 17:09:44 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/11 22:38:29 | 000,000,132 | ---- | M] () -- C:\Users\****\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/10 09:54:30 | 005,057,864 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/08/10 09:54:30 | 001,972,424 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/08/10 09:54:30 | 001,543,796 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/08/10 09:54:30 | 001,377,170 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/08/03 09:30:44 | 007,734,312 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/08/02 22:48:42 | 000,002,521 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/08/02 22:45:17 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/31 22:11:48 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Blender.lnk
[2011/07/31 20:17:42 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\audials TV.lnk
[2011/07/31 20:17:16 | 000,001,296 | ---- | M] () -- C:\Users\Public\Desktop\Audials 8.lnk
[2011/07/31 19:25:26 | 000,001,470 | ---- | M] () -- C:\Users\****\AppData\Local\RecConfig.xml
[2011/07/31 19:15:52 | 000,001,004 | ---- | M] () -- C:\Users\****\Desktop\No23 Recorder.lnk
[2011/07/31 18:17:51 | 000,001,258 | ---- | M] () -- C:\Users\Public\Desktop\simfy.lnk
[2011/07/28 21:19:00 | 000,001,345 | ---- | M] () -- C:\Users\Public\Desktop\Easy Phone Tunes.lnk
[2011/07/24 18:44:59 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2011/07/24 18:44:59 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_motfilt_01007.Wdf
[2011/07/24 18:44:48 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/07/24 18:43:55 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/07/24 18:43:55 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/07/24 18:43:36 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/07/23 22:13:24 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Songbird.lnk
[2011/07/22 22:43:59 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2011/07/22 22:42:43 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/08/14 17:37:52 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\eninfjk.sys
[2011/08/14 17:37:52 | 000,000,130 | ---- | C] () -- C:\windows\tasks\fdethc
[2011/08/02 22:45:17 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/31 22:11:48 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\Blender.lnk
[2011/07/31 20:17:42 | 000,002,111 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\audials TV.lnk
[2011/07/31 20:17:42 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\audials TV.lnk
[2011/07/31 20:17:16 | 000,001,296 | ---- | C] () -- C:\Users\Public\Desktop\Audials 8.lnk
[2011/07/31 19:25:26 | 000,001,470 | ---- | C] () -- C:\Users\****\AppData\Local\RecConfig.xml
[2011/07/31 19:15:52 | 000,001,004 | ---- | C] () -- C:\Users\****\Desktop\No23 Recorder.lnk
[2011/07/31 18:17:51 | 000,001,258 | ---- | C] () -- C:\Users\Public\Desktop\simfy.lnk
[2011/07/28 21:19:00 | 000,001,375 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Phone Tunes.lnk
[2011/07/28 21:19:00 | 000,001,345 | ---- | C] () -- C:\Users\Public\Desktop\Easy Phone Tunes.lnk
[2011/07/24 18:44:59 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2011/07/24 18:44:59 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_motfilt_01007.Wdf
[2011/07/24 18:44:48 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/07/24 18:43:55 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/07/24 18:43:55 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/07/24 18:43:36 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/07/23 22:13:24 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Songbird.lnk
[2011/07/22 22:43:59 | 000,001,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Download Manager.lnk
[2011/07/22 22:43:59 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2011/07/22 22:42:43 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3.lnk
[2011/06/14 16:42:06 | 000,000,059 | ---- | C] () -- C:\windows\wininit.ini
[2011/06/13 00:04:55 | 000,087,608 | ---- | C] () -- C:\Users\****\AppData\Roaming\inst.exe
[2011/06/13 00:04:55 | 000,007,887 | ---- | C] () -- C:\Users\****\AppData\Roaming\pcouffin.cat
[2011/06/13 00:04:55 | 000,001,144 | ---- | C] () -- C:\Users\****\AppData\Roaming\pcouffin.inf
[2011/06/04 23:28:34 | 000,001,057 | ---- | C] () -- C:\Users\****\AppData\Roaming\vso_ts_preview.xml
[2011/05/19 10:22:46 | 000,000,144 | ---- | C] () -- C:\ProgramData\~28040952r
[2011/05/19 10:22:46 | 000,000,120 | ---- | C] () -- C:\ProgramData\~28040952
[2011/05/19 10:22:24 | 000,000,336 | ---- | C] () -- C:\ProgramData\28040952
[2011/03/13 20:38:08 | 000,000,000 | ---- | C] () -- C:\ProgramData\Sampler
[2010/08/31 17:25:06 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/09 19:59:10 | 000,001,456 | ---- | C] () -- C:\Users\****\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2010/06/13 17:54:50 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2010/06/13 17:54:50 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2010/06/13 17:54:50 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2010/06/13 17:54:50 | 000,077,312 | ---- | C] () -- C:\windows\MBR.exe
[2010/06/13 17:54:50 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2010/06/06 22:31:24 | 000,000,132 | ---- | C] () -- C:\Users\****\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/05/30 12:58:15 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/05/30 12:58:15 | 000,000,008 | RHS- | C] () -- C:\ProgramData\C96FFE052E.sys
[2010/05/25 13:53:35 | 000,000,145 | --S- | C] () -- C:\Users\****\AppData\Local\1714199777.dat
[2010/05/25 13:53:34 | 000,000,004 | ---- | C] () -- C:\Users\****\AppData\Roaming\ovczpx.dat
[2010/05/24 22:27:05 | 000,748,160 | ---- | C] () -- C:\windows\System32\CO2C40EN.DLL
[2010/05/24 22:27:05 | 000,153,761 | ---- | C] () -- C:\windows\System32\u2frtf.dll
[2010/05/24 22:27:05 | 000,124,256 | ---- | C] () -- C:\windows\System32\u2dmapi.dll
[2010/05/24 22:27:05 | 000,109,568 | ---- | C] () -- C:\windows\System32\u2fhtml.dll
[2010/05/24 22:27:05 | 000,097,489 | ---- | C] () -- C:\windows\System32\u2fcr.dll
[2010/05/24 22:27:05 | 000,069,632 | ---- | C] () -- C:\windows\System32\u2fxls.dll
[2010/05/24 22:27:05 | 000,069,632 | ---- | C] () -- C:\windows\System32\u2fwordw.dll
[2010/05/24 22:27:05 | 000,053,248 | ---- | C] () -- C:\windows\System32\u2fwks.dll
[2010/05/24 22:27:05 | 000,053,248 | ---- | C] () -- C:\windows\System32\u2ftext.dll
[2010/05/24 22:27:05 | 000,053,248 | ---- | C] () -- C:\windows\System32\u2fsepv.dll
[2010/05/24 22:27:05 | 000,049,152 | ---- | C] () -- C:\windows\System32\u2frec.dll
[2010/05/24 22:27:05 | 000,049,152 | ---- | C] () -- C:\windows\System32\u2fdif.dll
[2010/05/24 22:27:05 | 000,045,056 | ---- | C] () -- C:\windows\System32\u2ddisk.dll
[2010/01/05 18:57:57 | 000,000,000 | ---- | C] () -- C:\Users\****\AppData\Roaming\Services
[2010/01/05 18:57:57 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/12/26 22:36:22 | 000,000,248 | ---- | C] () -- C:\windows\Tablet8000x6000M.ini
[2009/12/26 22:23:07 | 000,056,320 | ---- | C] () -- C:\windows\System32\UCMfg.exe
[2009/12/26 22:23:07 | 000,010,240 | ---- | C] () -- C:\windows\System32\ucinst32.dll
[2009/12/26 22:23:05 | 000,335,872 | ---- | C] () -- C:\windows\SetupX32.EXE
[2009/12/26 22:23:04 | 000,024,576 | ---- | C] () -- C:\windows\System32\lhtool.exe
[2009/12/08 21:20:11 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2009/12/07 21:08:01 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2009/09/23 00:05:23 | 005,057,864 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/09/23 00:05:23 | 001,543,796 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/09/23 00:05:23 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/09/23 00:05:23 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/09/22 07:45:54 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2009/09/22 07:21:26 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 007,734,312 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 001,972,424 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 001,377,170 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2007/08/13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\****\AppData\Local\lame_enc.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2006/10/26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\****\AppData\Local\vorbisenc.dll
[2006/10/26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\****\AppData\Local\vorbisfile.dll
[2006/10/26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\****\AppData\Local\vorbis.dll
[2006/10/26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\****\AppData\Local\ogg.dll
[2005/08/23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\****\AppData\Local\no23xwrapper.dll
[2002/09/18 01:45:00 | 000,119,808 | ---- | C] () -- C:\windows\lsb_un20.exe
[1999/07/07 02:00:00 | 000,000,006 | RHS- | C] () -- C:\ProgramData\D81EDBF9-D167-4011-B77D-211DF920EB80
 
========== LOP Check ==========
 
[2011/05/09 18:33:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\.minecraft
[2010/10/17 23:59:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/13 19:43:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009/12/10 19:12:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2011/06/04 22:46:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft
[2011/04/01 15:19:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/05/29 22:28:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ezaloz
[2011/04/20 11:28:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2010/04/21 20:47:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GameConsole
[2011/06/07 20:29:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GetRightToGo
[2010/02/02 16:23:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Go Go Gourmet
[2011/06/07 20:21:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HandBrake
[2011/05/19 10:57:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\hdbADS
[2010/09/07 20:12:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Iggels
[2011/06/14 16:39:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\inkscape
[2010/05/22 23:06:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\KaLoMa
[2011/07/31 19:15:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\kikin
[2011/05/19 10:57:08 | 000,000,000 | -HSD | M] -- C:\Users\****\AppData\Roaming\lowsec
[2010/09/15 17:44:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MAXON
[2011/05/19 10:57:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mp3tag
[2010/01/10 16:05:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nikon
[2010/05/29 22:05:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ogcit
[2011/05/19 10:56:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org
[2011/05/19 10:57:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PhotoScape
[2011/07/31 18:17:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Simfy
[2011/07/23 22:13:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Songbird2
[2010/02/20 12:44:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SYSTEMAX Software Development
[2011/06/13 00:04:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Vso
[2011/08/14 17:37:52 | 000,000,130 | ---- | M] () -- C:\windows\Tasks\fdethc
[2011/06/10 14:15:47 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2009/06/10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/06/13 15:40:40 | 000,001,188 | ---- | M] () -- C:\avenger.txt
[2010/06/13 18:56:20 | 000,016,180 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/08/14 17:09:44 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/13 20:34:25 | 000,001,598 | ---- | M] () -- C:\InstallHelper.log
[2009/09/23 19:57:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/09/23 19:57:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/08/14 17:09:50 | 3184,119,808 | -HS- | M] () -- C:\pagefile.sys
[2009/09/22 07:21:03 | 000,002,003 | ---- | M] () -- C:\RHDSetup.log
[2011/05/19 11:03:40 | 000,000,426 | ---- | M] () -- C:\rkill.log
[2009/09/22 07:26:31 | 000,000,191 | ---- | M] () -- C:\Setup.log
[2011/05/19 12:08:22 | 000,065,228 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_19.05.2011_12.07.52_log.txt
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2009/07/14 06:52:25 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:52:25 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:52:25 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:52:25 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 23:31:19 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\winprint.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
[2010/04/15 21:34:03 | 000,001,686 | -HS- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\LastFlashConfig.wfc
 
< %PROGRAMFILES%\*.* >
[2009/07/14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\user32.dll /md5 >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\windows\system32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\windows\system32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\windows\system32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-14 15:20:16
 
<        >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE

< End of report >

--- --- ---

Prekxx · 14.08.2011, 18:24

und OTLextra

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 8/14/2011 5:54:48 PM - Run 3
OTL by OldTimer - Version 3.2.26.2     Folder = C:\Users\****\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 63.40% Memory free
5.93 Gb Paging File | 4.73 Gb Available in Paging File | 79.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 198.29 Gb Total Space | 64.83 Gb Free Space | 32.70% Space Free | Partition Type: NTFS
Drive D: | 252.37 Gb Total Space | 252.28 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive E: | 5.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe (Motorola)
PRC - C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\System32\drivers\WTSrv.exe (Tablet Driver)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Users\****\Documents\Installieren\iTunes\iTunesHelper.Resources\de.lproj\iTunesHelperLocalized.DLL (Apple Inc.)
MOD - C:\Users\****\Documents\Installieren\iTunes\iTunesHelper.dll (Apple Inc.)
MOD - C:\Users\****\Documents\Installieren\iTunes\iTunesHelper.Resources\iTunesHelper.DLL (Apple Inc.)
MOD - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
MOD - c:\program files\avira\antivir desktop\ccgen.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\ccwgrd.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\ccguard.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\ccmsg.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\ccupdate.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\cclic.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\ccupdw.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\ccwgrdw.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\ccwgrdrc.dll (Avira GmbH)
MOD - C:\Program Files\Avira\AntiVir Desktop\rcimage.dll (Avira GmbH)
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll (Apple Inc.)
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll (Apple Inc.)
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll (Open Source Software community project)
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll (The ICU Project)
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll (The ICU Project)
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll (Apple Inc.)
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll (The ICU Project)
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll (Apple Inc.)
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL (Apple, Inc.)
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll (Apple Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90DEU.DLL (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Silverlight\4.0.60531.0\coreclr.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrlUI.dll ( Microsoft Corporation)
MOD - C:\Program Files\Microsoft Silverlight\4.0.60531.0\de\mscorrc.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Silverlight\4.0.60531.0\agcore.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
MOD - C:\Windows\System32\tquery.dll (Microsoft Corporation)
MOD - c:\program files\avira\antivir desktop\ccgenrc.dll (Avira GmbH)
MOD - C:\Users\****\AppData\Local\Microsoft\Toolbar\Applications\WLExtension.dll (Microsoft Corp.)
MOD - C:\Users\****\AppData\Local\Microsoft\Toolbar\Applications\SCExtension.dll (Microsoft Corp.)
MOD - C:\Program Files\OpenOffice.org 3\program\vclmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\sal3.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\stlport_vc7145.dll (STLport Consulting, Inc.)
MOD - C:\Program Files\OpenOffice.org 3\program\xcrmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\bootstrap.uno.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\cppu3.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\vos3MSC.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\stocservices.uno.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\reg3.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\jvmfwk3.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\uwinapi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\store3.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\msci_uno.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\URE\bin\salhelper3MSC.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\tkmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\utlmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\tlmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\ucbhelper4MSC.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\ucpfile1.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\ucb1.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\svtmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\sfxmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\svlmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\sofficeapp.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\sotmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\sbmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\oleautobridge.uno.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\oooimprovementmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\icudt40.dll (IBM Corporation and others)
MOD - C:\Program Files\OpenOffice.org 3\program\fwkmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\i18npool.uno.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\icuin40.dll (IBM Corporation and others)
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\icuuc40.dll (IBM Corporation and others)
MOD - C:\Program Files\OpenOffice.org 3\program\libdb47.dll (Oracle)
MOD - C:\Program Files\OpenOffice.org 3\program\i18nutilMSC.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\i18npapermi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\i18nisolang1MSC.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\localebe1.uno.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\fwemi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\fwimi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\emsermi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\deploymentmiscmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\comphelp4MSC.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\basegfxmi.dll (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\configmgr.uno.dll (OpenOffice.org)
MOD - C:\Windows\System32\mfc42.dll (Microsoft Corporation)
MOD - C:\Windows\explorer.exe (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll (Apple Inc.)
MOD - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
MOD - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
MOD - C:\Windows\System32\d3d10_1.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wscapi.dll (Microsoft Corporation)
MOD - C:\Users\****\Documents\Installieren\illu\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation)
MOD - C:\Program Files\QuickTime\QTSystem\QuickTime.qts (Apple Inc.)
MOD - C:\Program Files\QuickTime\QTSystem\QTCF.dll (Apple Inc.)
MOD - C:\Program Files\OpenOffice.org 3\program\saxmi.dll (OpenOffice.org)
MOD - C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll (Avira GmbH)
MOD - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MOD - C:\Windows\System32\taskschd.dll (Microsoft Corporation)
MOD - C:\Windows\System32\d3d10_1core.dll (Microsoft Corporation)
MOD - C:\Windows\System32\odbc32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\ExplorerFrame.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rtutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\mf.dll (Microsoft Corporation)
MOD - C:\Program Files\Motorola\MotoConnectService\mmdslang\LangDe.dll (Motorola)
MOD - C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe (Motorola)
MOD - C:\Users\****\AppData\Local\Microsoft\Toolbar\Applications\AppMgr.dll (Microsoft Corp.)
MOD - c:\program files\avira\antivir desktop\cfglib.dll (Avira GmbH)
MOD - C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE ()
MOD - C:\PROGRA~1\samsung\SAMSUN~2\HMXML.dll ()
MOD - c:\program files\avira\antivir desktop\ccgrdrc.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\ccgrdw.dll (Avira GmbH)
MOD - C:\Program Files\Avira\AntiVir Desktop\avipc.dll (Avira GmbH)
MOD - C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\ccupdrc.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\ccmainrc.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\ccmsgrc.dll (Avira GmbH)
MOD - c:\program files\avira\antivir desktop\cclicrc.dll (Avira GmbH)
MOD - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
MOD - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
MOD - C:\Windows\System32\nvwgf2um.dll (NVIDIA Corporation)
MOD - C:\Windows\System32\nvapi.dll (NVIDIA Corporation)
MOD - C:\Windows\System32\nvshext.dll (NVIDIA Corporation)
MOD - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
MOD - C:\Users\****\Documents\Installieren\winrar\rarext.dll ()
MOD - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
MOD - C:\Program Files\SAMSUNG\EasySpeedUpManager\Sabi3.dll (SAMSUNG ELECTRONICS)
MOD - C:\Program Files\Samsung\Easy Display Manager\SABI3.dll (SAMSUNG ELECTRONICS)
MOD - C:\Windows\System32\bcryptprimitives.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wucltux.dll (Microsoft Corporation)
MOD - C:\Windows\System32\WWanAPI.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wups2.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wwapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wscinterop.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wtsapi32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wsock32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wship6.dll (Microsoft Corporation)
MOD - C:\Windows\System32\WSHTCPIP.DLL (Microsoft Corporation)
MOD - C:\Windows\System32\winsta.dll (Microsoft Corporation)
MOD - C:\Windows\System32\WinSCard.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wlanapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wkscli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\winnsi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wlanutil.dll (Microsoft Corporation)
MOD - C:\Windows\System32\werconcpl.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wer.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wevtapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbemcomn.dll (Microsoft Corporation)
MOD - C:\Windows\System32\UIAnimation.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wbemsvc.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wbemprox.dll (Microsoft Corporation)
MOD - C:\Windows\System32\vdmdbg.dll (Microsoft Corporation)
MOD - C:\Windows\System32\uDWM.dll (Microsoft Corporation)
MOD - C:\Windows\System32\TSChannel.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SyncCenter.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sxs.dll (Microsoft Corporation)
MOD - C:\Windows\System32\srchadmin.dll (Microsoft Corporation)
MOD - C:\Windows\System32\synceng.dll (Microsoft Corporation)
MOD - C:\Windows\System32\Syncreg.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SndVolSSO.dll (Microsoft Corporation)
MOD - C:\Windows\System32\shfolder.dll (Microsoft Corporation)
MOD - C:\Windows\System32\Speech\Common\sapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SensApi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\pnidui.dll (Microsoft Corporation)
MOD - C:\Windows\System32\Query.dll (Microsoft Corporation)
MOD - C:\Windows\System32\PortableDeviceApi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\prnfldr.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rasapi32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\PhotoMetadataHandler.dll (Microsoft Corporation)
MOD - C:\Windows\System32\QAGENT.DLL (Microsoft Corporation)
MOD - C:\Windows\System32\PortableDeviceTypes.dll (Microsoft Corporation)
MOD - C:\Windows\System32\powrprof.dll (Microsoft Corporation)
MOD - C:\Windows\System32\oledlg.dll (Microsoft Corporation)
MOD - C:\Windows\System32\QUTIL.DLL (Microsoft Corporation)
MOD - C:\Windows\System32\PlaySndSrv.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rasman.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rasadhlp.dll (Microsoft Corporation)
MOD - C:\Windows\System32\npmproxy.dll (Microsoft Corporation)
MOD - C:\Windows\System32\ncrypt.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msutb.dll (Microsoft Corporation)
MOD - C:\Windows\System32\mssprxy.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msshooks.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msls31.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msftedit.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msimtf.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msdmo.dll (Microsoft Corporation)
MOD - C:\Windows\System32\MsCtfMonitor.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msacm32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\MMDevAPI.dll (Microsoft Corporation)
MOD - C:\Windows\System32\mlang.dll (Microsoft Corporation)
MOD - C:\Windows\System32\mfplat.dll (Microsoft Corporation)
MOD - C:\Windows\System32\ksuser.dll (Microsoft Corporation)
MOD - C:\Windows\System32\IPHLPAPI.DLL (Microsoft Corporation)
MOD - C:\Windows\System32\imapi2.dll (Microsoft Corporation)
MOD - C:\Windows\System32\IconCodecService.dll (Microsoft Corporation)
MOD - C:\Windows\System32\hgcpl.dll (Microsoft Corporation)
MOD - C:\Windows\System32\hcproviders.dll (Microsoft Corporation)
MOD - C:\Windows\System32\hid.dll (Microsoft Corporation)
MOD - C:\Windows\System32\gameux.dll (Microsoft Corporation)
MOD - C:\Windows\System32\FXSST.dll (Microsoft Corporation)
MOD - C:\Windows\System32\gpapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\FXSAPI.dll (Microsoft Corporation)
MOD - C:\Windows\System32\FWPUCLNT.DLL (Microsoft Corporation)
MOD - C:\Windows\System32\framedynos.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\fastprox.dll (Microsoft Corporation)
MOD - C:\Windows\System32\EhStorAPI.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmcore.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dui70.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dxgi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dsound.dll (Microsoft Corporation)
MOD - C:\Windows\System32\DXP.dll (Microsoft Corporation)
MOD - C:\Windows\System32\duser.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmredir.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dsrole.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devrtl.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dhcpcsvc6.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dimsjob.dll (Microsoft Corporation)
MOD - C:\Windows\System32\ddraw.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dciman32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cabinet.dll (Microsoft Corporation)
MOD - C:\Windows\System32\bcrypt.dll (Microsoft Corporation)
MOD - C:\Windows\System32\batmeter.dll (Microsoft Corporation)
MOD - C:\Windows\System32\avrt.dll (Microsoft Corporation)
MOD - C:\Windows\System32\authui.dll (Microsoft Corporation)
MOD - C:\Windows\System32\AudioSes.dll (Microsoft Corporation)
MOD - C:\Windows\System32\AltTab.dll (Microsoft Corporation)
MOD - C:\Windows\System32\ActionCenter.dll (Microsoft Corporation)
MOD - C:\Windows\System32\acppage.dll (Microsoft Corporation)
MOD - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
MOD - C:\Windows\System32\wscui.cpl (Microsoft Corporation)
MOD - C:\Windows\System32\timedate.cpl (Microsoft Corporation)
MOD - C:\Windows\System32\bthprops.cpl (Microsoft Corporation)
MOD - C:\Windows\System32\odbcint.dll (Microsoft Corporation)
MOD - C:\Windows\System32\FXSRESM.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) --  File not found
SRV - (Akamai) -- c:\program files\common files\akamai\netsession_win_2da1ebd.dll ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (MotoConnect Service) -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (WinTabService) -- C:\windows\System32\Drivers\WTSRV.EXE (Tablet Driver)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola)
DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (UCTblHid) -- C:\Windows\System32\drivers\UCTblHid.sys (Tablet Driver)
DRV - (TClass2k) -- C:\Windows\System32\drivers\TClass2k.sys (Tablet Driver)
DRV - (PTSimHid) -- C:\Windows\System32\drivers\PTSimHid.sys (PenTablet Driver)
DRV - (PTSimBus) -- C:\Windows\System32\drivers\PTSimBus.sys (PenTablet Driver)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {49f3fc85-dcfe-4e42-9301-226ebe658509}:0.6.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Users\****\Documents\Installieren\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/05/01 22:12:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/05/02 21:19:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 10:58:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/05 14:19:15 | 000,000,000 | ---D | M]
 
[2011/07/23 22:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2011/07/23 22:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2011/08/01 21:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions
[2011/07/31 19:15:37 | 000,000,000 | ---D | M] (kikin plugin (NO23 Edition)) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2011/05/19 10:57:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/08/01 21:51:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/02 19:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
File not found (No name found) -- 
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K1WX1KSH.DEFAULT\EXTENSIONS\{49F3FC85-DCFE-4E42-9301-226EBE658509}.XPI
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K1WX1KSH.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2011/06/27 10:58:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/06/13 18:02:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Users\****\Documents\Installieren\illu\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WTClient] C:\windows\System32\WTClient.exe (Tablet Driver)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Users\****\Documents\Installieren\illu\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil10n_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Users\****\DOCUME~1\INSTAL~1\Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Users\****\DOCUME~1\INSTAL~1\Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Users\****\DOCUME~1\INSTAL~1\Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/04/30 04:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/22 01:48:37 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{15596053-cdae-11de-b148-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{15596053-cdae-11de-b148-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/04/30 04:57:32 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{935970df-b609-11e0-b3db-00245422d769}\Shell - "" = AutoRun
O33 - MountPoints2\{935970df-b609-11e0-b3db-00245422d769}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: aux - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.YUY2 - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/08/14 17:53:26 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011/08/14 17:12:09 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{AE2A087C-53A0-4966-906D-5646E79156EE}
[2011/08/14 17:11:57 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{F449202C-E998-4100-B3CD-8CC44C35CB7A}
[2011/08/12 23:42:35 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{F13E4A2C-563A-4F0F-868A-129AA19285F3}
[2011/08/12 23:42:21 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{9787C4EA-0873-4183-9111-4505299B17AE}
[2011/08/12 20:30:19 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{4038D280-39CC-47B2-A022-AF8998E2392A}
[2011/08/12 20:30:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{E767410D-DBEA-4187-8C63-B7EC05CF7262}
[2011/08/11 22:13:13 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{FCF09858-459F-457B-9231-E57FF3C4C4C9}
[2011/08/11 22:12:59 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{BB2193FD-70FE-4EA0-94EC-E040B6F356D0}
[2011/08/11 09:39:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{CC25595D-9C8F-46FD-96C5-4A4098990E83}
[2011/08/11 09:38:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A108F6B2-BF18-437A-B2D4-235F4F287768}
[2011/08/10 23:21:53 | 000,000,000 | ---D | C] -- C:\Users\****\shirt
[2011/08/10 21:36:47 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{8E850F9A-D504-4C8F-86AB-A862A409968C}
[2011/08/10 21:36:35 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{E042D3AC-BEF1-4B3E-8B36-0C463C54B862}
[2011/08/10 09:41:58 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{DF8438DB-AFC0-4872-B8C1-BE861B687DCD}
[2011/08/09 22:51:10 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{D90F867A-0FD2-47E9-B266-C78A5CAA0316}
[2011/08/09 14:07:53 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{20B611D5-8A94-4102-82AE-1DDCE9BCBC6C}
[2011/08/09 11:37:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{0C6F7472-8906-42BF-8363-73184CDD1DF0}
[2011/08/09 10:34:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{1B157CCA-EF20-4E39-8F10-419AB34696EC}
[2011/08/09 10:34:19 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{540C0CB2-20EE-41F8-8339-2285998AACCA}
[2011/08/08 21:55:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{5965C612-8F74-4F9D-A4F0-1F99EAEE1D00}
[2011/08/08 21:55:33 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{BC3F6EB7-6D2A-4910-BA53-E2CDC04C240D}
[2011/08/08 09:51:53 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{D4785C02-8935-45C2-AE17-E1BD0B135A35}
[2011/08/08 09:51:40 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{CB77F841-DB51-45A7-9108-F7BBD583B082}
[2011/08/07 10:26:17 | 000,000,000 | ---D | C] -- C:\Users\****\d
[2011/08/07 10:15:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{2D23788A-D8C5-4AA3-A6A8-C8A3BE003699}
[2011/08/07 10:15:35 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{9A1568F3-0975-452C-B773-27F2BFE85190}
[2011/08/05 22:00:29 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A62A3A80-E506-4DD9-8511-8A56C2268354}
[2011/08/05 19:05:20 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{C8E99819-E9A0-44D0-9A5C-CACFB1869361}
[2011/08/05 16:28:45 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{0C23184E-F634-4CDD-AF9E-6BFC630070E4}
[2011/08/05 13:01:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B7B8E8F0-742A-491A-A386-D538A735E2F5}
[2011/08/04 22:34:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{F1DC22FD-F41B-445D-A255-6102E443C86E}
[2011/08/04 10:34:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{5C9E41FD-15A2-404B-A850-CC0147E38EFA}
[2011/08/03 22:33:43 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{BDFFA6FB-7DF2-4F49-946B-922D327E4C1F}
[2011/08/02 22:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/02 22:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/02 22:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/02 22:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/02 22:20:21 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{2945EBCD-7043-462A-B53F-BE70B63389C3}
[2011/08/02 10:05:57 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{2C321D23-4C37-4B0E-854E-FC066B5E1261}
[2011/08/01 21:50:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2011/08/01 21:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011/08/01 21:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[2011/08/01 21:36:26 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{60F6E17E-F355-4347-9B2C-00C5371A9BAE}
[2011/08/01 09:36:00 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B184544A-8C33-433F-98A8-BBC3DC0C2761}
[2011/07/31 22:11:55 | 000,000,000 | ---D | C] -- C:\Users\****\.thumbnails
[2011/07/31 22:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2011/07/31 20:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\RapidSolution
[2011/07/31 20:17:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials TV
[2011/07/31 20:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials 8
[2011/07/31 19:15:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No23 Recorder
[2011/07/31 19:15:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\No23 Recorder
[2011/07/31 19:15:37 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\kikin
[2011/07/31 19:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\kikin
[2011/07/31 19:08:14 | 000,000,000 | ---D | C] -- C:\Vimeo
[2011/07/31 18:28:40 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\CrashRpt
[2011/07/31 18:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution
[2011/07/31 18:20:14 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\RapidSolution
[2011/07/31 18:17:56 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Simfy
[2011/07/31 18:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
[2011/07/31 18:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/07/31 18:11:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{9F6D9588-F329-412E-AE66-E99E93285D09}
[2011/07/29 11:10:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{E5F16F7A-B823-401B-A84B-818BA1989ADE}
[2011/07/28 21:19:16 | 000,000,000 | ---D | C] -- C:\Users\****\MSYNC
[2011/07/28 21:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Phone Tunes
[2011/07/28 14:58:48 | 000,000,000 | ---D | C] -- C:\Users\****\Azubi aktion
[2011/07/28 14:11:42 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{53C0919D-8808-43EE-BE1E-47D14CC7E2C1}
[2011/07/27 12:31:48 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{04E9D222-FF2B-4EAF-88A2-B5806CD65182}
[2011/07/26 18:50:53 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{3FCF0823-BDFF-4100-9B9D-B22A96800E8F}
[2011/07/25 22:04:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{323953D5-9FCE-4794-B930-2A152EF69977}
[2011/07/25 09:20:18 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{09710D1E-7D61-48C7-88C5-7AB720129DC3}
[2011/07/25 09:20:08 | 000,000,000 | ---D | C] -- C:\Users\****\Neuer Ordner
[2011/07/24 18:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/07/24 18:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2011/07/24 18:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2011/07/24 18:42:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Driver Installer
[2011/07/24 17:29:54 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{6B56CA43-9DC7-4175-BD7E-60F35758C63F}
[2011/07/23 22:13:41 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Songbird2
[2011/07/23 22:13:41 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Songbird2
[2011/07/23 22:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songbird
[2011/07/23 10:04:41 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{FBB0AB2C-C564-4EC5-AA5F-2B999E9C3CC2}
[2011/07/22 22:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/07/22 22:45:01 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Electronic Arts
[2011/07/22 22:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2011/07/22 22:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2011/07/22 22:04:14 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{7BC1D83F-C48D-4CD8-8568-1A3A8E48464E}
[2011/07/20 11:04:29 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{EA4959D1-C66B-4CFF-A08B-2C3672F3EC00}
[2011/07/19 09:16:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{F148815D-219C-4C8B-A528-DB794649F3FE}
[2011/07/17 18:19:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{34F8623D-7970-4D7E-B156-293F6A28A331}
[2011/07/16 15:40:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{DABCAB41-794A-45DF-8546-2D7FDDCC035D}
[2011/06/13 00:04:55 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\****\AppData\Roaming\pcouffin.sys
[2010/05/24 22:27:05 | 000,018,944 | ---- | C] ( ) -- C:\windows\System32\implode.dll
[2007/08/13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\****\AppData\Local\CDRip.dll
[2007/01/18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\****\AppData\Local\No23 Recorder.exe
[2006/12/11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\****\AppData\Local\basscd.dll
[2006/12/11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\****\AppData\Local\bass.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/08/14 17:53:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011/08/14 17:37:52 | 000,054,016 | ---- | M] () -- C:\windows\System32\drivers\eninfjk.sys
[2011/08/14 17:37:52 | 000,000,130 | ---- | M] () -- C:\windows\tasks\fdethc
[2011/08/14 17:18:18 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/14 17:18:18 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/14 17:09:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/08/14 17:09:44 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/11 22:38:29 | 000,000,132 | ---- | M] () -- C:\Users\****\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/10 09:54:30 | 005,057,864 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/08/10 09:54:30 | 001,972,424 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/08/10 09:54:30 | 001,543,796 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/08/10 09:54:30 | 001,377,170 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/08/03 09:30:44 | 007,734,312 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/08/02 22:48:42 | 000,002,521 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/08/02 22:45:17 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/31 22:11:48 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Blender.lnk
[2011/07/31 20:17:42 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\audials TV.lnk
[2011/07/31 20:17:16 | 000,001,296 | ---- | M] () -- C:\Users\Public\Desktop\Audials 8.lnk
[2011/07/31 19:25:26 | 000,001,470 | ---- | M] () -- C:\Users\****\AppData\Local\RecConfig.xml
[2011/07/31 19:15:52 | 000,001,004 | ---- | M] () -- C:\Users\****\Desktop\No23 Recorder.lnk
[2011/07/31 18:17:51 | 000,001,258 | ---- | M] () -- C:\Users\Public\Desktop\simfy.lnk
[2011/07/28 21:19:00 | 000,001,345 | ---- | M] () -- C:\Users\Public\Desktop\Easy Phone Tunes.lnk
[2011/07/24 18:44:59 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2011/07/24 18:44:59 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_motfilt_01007.Wdf
[2011/07/24 18:44:48 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/07/24 18:43:55 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/07/24 18:43:55 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/07/24 18:43:36 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/07/23 22:13:24 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Songbird.lnk
[2011/07/22 22:43:59 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2011/07/22 22:42:43 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/08/14 17:37:52 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\eninfjk.sys
[2011/08/14 17:37:52 | 000,000,130 | ---- | C] () -- C:\windows\tasks\fdethc
[2011/08/02 22:45:17 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/31 22:11:48 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\Blender.lnk
[2011/07/31 20:17:42 | 000,002,111 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\audials TV.lnk
[2011/07/31 20:17:42 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\audials TV.lnk
[2011/07/31 20:17:16 | 000,001,296 | ---- | C] () -- C:\Users\Public\Desktop\Audials 8.lnk
[2011/07/31 19:25:26 | 000,001,470 | ---- | C] () -- C:\Users\****\AppData\Local\RecConfig.xml
[2011/07/31 19:15:52 | 000,001,004 | ---- | C] () -- C:\Users\****\Desktop\No23 Recorder.lnk
[2011/07/31 18:17:51 | 000,001,258 | ---- | C] () -- C:\Users\Public\Desktop\simfy.lnk
[2011/07/28 21:19:00 | 000,001,375 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Phone Tunes.lnk
[2011/07/28 21:19:00 | 000,001,345 | ---- | C] () -- C:\Users\Public\Desktop\Easy Phone Tunes.lnk
[2011/07/24 18:44:59 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2011/07/24 18:44:59 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_motfilt_01007.Wdf
[2011/07/24 18:44:48 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/07/24 18:43:55 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/07/24 18:43:55 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/07/24 18:43:36 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/07/23 22:13:24 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Songbird.lnk
[2011/07/22 22:43:59 | 000,001,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Download Manager.lnk
[2011/07/22 22:43:59 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2011/07/22 22:42:43 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3.lnk
[2011/06/14 16:42:06 | 000,000,059 | ---- | C] () -- C:\windows\wininit.ini
[2011/06/13 00:04:55 | 000,087,608 | ---- | C] () -- C:\Users\****\AppData\Roaming\inst.exe
[2011/06/13 00:04:55 | 000,007,887 | ---- | C] () -- C:\Users\****\AppData\Roaming\pcouffin.cat
[2011/06/13 00:04:55 | 000,001,144 | ---- | C] () -- C:\Users\****\AppData\Roaming\pcouffin.inf
[2011/06/04 23:28:34 | 000,001,057 | ---- | C] () -- C:\Users\****\AppData\Roaming\vso_ts_preview.xml
[2011/05/19 10:22:46 | 000,000,144 | ---- | C] () -- C:\ProgramData\~28040952r
[2011/05/19 10:22:46 | 000,000,120 | ---- | C] () -- C:\ProgramData\~28040952
[2011/05/19 10:22:24 | 000,000,336 | ---- | C] () -- C:\ProgramData\28040952
[2011/03/13 20:38:08 | 000,000,000 | ---- | C] () -- C:\ProgramData\Sampler
[2010/08/31 17:25:06 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/09 19:59:10 | 000,001,456 | ---- | C] () -- C:\Users\****\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2010/06/13 17:54:50 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2010/06/13 17:54:50 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2010/06/13 17:54:50 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2010/06/13 17:54:50 | 000,077,312 | ---- | C] () -- C:\windows\MBR.exe
[2010/06/13 17:54:50 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2010/06/06 22:31:24 | 000,000,132 | ---- | C] () -- C:\Users\****\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/05/30 12:58:15 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/05/30 12:58:15 | 000,000,008 | RHS- | C] () -- C:\ProgramData\C96FFE052E.sys
[2010/05/25 13:53:35 | 000,000,145 | --S- | C] () -- C:\Users\****\AppData\Local\1714199777.dat
[2010/05/25 13:53:34 | 000,000,004 | ---- | C] () -- C:\Users\****\AppData\Roaming\ovczpx.dat
[2010/05/24 22:27:05 | 000,748,160 | ---- | C] () -- C:\windows\System32\CO2C40EN.DLL
[2010/05/24 22:27:05 | 000,153,761 | ---- | C] () -- C:\windows\System32\u2frtf.dll
[2010/05/24 22:27:05 | 000,124,256 | ---- | C] () -- C:\windows\System32\u2dmapi.dll
[2010/05/24 22:27:05 | 000,109,568 | ---- | C] () -- C:\windows\System32\u2fhtml.dll
[2010/05/24 22:27:05 | 000,097,489 | ---- | C] () -- C:\windows\System32\u2fcr.dll
[2010/05/24 22:27:05 | 000,069,632 | ---- | C] () -- C:\windows\System32\u2fxls.dll
[2010/05/24 22:27:05 | 000,069,632 | ---- | C] () -- C:\windows\System32\u2fwordw.dll
[2010/05/24 22:27:05 | 000,053,248 | ---- | C] () -- C:\windows\System32\u2fwks.dll
[2010/05/24 22:27:05 | 000,053,248 | ---- | C] () -- C:\windows\System32\u2ftext.dll
[2010/05/24 22:27:05 | 000,053,248 | ---- | C] () -- C:\windows\System32\u2fsepv.dll
[2010/05/24 22:27:05 | 000,049,152 | ---- | C] () -- C:\windows\System32\u2frec.dll
[2010/05/24 22:27:05 | 000,049,152 | ---- | C] () -- C:\windows\System32\u2fdif.dll
[2010/05/24 22:27:05 | 000,045,056 | ---- | C] () -- C:\windows\System32\u2ddisk.dll
[2010/01/05 18:57:57 | 000,000,000 | ---- | C] () -- C:\Users\****\AppData\Roaming\Services
[2010/01/05 18:57:57 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/12/26 22:36:22 | 000,000,248 | ---- | C] () -- C:\windows\Tablet8000x6000M.ini
[2009/12/26 22:23:07 | 000,056,320 | ---- | C] () -- C:\windows\System32\UCMfg.exe
[2009/12/26 22:23:07 | 000,010,240 | ---- | C] () -- C:\windows\System32\ucinst32.dll
[2009/12/26 22:23:05 | 000,335,872 | ---- | C] () -- C:\windows\SetupX32.EXE
[2009/12/26 22:23:04 | 000,024,576 | ---- | C] () -- C:\windows\System32\lhtool.exe
[2009/12/08 21:20:11 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2009/12/07 21:08:01 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2009/09/23 00:05:23 | 005,057,864 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/09/23 00:05:23 | 001,543,796 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/09/23 00:05:23 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/09/23 00:05:23 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/09/22 07:45:54 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2009/09/22 07:21:26 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 007,734,312 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 001,972,424 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 001,377,170 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2007/08/13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\****\AppData\Local\lame_enc.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2006/10/26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\****\AppData\Local\vorbisenc.dll
[2006/10/26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\****\AppData\Local\vorbisfile.dll
[2006/10/26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\****\AppData\Local\vorbis.dll
[2006/10/26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\****\AppData\Local\ogg.dll
[2005/08/23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\****\AppData\Local\no23xwrapper.dll
[2002/09/18 01:45:00 | 000,119,808 | ---- | C] () -- C:\windows\lsb_un20.exe
[1999/07/07 02:00:00 | 000,000,006 | RHS- | C] () -- C:\ProgramData\D81EDBF9-D167-4011-B77D-211DF920EB80
 
========== LOP Check ==========
 
[2011/05/09 18:33:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\.minecraft
[2010/10/17 23:59:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/13 19:43:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009/12/10 19:12:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2011/06/04 22:46:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft
[2011/04/01 15:19:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/05/29 22:28:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ezaloz
[2011/04/20 11:28:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2010/04/21 20:47:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GameConsole
[2011/06/07 20:29:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GetRightToGo
[2010/02/02 16:23:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Go Go Gourmet
[2011/06/07 20:21:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HandBrake
[2011/05/19 10:57:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\hdbADS
[2010/09/07 20:12:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Iggels
[2011/06/14 16:39:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\inkscape
[2010/05/22 23:06:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\KaLoMa
[2011/07/31 19:15:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\kikin
[2011/05/19 10:57:08 | 000,000,000 | -HSD | M] -- C:\Users\****\AppData\Roaming\lowsec
[2010/09/15 17:44:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MAXON
[2011/05/19 10:57:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mp3tag
[2010/01/10 16:05:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nikon
[2010/05/29 22:05:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ogcit
[2011/05/19 10:56:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org
[2011/05/19 10:57:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PhotoScape
[2011/07/31 18:17:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Simfy
[2011/07/23 22:13:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Songbird2
[2010/02/20 12:44:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SYSTEMAX Software Development
[2011/06/13 00:04:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Vso
[2011/08/14 17:37:52 | 000,000,130 | ---- | M] () -- C:\windows\Tasks\fdethc
[2011/06/10 14:15:47 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2009/06/10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/06/13 15:40:40 | 000,001,188 | ---- | M] () -- C:\avenger.txt
[2010/06/13 18:56:20 | 000,016,180 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/08/14 17:09:44 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/13 20:34:25 | 000,001,598 | ---- | M] () -- C:\InstallHelper.log
[2009/09/23 19:57:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/09/23 19:57:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/08/14 17:09:50 | 3184,119,808 | -HS- | M] () -- C:\pagefile.sys
[2009/09/22 07:21:03 | 000,002,003 | ---- | M] () -- C:\RHDSetup.log
[2011/05/19 11:03:40 | 000,000,426 | ---- | M] () -- C:\rkill.log
[2009/09/22 07:26:31 | 000,000,191 | ---- | M] () -- C:\Setup.log
[2011/05/19 12:08:22 | 000,065,228 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_19.05.2011_12.07.52_log.txt
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2009/07/14 06:52:25 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:52:25 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:52:25 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:52:25 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 23:31:19 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\winprint.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
[2010/04/15 21:34:03 | 000,001,686 | -HS- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\LastFlashConfig.wfc
 
< %PROGRAMFILES%\*.* >
[2009/07/14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\user32.dll /md5 >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\windows\system32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\windows\system32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\windows\system32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-14 15:20:16
 
<        >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE

< End of report >

--- --- ---

Danke für die Hilfe.

Swisstreasure · 14.08.2011, 23:11

Hast Du denn noch Probleme?

Prekxx · 15.08.2011, 12:37

nein, jetzt ist eigentlich alles ok

Swisstreasure · 15.08.2011, 20:14

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

14.08.2011, 23:11	#6
Swisstreasure /// Malwareteam	Bundespolizeiamt weg nach Systemwiederherstellung? Hast Du denn noch Probleme?

Bundespolizeiamt weg nach Systemwiederherstellung?

Plagegeister aller Art und deren Bekämpfung: Bundespolizeiamt weg nach Systemwiederherstellung?