Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
systeam gespeert :(

systeam gespeert :(


Plagegeister aller Art und deren Bekämpfung: systeam gespeert :(

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 07.02.2012, 19:37   #1
Jule1983
 
systeam gespeert :( - Standard

systeam gespeert :(


habe mich ein wenig eingelesen hoffe habe alles richtig gemacht .. otl is durch
hier otl text ..

OTL logfile created on: 07.02.2012 19:06:36 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jule\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 83,68% Memory free
6,19 Gb Paging File | 5,90 Gb Available in Paging File | 95,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 31,92 Gb Free Space | 22,16% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 140,38 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Drive E: | 5,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: OMA-TRAUTCHEN | User Name: jule | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.02.07 18:50:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jule\Desktop\OTL.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007.08.03 21:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007.07.18 14:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007.07.13 06:14:56 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe


========== Modules (No Company Name) ==========

MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.02.07 17:08:10 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.10.11 15:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 15:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.10.11 15:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.08.03 19:29:31 | 000,330,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2009.09.28 18:36:56 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2009.02.04 20:42:37 | 003,602,432 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2008.07.20 10:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.05.14 16:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008.01.22 09:35:52 | 000,103,808 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008.01.09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007.12.06 15:15:28 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.12.05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007.11.26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007.11.07 09:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007.08.15 11:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007.07.24 11:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007.07.18 14:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)


========== Driver Services (SafeList) ==========

DRV - [2012.02.07 17:08:11 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 15:06:12 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:06:12 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.04 20:42:32 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008.07.24 10:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.07.18 17:23:00 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.07.18 16:05:10 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.06.25 06:05:06 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.05.19 17:23:00 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008.05.05 02:05:00 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.01.16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007.12.02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007.11.22 06:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007.11.22 06:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007.11.22 06:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007.11.22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007.07.13 08:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007.03.28 06:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007.01.26 07:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_6930g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_6930g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.bearshare.com/de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/home"
FF - prefs.js..extensions.enabledItems: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}:2.0.0.54356
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=KW_def&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~1\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011.11.12 15:27:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.06 23:24:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.01 23:02:46 | 000,000,000 | ---D | M]

[2009.02.13 22:11:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jule\AppData\Roaming\mozilla\Extensions
[2012.02.06 23:24:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jule\AppData\Roaming\mozilla\Firefox\Profiles\t75354um.default\extensions
[2010.09.14 09:49:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\jule\AppData\Roaming\mozilla\Firefox\Profiles\t75354um.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.27 20:34:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\jule\AppData\Roaming\mozilla\Firefox\Profiles\t75354um.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(126)
[2012.02.06 23:15:04 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\jule\AppData\Roaming\mozilla\Firefox\Profiles\t75354um.default\extensions\ffxtlbr@babylon.com
[2009.03.09 21:03:21 | 000,000,681 | ---- | M] () -- C:\Users\jule\AppData\Roaming\Mozilla\Firefox\Profiles\t75354um.default\searchplugins\ask.xml
[2012.02.06 17:13:28 | 000,000,950 | ---- | M] () -- C:\Users\jule\AppData\Roaming\Mozilla\Firefox\Profiles\t75354um.default\searchplugins\icqplugin-2.xml
[2009.04.20 20:59:11 | 000,000,944 | ---- | M] () -- C:\Users\jule\AppData\Roaming\Mozilla\Firefox\Profiles\t75354um.default\searchplugins\icqplugin.xml
[2012.02.06 23:24:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.03.31 18:31:52 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.02.20 09:50:35 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}
[2012.01.29 17:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.03.02 14:17:24 | 000,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPAPIX.dll
[2007.01.17 12:18:04 | 000,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPFluxBrowserHelper.dll
[2009.08.10 14:47:44 | 001,447,344 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll
[2007.09.07 15:25:50 | 000,103,064 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPMPDRM.dll
[2010.05.19 15:38:12 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2007.09.07 14:46:48 | 000,098,968 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPWMDRMWrapper.dll
[2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.06 23:14:55 | 000,002,275 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========


O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E3876EA-23BB-4431-B3DB-CC0ACCFF7BF4}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\jule\Desktop\nicht verwendet\Unbenannt.jpg
O24 - Desktop BackupWallPaper: C:\Users\jule\Desktop\nicht verwendet\Unbenannt.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7fea1650-0f96-11de-8294-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{7fea1650-0f96-11de-8294-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7fea1652-0f96-11de-8294-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{7fea1652-0f96-11de-8294-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8900b93a-0b4f-11df-b367-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{8900b93a-0b4f-11df-b367-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8900b955-0b4f-11df-b367-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{8900b955-0b4f-11df-b367-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8900ba42-0b4f-11df-b367-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{8900ba42-0b4f-11df-b367-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8900ba43-0b4f-11df-b367-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{8900ba43-0b4f-11df-b367-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8900ba45-0b4f-11df-b367-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{8900ba45-0b4f-11df-b367-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{976cac5a-0e8c-11df-82a0-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{976cac5a-0e8c-11df-82a0-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{976cac5c-0e8c-11df-82a0-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{976cac5c-0e8c-11df-82a0-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b9ab9660-0db1-11de-bd15-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{b9ab9660-0db1-11de-bd15-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b9ab967f-0db1-11de-bd15-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{b9ab967f-0db1-11de-bd15-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f522caeb-0d9e-11df-b346-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{f522caeb-0d9e-11df-b346-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f522d1a3-0d9e-11df-b346-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{f522d1a3-0d9e-11df-b346-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f522d1a5-0d9e-11df-b346-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{f522d1a5-0d9e-11df-b346-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9A4F74BF-BD32-7D89-5210-3B1ECFB0DE68} - Java (Sun)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC9B35CC-64E9-F213-A37C-3F50CE11B922} -
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E1C6E5DE-177C-4D1F-8628-3BCEBEE5D5EB} -
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA18C3BF-0675-5C4D-A6E2-FC93845E39FC} - Microsoft Windows Media Player 11.0
ActiveX: {F3967166-BE4F-E221-A53B-5D56CC598C58} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^jule^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk - - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: mcagent_exe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012.02.07 18:50:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\jule\Desktop\OTL.exe
[2012.02.06 23:36:25 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\Avira
[2012.02.06 23:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.02.06 23:34:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.02.06 23:34:49 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.06 23:34:49 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.02.06 23:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.02.06 23:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.02.06 23:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2012.02.06 23:05:57 | 000,000,000 | ---D | C] -- C:\Users\jule\Application Data
[2012.02.06 22:15:52 | 000,000,000 | ---D | C] -- C:\Users\jule\Option
[2012.02.01 20:08:59 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\Casual Arts
[2012.02.01 20:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Casual Arts
[2012.02.01 18:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PuzzlesByJoe
[2012.02.01 17:34:01 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\VendelGAMES
[2012.01.31 22:03:50 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\FamilyVacationCalifornia
[2012.01.31 21:02:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Grey Alien Games
[2012.01.31 19:40:40 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\GameMill Entertainment
[2012.01.31 19:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Clutter
[2012.01.31 19:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Family Vacation California
[2012.01.31 19:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Dream Inn - Driftwood
[2012.01.31 19:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\Holiday Bonus
[2012.01.31 19:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\Hidden Mysteries - Die Verbotene Stadt
[2012.01.31 19:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\Vacation Quest - The Hawaiian Islands
[2012.01.31 19:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\Weihnachtswunderland
[2012.01.31 18:02:01 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\casualArts
[2012.01.31 18:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\casualArts
[2012.01.30 21:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\Weihnachtswunderland 2
[2012.01.30 21:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\Hodgepodge Hollow
[2012.01.30 20:21:06 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\MediaArt
[2012.01.30 20:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaArt
[2012.01.30 18:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Love Story - Das Strandhaus
[2012.01.30 18:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\PuppetShow - Die verlorene Stadt
[2012.01.30 18:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\Hidden Mysteries - Salem Secrets
[2012.01.30 18:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mystery Valley
[2012.01.30 18:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\Love Chronicles 2 - Das Schwert und die Rose
[2012.01.30 18:21:34 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\TikisLab
[2012.01.30 18:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\Spirit Seasons - Kleine Geistergeschichte
[2012.01.30 11:28:47 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\Vast Studios
[2012.01.29 21:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Elephant Games
[2012.01.29 16:58:39 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\Artogon
[2012.01.29 16:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Die Schatzsucher 4 - Das Ende ist Nahe
[2012.01.29 16:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\Lost Chronicles - Salem
[2012.01.29 16:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\Shadow Wolf Mysteries - Der Fluch des Vollmonds
[2012.01.29 11:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Haunted Legends - Die Pik-Dame
[2012.01.29 11:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Stray Souls - Das Haus der Puppen
[2012.01.29 11:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mystery Trackers - The Void
[2012.01.29 11:05:24 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\Elephant Games
[2012.01.28 18:47:30 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Local\Ilivid Player
[2012.01.28 18:46:38 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Local\PackageAware
[2012.01.27 23:30:25 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\Boomzap
[2012.01.27 22:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Death at Fairing Point - Ein Dana Knightstone Roman
[2012.01.27 22:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\Samantha Swift and the Fountains of Fate
[2012.01.27 21:58:18 | 000,000,000 | ---D | C] -- C:\Program Files\Urban Legends - The Maze
[2012.01.27 21:50:48 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\ERS Game Studios
[2012.01.21 18:54:39 | 000,000,000 | ---D | C] -- C:\Program Files\Cooking Quest
[2012.01.21 18:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Samantha Swift and the Hidden Roses of Athena
[2012.01.21 18:48:29 | 000,000,000 | ---D | C] -- C:\Program Files\Haunted Halls - Das Grauen von Green Hills
[2012.01.21 18:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\MyPlayCity.com
[2012.01.12 17:16:21 | 000,000,000 | ---D | C] -- C:\Users\jule\Desktop\musik.to
[2008.07.22 09:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2012.02.07 18:50:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jule\Desktop\OTL.exe
[2012.02.07 18:30:07 | 004,270,980 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.07 18:30:07 | 001,723,910 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.07 18:30:07 | 001,321,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.07 18:30:07 | 001,187,056 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.07 18:26:37 | 000,044,931 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2012.02.07 18:25:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.07 17:41:16 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.02.07 17:40:24 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.02.07 17:37:41 | 000,189,384 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.02.07 17:37:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.07 17:37:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.07 17:26:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.07 17:10:10 | 000,002,299 | ---- | M] () -- C:\Users\jule\AppData\Roaming\acervcmtmp.ini
[2012.02.07 17:08:11 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.07 16:53:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.06 23:35:14 | 000,001,811 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.06 23:24:45 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.06 23:15:07 | 000,000,226 | ---- | M] () -- C:\user.js
[2012.02.06 20:02:48 | 000,001,356 | ---- | M] () -- C:\Users\jule\AppData\Local\d3d9caps.dat
[2012.02.01 21:09:01 | 000,189,384 | ---- | M] () -- C:\ProgramData\nvModes.dat

========== Files Created - No Company Name ==========

[2012.02.06 23:35:14 | 000,001,811 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.06 23:15:06 | 000,000,226 | ---- | C] () -- C:\user.js
[2011.04.01 19:37:34 | 000,001,356 | ---- | C] () -- C:\Users\jule\AppData\Local\d3d9caps.dat
[2009.09.28 09:31:01 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009.09.27 14:22:12 | 000,015,307 | ---- | C] () -- C:\Windows\wininit.ini
[2009.08.30 16:29:42 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe
[2009.08.30 16:29:42 | 000,000,849 | ---- | C] () -- C:\Windows\unins000.dat
[2009.04.09 14:29:15 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009.02.17 23:17:00 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.02.17 23:17:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.02.17 09:20:19 | 000,189,384 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.02.17 09:20:16 | 000,189,384 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.02.17 09:19:26 | 000,002,299 | ---- | C] () -- C:\Users\jule\AppData\Roaming\acervcmtmp.ini
[2009.02.13 22:11:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.02.05 08:13:40 | 000,171,520 | ---- | C] () -- C:\Users\jule\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.04 20:42:59 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2009.02.04 20:20:40 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009.02.04 20:20:40 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009.02.04 20:20:40 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.07.30 11:19:21 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.07.30 03:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.07.30 03:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.07.30 02:47:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.07.30 02:42:04 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.07.30 02:25:14 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.07.30 02:25:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.07.30 02:25:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.07.30 02:25:14 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.01.21 08:15:58 | 004,270,980 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 001,321,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.01.26 07:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,298,216 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 001,723,910 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 001,187,056 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011.11.25 22:27:30 | 000,000,000 | -HSD | M] -- C:\Users\jule\AppData\Roaming\.#
[2009.10.29 19:07:44 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Abra Academy2
[2009.02.04 20:56:58 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Acer
[2008.07.30 03:10:28 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Acer GameZone Console
[2011.10.25 21:45:01 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\AlderGames
[2011.09.17 19:01:07 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Anarchy
[2011.09.23 19:38:10 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Artifex Mundi
[2012.01.29 16:58:39 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Artogon
[2010.08.18 21:38:33 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Big Fish Games
[2011.09.16 16:24:47 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\BlamGames
[2011.09.18 15:49:41 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\blg
[2010.08.18 15:49:20 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Bluefishv1002de
[2011.09.23 20:04:56 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Boolat Games
[2012.01.27 23:30:25 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Boomzap
[2011.05.19 09:29:48 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Canon
[2012.02.01 20:08:59 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Casual Arts
[2012.01.31 18:02:01 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\casualArts
[2011.09.15 20:41:02 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\cerasus.media
[2010.07.16 20:54:30 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\DeepBurner
[2011.09.27 20:07:50 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Dekovir
[2012.01.29 21:26:08 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Elephant Games
[2012.01.30 19:39:45 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\ERS Game Studios
[2010.08.31 21:00:40 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\EscapeTheMuseum2
[2012.01.31 22:03:50 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\FamilyVacationCalifornia
[2011.09.09 20:30:58 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\FBI
[2011.11.27 18:53:22 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Firstload
[2009.08.30 16:29:43 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Flatcast
[2010.08.18 12:27:33 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Flood Light Games
[2009.02.17 22:09:21 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\FloodLightGames
[2012.01.29 19:40:58 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Friday's games
[2009.04.06 22:18:55 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Gaijin Ent
[2010.05.06 20:42:16 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\GameHousev1001
[2012.01.31 19:40:40 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\GameMill Entertainment
[2009.10.01 09:22:13 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Gamers Digital
[2011.09.21 20:56:46 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\GamesCafe
[2011.09.19 19:24:18 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Go Go Gourmet
[2011.09.26 22:18:19 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2010.08.18 21:12:08 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Green Clover Games
[2011.02.27 22:45:30 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\HiT-MM
[2009.03.31 18:52:30 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\ICQ
[2011.11.21 22:55:03 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\iWin
[2011.09.15 23:26:23 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Jane s Hotel 3
[2011.09.27 20:07:46 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Magic Academy
[2011.09.19 19:09:01 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Mean Hamster
[2012.01.30 20:21:06 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\MediaArt
[2010.10.08 09:08:55 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Mysteryville2
[2011.09.27 20:54:01 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Nevosoft-Breeze
[2010.05.19 22:28:58 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\OpenCandy
[2011.09.16 16:31:40 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Ph03nixNewMedia
[2011.09.27 20:59:33 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\PlayFirst
[2011.09.23 19:50:06 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\RTS
[2011.03.01 13:41:19 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Sahmon Games
[2011.09.28 20:15:50 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\SerpentOfIsis
[2011.09.20 21:43:09 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Shape games
[2009.09.28 09:31:14 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Skunk Studios
[2011.09.21 22:30:16 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Spark Plug Games
[2012.02.01 18:51:23 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\SpinTop Games
[2011.09.15 23:41:55 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Stand O'Food 3
[2012.01.30 18:21:34 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\TikisLab
[2009.10.27 12:43:33 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\TitanicMystery
[2011.09.20 20:21:36 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\V-Games
[2011.09.23 19:42:52 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Vasilek Games
[2012.01.30 11:28:47 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Vast Studios
[2012.02.01 17:34:01 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\VendelGAMES
[2011.12.04 09:26:09 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Verbindungsassistent
[2011.09.20 22:14:57 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\ViquaSoft
[2011.09.23 19:59:43 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\World-Loom
[2011.09.27 20:50:56 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\YoudaGames
[2011.09.27 20:14:31 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Zylom 3 Days Zoo Mystery
[2009.10.14 23:59:59 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011.01.01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2012.02.07 17:36:22 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2010.02.11 19:34:20 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.02.04 21:04:42 | 000,000,000 | ---D | M] -- C:\ACER
[2012.02.01 12:37:06 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache
[2008.07.30 03:41:04 | 000,000,000 | ---D | M] -- C:\book
[2009.09.29 09:31:49 | 000,000,000 | ---D | M] -- C:\Boonty
[2008.07.30 11:23:10 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.02.04 20:41:22 | 000,000,000 | ---D | M] -- C:\CLSetup
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.02.04 20:08:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.09.28 08:11:41 | 000,000,000 | ---D | M] -- C:\Downloads
[2011.11.01 22:43:31 | 000,000,000 | ---D | M] -- C:\GameHouse Games
[2008.07.30 02:15:59 | 000,000,000 | ---D | M] -- C:\Intel
[2008.07.30 03:16:19 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.02.06 23:34:45 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.02.06 23:34:45 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.02.04 20:08:17 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.02.07 17:09:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.02.04 20:10:36 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.07 18:25:30 | 000,000,000 | ---D | M] -- C:\Windows
[2012.01.27 21:45:53 | 000,000,000 | ---D | M] -- C:\Zylom Games

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sy s
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\Cyberlink\PowerDirector\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTOR.SYS >
[2008.07.20 10:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\ACER\Preload\Autorun\DRV\Intel Robson RBSMDL2G\Winall\Driver\IaStor.sys
[2008.07.20 10:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\drivers\iaStor.sys
[2008.07.20 10:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7b6e77f6\iaStor.sys
[2008.04.20 17:29:38 | 000,317,464 | ---- | M] (Intel Corporation) MD5=9F1220113A3A7F4F08042C699324D073 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_18bd4575\iaStor.sys
[2008.07.20 10:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\ACER\Preload\Autorun\DRV\Intel Robson RBSMDL2G\Winall\Driver64\IaStor.sys
[2008.07.20 10:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USER32.DLL >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\System32\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

< MD5 for: USERINIT.EXE >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >

< %USERPROFILE%\*.* >
[2012.02.07 18:55:20 | 003,407,872 | -HS- | M] () -- C:\Users\jule\ntuser.dat
[2012.02.07 18:55:20 | 000,262,144 | -H-- | M] () -- C:\Users\jule\ntuser.dat.LOG1
[2010.04.05 20:54:13 | 000,262,144 | -H-- | M] () -- C:\Users\jule\ntuser.dat.LOG2
[2012.02.07 17:36:29 | 000,065,536 | -HS- | M] () -- C:\Users\jule\ntuser.dat{2b50b8c6-4e1c-11e0-af24-001e68f16722}.TM.blf
[2012.02.07 17:36:29 | 000,524,288 | -HS- | M] () -- C:\Users\jule\ntuser.dat{2b50b8c6-4e1c-11e0-af24-001e68f16722}.TMContainer00000000000000000001.regtrans-ms
[2011.03.15 08:47:34 | 000,524,288 | -HS- | M] () -- C:\Users\jule\ntuser.dat{2b50b8c6-4e1c-11e0-af24-001e68f16722}.TMContainer00000000000000000002.regtrans-ms
[2011.03.06 17:19:07 | 000,065,536 | -HS- | M] () -- C:\Users\jule\ntuser.dat{2f79c805-fba2-11df-b786-001e68f16722}.TM.blf
[2011.03.06 17:19:07 | 000,524,288 | -HS- | M] () -- C:\Users\jule\ntuser.dat{2f79c805-fba2-11df-b786-001e68f16722}.TMContainer00000000000000000001.regtrans-ms
[2010.11.29 11:20:32 | 000,524,288 | -HS- | M] () -- C:\Users\jule\ntuser.dat{2f79c805-fba2-11df-b786-001e68f16722}.TMContainer00000000000000000002.regtrans-ms
[2010.04.05 20:54:13 | 001,048,576 | -HS- | M] () -- C:\Users\jule\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms
[2010.04.05 20:54:13 | 001,048,576 | -HS- | M] () -- C:\Users\jule\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms
[2010.04.05 20:54:13 | 001,048,576 | -HS- | M] () -- C:\Users\jule\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms
[2010.04.05 20:54:13 | 000,065,536 | -HS- | M] () -- C:\Users\jule\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf
[2010.05.07 16:24:22 | 000,065,536 | -HS- | M] () -- C:\Users\jule\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.05.07 16:24:22 | 000,524,288 | -HS- | M] () -- C:\Users\jule\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.02.04 20:20:44 | 000,524,288 | -HS- | M] () -- C:\Users\jule\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.11.13 18:33:00 | 000,065,536 | -HS- | M] () -- C:\Users\jule\ntuser.dat{4dbf40da-bca7-11df-a0f6-001e68f16722}.TM.blf
[2010.11.13 18:33:00 | 000,524,288 | -HS- | M] () -- C:\Users\jule\ntuser.dat{4dbf40da-bca7-11df-a0f6-001e68f16722}.TMContainer00000000000000000001.regtrans-ms
[2010.09.10 07:48:36 | 000,524,288 | -HS- | M] () -- C:\Users\jule\ntuser.dat{4dbf40da-bca7-11df-a0f6-001e68f16722}.TMContainer00000000000000000002.regtrans-ms
[2010.09.05 13:44:08 | 000,065,536 | -HS- | M] () -- C:\Users\jule\NTUSER.DAT{d1957af3-827f-11df-89e5-001e68f16722}.TM.blf
[2010.09.05 13:44:08 | 000,524,288 | -HS- | M] () -- C:\Users\jule\NTUSER.DAT{d1957af3-827f-11df-89e5-001e68f16722}.TMContainer00000000000000000001.regtrans-ms
[2010.07.01 18:33:48 | 000,524,288 | -HS- | M] () -- C:\Users\jule\NTUSER.DAT{d1957af3-827f-11df-89e5-001e68f16722}.TMContainer00000000000000000002.regtrans-ms
[2009.02.04 20:10:37 | 000,000,020 | -HS- | M] () -- C:\Users\jule\ntuser.ini

< %USERPROFILE%\Local Settings\Temp\*.exe >

< %USERPROFILE%\Local Settings\Temp\*.dll >

< %USERPROFILE%\Application Data\*.exe >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:225CD7D5
@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:E2B84483
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp48500F8
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:E32966C0
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:CF61CE5A
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:C07A6A6B
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:F5E8CAE0
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:517EFA90
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:70E897B5
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:3B07E6F4
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:F53B274A
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:EBCF5924
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:1604D047
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:E9900C74
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TempA5926CF
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp882BE37
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:89CF6F9C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:66871744
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:609CAC7C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:393F7B1E
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:59465B40
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:14A1BBE3
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:10CFA7D4
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:CAC06C34
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:AD020DC3
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:22741C1F
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:014BC3B4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:943E8182
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:76466F4C
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:2E9900EE
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:193CB03B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:701B92FB
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:512E1728
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4E79C4F8
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:491270B8
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:A8606E6E
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:9B2BD056
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:B36361EE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A6D89509
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:9D5BB34A
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:03D08225
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TempD95E6D9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:07C99568
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:B1E64E47
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:8BE7A048
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5C0940F1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:4A448DB2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:0915A718
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E1D818F7
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp31BE97C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F8F070C2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F878F14A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:B6E6C4EA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:9857FAE3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:FEBEC560
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:EA701346
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:A4BF246C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:3B812EE0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:1E17A249
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:C0893153
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B722BCE5
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:74B9EA7F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp9987109
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:C8AC644A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:895A78C5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:580E04D8
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:52641FBE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:1B3549F2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:A01F3A87
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:6FD36C4B
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp3A82449
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8AB6C1D7
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8173A019
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:61F0C8FB
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:EC0279DC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:A9056F42
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:98DFF516
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:3815BC84
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A3B8F70C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:6C031E3E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp576A536
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:55F44B88
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:4C49306C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:490BCC52
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:193426B4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:10D45FC3
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:F67AAFC5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:9DB67071
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:97995ED4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:861A898F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:883EDFB5
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:56C66609
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:FC60E0F8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:F1F936DF
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:69AF9D20
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:2ADF9928
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:24C072FF
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:0F38F234
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:CFF6B3FF
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:8CCDAB14
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:6C5EC3CD
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:48FEA089
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:2B99FE60
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:FC420CE6
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:4DDE401B
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:3571475C
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:2211E7A0
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:4673E9EA
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:3FD496E1
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:AE9351E0
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:151760F0
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:EA7D76BE
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:413E2927
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:A561576B
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:99C301D0
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:4FE30352
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:4EE95FE7
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:331B76C7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:793F316E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:78E0DF72
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:523B97A0
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:CC7738DB
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:92A815D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:13DF9DD1
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:4BB26BE9
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:10D98D98
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:090FB735

< End of report >

 

Themen zu systeam gespeert :(
alternate, antivir, autorun, avira, babylon, bho, canon, defender, explorer, firefox, format, home, intranet, launch, logfile, microsoft, nvidia, nvstor.sys, opera, pdf, phishing, plug-in, popup, realtek, registry, required, rundll, scan, search the web, siteadvisor, software, spark, version=1.0, vista, winlogon.exe, yahoo


« Virus schreibt ständig Text in Textfelder | Trojaner TR/Crypt.XPACK.Gen2 - Was ist das und wie bekomme ich ihn weg? »


Ähnliche Themen: systeam gespeert :(


  1. PC gespeert - Ransom Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 29.06.2013 (19)
  2. Gema Virus, Der Rechner wurde gespeert
    Plagegeister aller Art und deren Bekämpfung - 30.09.2012 (15)
  3. "Ihr Computer wurde gespeert"
    Log-Analyse und Auswertung - 09.09.2012 (4)
  4. Rechner wurde gespeert (100€ zum freischalten) wndos xp
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (1)
  5. aus sicherheitsgründen ist ihr system gespeert
    Log-Analyse und Auswertung - 24.04.2012 (4)
  6. Ein weiteres "Achtung aus Sicherheitsgründen wurde ihr Windows gespeert" Opfer
    Log-Analyse und Auswertung - 08.02.2012 (4)
  7. [2x] Ein weiteres "Achtung aus Sicherheitsgründen wurde ihr Windows gespeert" Opfer
    Mülltonne - 07.02.2012 (1)
  8. Win 7, gespeert durch die Gema 50 Euro bezahlen
    Log-Analyse und Auswertung - 30.12.2011 (5)
  9. Aus sicherheitsgründen wurde windows gespeert soll 50E Zahlen
    Log-Analyse und Auswertung - 21.12.2011 (3)
  10. Windows wurde aus Sicherheitsgründen gespeert.... :-(
    Log-Analyse und Auswertung - 20.12.2011 (16)
  11. Online Banking gespeert wegen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.09.2009 (4)
  12. Bataalexander GESPEERT????
    Lob, Kritik und Wünsche - 29.09.2007 (2)
  13. Taskmanager ung rededit gespeert
    Log-Analyse und Auswertung - 03.12.2005 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema systeam gespeert :( - habe mich ein wenig eingelesen hoffe habe alles richtig gemacht .. otl is durch hier otl text .. OTL logfile created on: 07.02.2012 19:06:36 - Run 1 OTL by OldTimer - systeam gespeert :(...
Archiv
Du betrachtest: systeam gespeert :( auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131