Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win 7 Security entfernen (log-files vorhanden)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 08.04.2011, 19:08   #1
hens1988
 
Win 7 Security entfernen (log-files vorhanden) - Standard

Win 7 Security entfernen (log-files vorhanden)



Hallo,

ich habe mir bereits einige Threads zum Thema Win7 Security entfernen durhcgelesen. Ich habe HijackThis installiert und jeweils beide log files erstellt. Ausserdem noch mit CCleaner meine installierten Programme ausgegeben.

Den empfohlenen Malware entferner habe ich bereits installiert.

Hier meine log files:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:41, on 08.04.2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Users\Hens\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [TvOutSwitch] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [PSUtility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ScanSoft PDF Create! 4-reminder] "C:\Program Files\ScanSoft\PDF Create! 4\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PDF Create\4\Ereg\Ereg.ini
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = Hens\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Nach Updates suchen.lnk = C:\Program Files\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Free YouTube Download - C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: FLEXlm server for PTC - Macrovision Corporation - C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - C:\Program Files\Fujitsu\PSUtility\PSUService.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: WirelessSelectorService - Unknown owner - C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe

--
End of file - 10027 bytes
         
Code:
ATTFilter
 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.1.7600]
 
 
C:

       C:\pagefile.sys ---------    
       C:\hiberfil.sys ---------    
  08.04.2011 10:53     C:\Windows --------- 28672   
  08.04.2011 10:37     C:\ProgramData --------- 12288   
  08.04.2011 10:37     C:\Program Files --------- 28672   
  08.04.2011 10:32     C:\System Volume Information --------- 20480   
  20.03.2011 22:18     C:\DVDVideoSoft --------- 0   
  17.12.2010 14:06     C:\flexlm --------- 0   
  21.11.2010 07:26     C:\PTC --------- 0   
  22.04.2010 03:17     C:\SmartDraw 2010 --------- 0   
  21.03.2010 16:38     C:\IO.SYS --------- 0   
  21.03.2010 16:38     C:\MSDOS.SYS --------- 0   
  14.03.2010 10:59     C:\timestmp.tmp --------- 4   
  12.03.2010 10:06     C:\ptcsetup.log --------- 797246   
  21.02.2010 15:27     C:\Intel --------- 0   
  21.02.2010 15:27     C:\fsc.tmp --------- 0   
  21.02.2010 15:22     C:\DeskUpdate.tmp --------- 0   
  19.02.2010 10:08     C:\$Recycle.Bin --------- 0   
  08.02.2010 08:33     C:\MSOCache --------- 0   
  08.02.2010 08:29     C:\Users --------- 4096   
  08.02.2010 08:29     C:\Recovery --------- 0   
  08.02.2010 08:29     C:\Programme --------- 0   
  08.02.2010 08:29     C:\Dokumente und Einstellungen --------- 0   
  08.02.2010 08:19     C:\BOOTSECT.BAK --------- 8192   
  08.02.2010 08:19     C:\Boot --------- 4096   
  13.07.2009 22:53     C:\Documents and Settings --------- 0   
  13.07.2009 20:37     C:\PerfLogs --------- 0   
  13.07.2009 19:38     C:\bootmgr --------- 383562   
  10.06.2009 15:42     C:\config.sys --------- 10   
  10.06.2009 15:42     C:\autoexec.bat --------- 24   
----------------------------------------

 
C:\Windows

  08.04.2011 10:57     C:\Windows\ntbtlog.txt --------- 1192722   
  08.04.2011 10:56     C:\Windows\bootstat.dat --------- 67584   
  08.04.2011 10:53     C:\Windows\setuperr.log --------- 0   
  08.04.2011 10:53     C:\Windows\setupact.log --------- 56   
  19.07.2010 13:44     C:\Windows\win.ini --------- 509   
  10.04.2010 01:03     C:\Windows\KMService.exe --------- 77824   
  08.02.2010 08:37     C:\Windows\ODBC.INI --------- 400   
  18.01.2010 05:42     C:\Windows\Irremote.ini --------- 34666   
  30.10.2009 23:45     C:\Windows\explorer.exe --------- 2614272   
  13.07.2009 22:41     C:\Windows\WindowsShell.Manifest --------- 749   
  13.07.2009 19:16     C:\Windows\twain_32.dll --------- 51200   
  13.07.2009 19:14     C:\Windows\write.exe --------- 9216   
  13.07.2009 19:14     C:\Windows\winhlp32.exe --------- 9728   
  13.07.2009 19:14     C:\Windows\twunk_32.exe --------- 31232   
  13.07.2009 19:14     C:\Windows\regedit.exe --------- 398336   
  13.07.2009 19:14     C:\Windows\notepad.exe --------- 179712   
  13.07.2009 19:14     C:\Windows\hh.exe --------- 15360   
  13.07.2009 19:14     C:\Windows\HelpPane.exe --------- 497152   
  13.07.2009 19:14     C:\Windows\fveupdate.exe --------- 13824   
  13.07.2009 19:14     C:\Windows\bfsvc.exe --------- 65024   
  13.07.2009 16:58     C:\Windows\mib.bin --------- 43131   
  10.06.2009 15:46     C:\Windows\system.ini --------- 219   
  10.06.2009 15:42     C:\Windows\_default.pif --------- 707   
  10.06.2009 15:42     C:\Windows\winhelp.exe --------- 256192   
  10.06.2009 15:41     C:\Windows\twunk_16.exe --------- 49680   
  10.06.2009 15:41     C:\Windows\twain.dll --------- 94784   
  10.06.2009 15:34     C:\Windows\WMSysPr9.prx --------- 316640   
  10.06.2009 15:19     C:\Windows\msdfmap.ini --------- 1405   
  10.06.2009 15:14     C:\Windows\Starter.xml --------- 48201   
  10.06.2009 15:14     C:\Windows\HomePremium.xml --------- 48265   
  24.04.2007 09:51     C:\Windows\UNNeroShowTime.exe --------- 972336   
  20.03.2007 14:22     C:\Windows\UNNeroBackItUp.exe --------- 972336   
  12.03.2007 07:51     C:\Windows\UNNeroMediaHome.exe --------- 972336   
  28.02.2007 14:53     C:\Windows\UNNeroVision.exe --------- 972336   
  15.09.2005 07:35     C:\Windows\UNNeroMediaHome.cfg --------- 50   
  30.08.2005 14:37     C:\Windows\UNNeroVision.cfg --------- 50   
  30.08.2005 14:37     C:\Windows\UNNeroShowTime.cfg --------- 50   
  30.08.2005 14:33     C:\Windows\UNNeroBackItUp.cfg --------- 50   
  23.01.1998 04:20     C:\Windows\IsUn0407.exe --------- 305664   
----------------------------------------

 
C:\Windows\System

 13.07.2009 15:41      C:\Windows\System\OLESVR.DLL --------- 24064 
 13.07.2009 15:41      C:\Windows\System\WFWNET.DRV --------- 12704 
 13.07.2009 15:41      C:\Windows\System\COMMDLG.DLL --------- 32816 
 13.07.2009 15:41      C:\Windows\System\TIMER.DRV --------- 4048 
 13.07.2009 15:41      C:\Windows\System\MMSYSTEM.DLL --------- 68992 
 13.07.2009 15:41      C:\Windows\System\mmtask.tsk --------- 1152 
 13.07.2009 15:41      C:\Windows\System\mouse.drv --------- 2032 
 13.07.2009 15:41      C:\Windows\System\vga.drv --------- 2176 
 13.07.2009 15:41      C:\Windows\System\sound.drv --------- 1744 
 13.07.2009 15:41      C:\Windows\System\keyboard.drv --------- 2000 
 13.07.2009 15:41      C:\Windows\System\SHELL.DLL --------- 5120 
 13.07.2009 15:41      C:\Windows\System\system.drv --------- 3360 
 10.06.2009 15:42      C:\Windows\System\ver.dll --------- 9008 
 10.06.2009 15:42      C:\Windows\System\olecli.dll --------- 82944 
 10.06.2009 15:42      C:\Windows\System\lzexpand.dll --------- 9936 
 10.06.2009 15:25      C:\Windows\System\stdole.tlb --------- 5532 
 10.06.2009 15:21      C:\Windows\System\msvideo.dll --------- 126912 
 10.06.2009 15:21      C:\Windows\System\mciwave.drv --------- 28160 
 10.06.2009 15:21      C:\Windows\System\mciseq.drv --------- 25264 
 10.06.2009 15:21      C:\Windows\System\mciavi.drv --------- 73376 
 10.06.2009 15:21      C:\Windows\System\avifile.dll --------- 109456 
 10.06.2009 15:21      C:\Windows\System\avicap.dll --------- 69584 
----------------------------------------

 
C:\Windows\System32

 08.04.2011 10:37     C:\Windows\system32\drivers --------- 65536  
 08.04.2011 10:34     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 13456  
 08.04.2011 10:34     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 13456  
 08.04.2011 10:29     C:\Windows\system32\config --------- 28672  
 08.04.2011 09:49     C:\Windows\system32\perfc009.dat --------- 103568  
 08.04.2011 09:49     C:\Windows\system32\perfh009.dat --------- 607190  
 08.04.2011 09:49     C:\Windows\system32\perfh007.dat --------- 643866  
 08.04.2011 09:49     C:\Windows\system32\perfc007.dat --------- 126394  
 08.04.2011 09:49     C:\Windows\system32\PerfStringBackup.INI --------- 1472002  
 07.04.2011 23:24     C:\Windows\system32\sysprep --------- 0  
 29.03.2011 21:35     C:\Windows\system32\catroot2 --------- 16384  
 24.03.2011 22:34     C:\Windows\system32\FNTCACHE.DAT --------- 3834352  
 24.03.2011 14:13     C:\Windows\system32\catroot --------- 8192  
 24.03.2011 14:13     C:\Windows\system32\DriverStore --------- 0  
 02.03.2011 19:56     C:\Windows\system32\MRT.exe --------- 37943240  
 12.02.2011 13:00     C:\Windows\system32\jupdate-1.6.0_23-b05.log --------- 3734  
 11.02.2011 17:05     C:\Windows\system32\Tasks --------- 0  
 09.02.2011 22:32     C:\Windows\system32\migration --------- 0  
 02.02.2011 18:11     C:\Windows\system32\MpSigStub.exe --------- 222080  
 08.01.2011 16:25     C:\Windows\system32\QuickTime --------- 0  
 07.01.2011 01:27     C:\Windows\system32\atmlib.dll --------- 34304  
 06.01.2011 23:33     C:\Windows\system32\atmfd.dll --------- 294400  
 04.01.2011 23:37     C:\Windows\system32\vbscript.dll --------- 428032  
 04.01.2011 23:34     C:\Windows\system32\jscript.dll --------- 716800  
 04.01.2011 21:37     C:\Windows\system32\win32k.sys --------- 2329088  
 22.12.2010 23:28     C:\Windows\system32\sbe.dll --------- 850432  
 22.12.2010 23:28     C:\Windows\system32\EncDec.dll --------- 534528  
 22.12.2010 23:28     C:\Windows\system32\CPFilters.dll --------- 642048  
 22.12.2010 23:24     C:\Windows\system32\mpg2splt.ax --------- 199680  
 20.12.2010 02:52     C:\Windows\system32\NDF --------- 0  
 17.12.2010 23:32     C:\Windows\system32\wininet.dll --------- 981504  
 17.12.2010 23:32     C:\Windows\system32\urlmon.dll --------- 1228288  
 17.12.2010 23:30     C:\Windows\system32\mstscax.dll --------- 2690560  
 17.12.2010 23:30     C:\Windows\system32\mstime.dll --------- 606208  
 17.12.2010 23:30     C:\Windows\system32\mshtmled.dll --------- 67072  
 17.12.2010 23:30     C:\Windows\system32\mshtml.dll --------- 5980672  
 17.12.2010 23:30     C:\Windows\system32\msfeedsbs.dll --------- 64512  
 17.12.2010 23:30     C:\Windows\system32\msfeeds.dll --------- 599040  
 17.12.2010 23:29     C:\Windows\system32\licmgr10.dll --------- 44544  
 17.12.2010 23:29     C:\Windows\system32\kerberos.dll --------- 541184  
 17.12.2010 23:29     C:\Windows\system32\jsproxy.dll --------- 48128  
 17.12.2010 23:29     C:\Windows\system32\ieui.dll --------- 176640  
 17.12.2010 23:29     C:\Windows\system32\iertutil.dll --------- 2063360  
 17.12.2010 23:29     C:\Windows\system32\iepeers.dll --------- 185856  
 17.12.2010 23:29     C:\Windows\system32\ieframe.dll --------- 10989056  
 17.12.2010 23:29     C:\Windows\system32\iedkcs32.dll --------- 381440  
 17.12.2010 23:26     C:\Windows\system32\mstsc.exe --------- 1034240  
 17.12.2010 23:26     C:\Windows\system32\msfeedssync.exe --------- 12800  
 17.12.2010 22:20     C:\Windows\system32\html.iec --------- 386048  
 17.12.2010 21:47     C:\Windows\system32\mshtml.tlb --------- 1638912  
 16.12.2010 00:18     C:\Windows\system32\de-DE --------- 327680  
 12.11.2010 19:53     C:\Windows\system32\javaws.exe --------- 157472  
 12.11.2010 19:53     C:\Windows\system32\javaw.exe --------- 145184  
 12.11.2010 19:53     C:\Windows\system32\java.exe --------- 145184  
 12.11.2010 19:53     C:\Windows\system32\deployJava1.dll --------- 472808  
 11.11.2010 05:03     C:\Windows\system32\jupdate-1.6.0_22-b04.log --------- 4103  
 01.11.2010 22:41     C:\Windows\system32\wmicmiplugin.dll --------- 351232  
 01.11.2010 22:40     C:\Windows\system32\taskschd.dll --------- 496128  
 01.11.2010 22:40     C:\Windows\system32\taskcomp.dll --------- 305152  
 01.11.2010 22:39     C:\Windows\system32\schedsvc.dll --------- 749056  
 01.11.2010 22:34     C:\Windows\system32\taskeng.exe --------- 192000  
 01.11.2010 22:34     C:\Windows\system32\schtasks.exe --------- 179712  
 26.10.2010 22:43     C:\Windows\system32\ntoskrnl.exe --------- 3901824  
 26.10.2010 22:43     C:\Windows\system32\ntkrnlpa.exe --------- 3957120  
 26.10.2010 22:40     C:\Windows\system32\ntdll.dll --------- 1289536  
 26.10.2010 22:32     C:\Windows\system32\tzres.dll --------- 2048  
 15.10.2010 22:41     C:\Windows\system32\consent.exe --------- 101760  
 15.10.2010 22:36     C:\Windows\system32\webio.dll --------- 314368  
 15.10.2010 22:34     C:\Windows\system32\odbc32.dll --------- 573440  
 31.08.2010 22:29     C:\Windows\system32\wmp.dll --------- 11406848  
 31.08.2010 22:23     C:\Windows\system32\wmploc.DLL --------- 12625408  
 31.08.2010 13:14     C:\Windows\system32\jupdate-1.6.0_21-b07.log --------- 5351  
 30.08.2010 22:32     C:\Windows\system32\mfc40u.dll --------- 954288  
 30.08.2010 22:32     C:\Windows\system32\mfc40.dll --------- 954752  
 26.08.2010 23:46     C:\Windows\system32\srvsvc.dll --------- 168448  
 25.08.2010 22:39     C:\Windows\system32\t2embed.dll --------- 109056  
 20.08.2010 23:36     C:\Windows\system32\wmpmde.dll --------- 738816  
 20.08.2010 23:36     C:\Windows\system32\schannel.dll --------- 224256  
 20.08.2010 23:33     C:\Windows\system32\comctl32.dll --------- 530432  
 20.08.2010 23:32     C:\Windows\system32\spoolsv.exe --------- 316928  
 15.08.2010 00:41     C:\Windows\system32\Lang --------- 0  
 14.08.2010 06:00     C:\Windows\system32\x64 --------- 0  
 29.07.2010 06:09     C:\Windows\system32\wdi --------- 4096  
 29.07.2010 00:30     C:\Windows\system32\ir32_32.dll --------- 197632  
 29.07.2010 00:30     C:\Windows\system32\iccvid.dll --------- 82944  
 27.07.2010 08:03     C:\Windows\system32\shell32.dll --------- 12867584  
 28.06.2010 23:02     C:\Windows\system32\ole32.dll --------- 1413632  
 22.06.2010 23:30     C:\Windows\system32\tsccvid.dll --------- 411480  
 19.06.2010 00:23     C:\Windows\system32\rtutils.dll --------- 37376  
 08.06.2010 00:02     C:\Windows\system32\msxml3.dll --------- 1233920  
 26.05.2010 10:59     C:\Windows\system32\Wat --------- 0  
 05.05.2010 00:46     C:\Windows\system32\StructuredQuery.dll --------- 363520  
 03.05.2010 07:53     C:\Windows\system32\MSCHVBXM --------- 4098  
 26.04.2010 16:04     C:\Windows\system32\DivXControlPanelApplet.cpl --------- 353592  
 22.04.2010 06:29     C:\Windows\system32\lvcoinst.log --------- 11736  
 14.04.2010 14:20     C:\Windows\system32\GroupPolicy --------- 0  
 20.03.2010 12:11     C:\Windows\system32\FM20DEU.DLL --------- 36736  
 10.03.2010 13:29     C:\Windows\system32\dpl100.dll --------- 94208  
 05.03.2010 03:13     C:\Windows\system32\msjava.dll --------- 947472  
 05.03.2010 01:42     C:\Windows\system32\asycfilt.dll --------- 67584  
----------------------------------------

 
C:\Windows\Prefetch

 08.04.2011 10:56     C:\Windows\Prefetch\ReadyBoot --------- 4096  
 08.04.2011 10:55     C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 1373845  
 08.04.2011 10:55     C:\Windows\Prefetch\AgGlFaultHistory.db --------- 493739  
 08.04.2011 10:55     C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 2336149  
 08.04.2011 10:55     C:\Windows\Prefetch\AgRobust.db --------- 299804  
 08.04.2011 10:55     C:\Windows\Prefetch\PfSvPerfStats.bin --------- 508  
 08.04.2011 10:38     C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf --------- 43308  
 08.04.2011 10:38     C:\Windows\Prefetch\DISPLAYLINKKENSINGTONSUPPORT.-4A9C90F1.pf --------- 18028  
 08.04.2011 10:38     C:\Windows\Prefetch\DISPLAYLINKUI.EXE-70773ADB.pf --------- 24284  
 08.04.2011 10:37     C:\Windows\Prefetch\CONSENT.EXE-65F6206D.pf --------- 117942  
 08.04.2011 10:37     C:\Windows\Prefetch\DLLHOST.EXE-71214090.pf --------- 42638  
 08.04.2011 10:37     C:\Windows\Prefetch\PING.EXE-B29F6629.pf --------- 14828  
 08.04.2011 10:37     C:\Windows\Prefetch\CONHOST.EXE-3218E401.pf --------- 14314  
 08.04.2011 10:36     C:\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf --------- 33912  
 08.04.2011 10:35     C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf --------- 54288  
 08.04.2011 10:35     C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf --------- 28726  
 08.04.2011 10:31     C:\Windows\Prefetch\SVCHOST.EXE-8FD92526.pf --------- 20694  
 08.04.2011 10:31     C:\Windows\Prefetch\VSSVC.EXE-04D079CC.pf --------- 28274  
 08.04.2011 10:31     C:\Windows\Prefetch\SVCHOST.EXE-93CEEE07.pf --------- 62884  
 08.04.2011 10:30     C:\Windows\Prefetch\TASKHOST.EXE-437C05A8.pf --------- 76958  
 08.04.2011 10:30     C:\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf --------- 20252  
 08.04.2011 10:29     C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf --------- 72670  
 08.04.2011 10:29     C:\Windows\Prefetch\AgCx_SC4.db --------- 309398  
 08.04.2011 10:29     C:\Windows\Prefetch\WUAUCLT.EXE-830BCC14.pf --------- 56292  
 08.04.2011 10:28     C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf --------- 39260  
 08.04.2011 10:28     C:\Windows\Prefetch\SPPSVC.EXE-CBE91656.pf --------- 24846  
 08.04.2011 10:28     C:\Windows\Prefetch\WMPNETWK.EXE-BD0344CA.pf --------- 69152  
 08.04.2011 10:28     C:\Windows\Prefetch\WMPNSCFG.EXE-DF1DD51A.pf --------- 19082  
 08.04.2011 10:28     C:\Windows\Prefetch\SEARCHINDEXER.EXE-77D27BAC.pf --------- 85290  
 08.04.2011 10:28     C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf --------- 201106  
 08.04.2011 10:28     C:\Windows\Prefetch\DWM.EXE-AEABE78B.pf --------- 44378  
 08.04.2011 10:28     C:\Windows\Prefetch\USERINIT.EXE-F39AB672.pf --------- 23942  
 08.04.2011 10:27     C:\Windows\Prefetch\ATBROKER.EXE-FF58B71D.pf --------- 10564  
 08.04.2011 09:52     C:\Windows\Prefetch\ACRORD32INFO.EXE-E3F62CBD.pf --------- 78004  
 08.04.2011 09:52     C:\Windows\Prefetch\MIKTEX-TEXWORKS.EXE-730A698D.pf --------- 92954  
 08.04.2011 09:47     C:\Windows\Prefetch\WUDFHOST.EXE-81420B07.pf --------- 25930  
 08.04.2011 09:46     C:\Windows\Prefetch\AUDIODG.EXE-D0D776AC.pf --------- 23096  
 08.04.2011 09:35     C:\Windows\Prefetch\AVP.EXE-66FE3676.pf --------- 131754  
 08.04.2011 09:31     C:\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf --------- 19976  
 08.04.2011 09:28     C:\Windows\Prefetch\IGFXSRVC.EXE-67E7A62F.pf --------- 30290  
 08.04.2011 09:28     C:\Windows\Prefetch\IELOWUTIL.EXE-79D45B69.pf --------- 1402  
 08.04.2011 09:26     C:\Windows\Prefetch\KLWTBLFS.EXE-BD8E3D08.pf --------- 15204  
 08.04.2011 09:21     C:\Windows\Prefetch\RUNDLL32.EXE-AFD98684.pf --------- 15530  
 08.04.2011 08:19     C:\Windows\Prefetch\DLLHOST.EXE-53B78AD0.pf --------- 37768  
 08.04.2011 08:18     C:\Windows\Prefetch\SVCHOST.EXE-DB4C36D7.pf --------- 31902  
 08.04.2011 08:11     C:\Windows\Prefetch\TASKENG.EXE-5BAF290C.pf --------- 22616  
 07.04.2011 23:28     C:\Windows\Prefetch\OSPPSVC.EXE-FFA150A3.pf --------- 69032  
 07.04.2011 23:28     C:\Windows\Prefetch\PRINTISOLATIONHOST.EXE-83C184C4.pf --------- 15000  
 07.04.2011 23:28     C:\Windows\Prefetch\POWERPNT.EXE-C61D24E7.pf --------- 150592  
 07.04.2011 22:27     C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-1D5F6C6B.pf --------- 54662  
 07.04.2011 22:06     C:\Windows\Prefetch\SKYPEPM.EXE-2C1AF4F8.pf --------- 99332  
 07.04.2011 22:05     C:\Windows\Prefetch\SKYPE.EXE-40964AC7.pf --------- 164344  
 07.04.2011 22:05     C:\Windows\Prefetch\LVPRCSRV.EXE-E0306B6B.pf --------- 12576  
 07.04.2011 22:03     C:\Windows\Prefetch\THUNDERBIRD.EXE-EDED9AF7.pf --------- 252746  
 07.04.2011 22:02     C:\Windows\Prefetch\LULNCHR.EXE-E46CB67E.pf --------- 86564  
 07.04.2011 22:02     C:\Windows\Prefetch\LOGITECHUPDATE.EXE-55456C00.pf --------- 34410  
 07.04.2011 22:01     C:\Windows\Prefetch\FIREFOX.EXE-E60C0AA7.pf --------- 219566  
 07.04.2011 22:01     C:\Windows\Prefetch\SVCHOST.EXE-18D06B2E.pf --------- 6660  
 07.04.2011 22:01     C:\Windows\Prefetch\DROPBOX.EXE-6F5B5EDB.pf --------- 114496  
 07.04.2011 22:01     C:\Windows\Prefetch\CMD.EXE-89305D47.pf --------- 10908  
 07.04.2011 22:00     C:\Windows\Prefetch\WEBUPDATER.EXE-F58A287C.pf --------- 47714  
 07.04.2011 22:00     C:\Windows\Prefetch\SIDEBAR.EXE-3A7B3FCC.pf --------- 78692  
 07.04.2011 22:00     C:\Windows\Prefetch\DTLITE.EXE-77D34F4E.pf --------- 67736  
 07.04.2011 22:00     C:\Windows\Prefetch\RAINLENDAR2.EXE-437E37B5.pf --------- 81750  
 07.04.2011 22:00     C:\Windows\Prefetch\USBTIP.EXE-BF2C7046.pf --------- 26310  
 07.04.2011 22:00     C:\Windows\Prefetch\READER_SL.EXE-565703D6.pf --------- 13150  
 07.04.2011 22:00     C:\Windows\Prefetch\ADOBEARM.EXE-ACA00A4A.pf --------- 23094  
 07.04.2011 22:00     C:\Windows\Prefetch\SWITCHBOARD.EXE-7E935F90.pf --------- 30446  
 07.04.2011 22:00     C:\Windows\Prefetch\JUSCHED.EXE-07F32FAE.pf --------- 13964  
 07.04.2011 22:00     C:\Windows\Prefetch\UPDATERSTARTUPUTILITY.EXE-4E353C23.pf --------- 25712  
 07.04.2011 22:00     C:\Windows\Prefetch\CS5SERVICEMANAGER.EXE-5B253472.pf --------- 31260  
 07.04.2011 22:00     C:\Windows\Prefetch\IGFXPERS.EXE-F690CC93.pf --------- 17740  
 07.04.2011 22:00     C:\Windows\Prefetch\HKCMD.EXE-FA3EB5EE.pf --------- 18506  
 07.04.2011 22:00     C:\Windows\Prefetch\LWS.EXE-CC076DEB.pf --------- 59740  
 07.04.2011 22:00     C:\Windows\Prefetch\IGFXTRAY.EXE-95873609.pf --------- 19562  
 07.04.2011 22:00     C:\Windows\Prefetch\EREG.EXE-EEF5DFA3.pf --------- 26222  
 07.04.2011 21:59     C:\Windows\Prefetch\BCSSYNC.EXE-E11E559D.pf --------- 16300  
 07.04.2011 21:59     C:\Windows\Prefetch\IPODSERVICE.EXE-FE1A6FF7.pf --------- 19344  
 07.04.2011 21:59     C:\Windows\Prefetch\OPENVPN.EXE-51BE6D5E.pf --------- 17376  
 07.04.2011 21:59     C:\Windows\Prefetch\FJSSDMN.EXE-EB13373A.pf --------- 16722  
 07.04.2011 21:59     C:\Windows\Prefetch\SSBKGDUPDATE.EXE-2DA63B57.pf --------- 15888  
 07.04.2011 21:59     C:\Windows\Prefetch\BTNHND.EXE-3BD76FB3.pf --------- 17950  
 07.04.2011 21:59     C:\Windows\Prefetch\QUICKTOUCH.EXE-C66F2D8B.pf --------- 36808  
 07.04.2011 21:59     C:\Windows\Prefetch\INDICATORUTY.EXE-E859F9BC.pf --------- 18846  
 07.04.2011 21:59     C:\Windows\Prefetch\FUJ02E3.EXE-A0823DBD.pf --------- 14832  
 07.04.2011 21:59     C:\Windows\Prefetch\ITUNESHELPER.EXE-302622F9.pf --------- 75474  
 07.04.2011 21:54     C:\Windows\Prefetch\SVCHOST.EXE-4D8DA32A.pf --------- 24010  
 07.04.2011 21:54     C:\Windows\Prefetch\SVCHOST.EXE-B1D6DE75.pf --------- 19924  
 07.04.2011 18:06     C:\Windows\Prefetch\WINWORD.EXE-19416D26.pf --------- 221610  
 07.04.2011 18:03     C:\Windows\Prefetch\MSPAINT.EXE-89BB51A7.pf --------- 95820  
 07.04.2011 18:02     C:\Windows\Prefetch\TEXIFY.EXE-52D3EFBC.pf --------- 27196  
 07.04.2011 18:02     C:\Windows\Prefetch\PDFLATEX.EXE-F0A21ED7.pf --------- 116926  
 07.04.2011 18:02     C:\Windows\Prefetch\BIBTEX.EXE-4C074E6D.pf --------- 26122  
 07.04.2011 17:05     C:\Windows\Prefetch\ACRORD32.EXE-C2658FE9.pf --------- 87690  
 07.04.2011 16:59     C:\Windows\Prefetch\JAVAW.EXE-C4EA16F0.pf --------- 166406  
 07.04.2011 16:52     C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-631388349-1085569318-2024419824-1001.db --------- 943493  
 07.04.2011 16:52     C:\Windows\Prefetch\AgGlUAD_S-1-5-21-631388349-1085569318-2024419824-1001.db --------- 1267329  
 07.04.2011 16:13     C:\Windows\Prefetch\AgCx_SC2.db --------- 800696  
 07.04.2011 16:11     C:\Windows\Prefetch\PTC_D.EXE-50C7BF6C.pf --------- 23994  
 07.04.2011 11:51     C:\Windows\Prefetch\EXCEL.EXE-F0766CF1.pf --------- 154236  
 07.04.2011 11:42     C:\Windows\Prefetch\PDFTEX.EXE-ADEB943E.pf --------- 29180  
 07.04.2011 11:30     C:\Windows\Prefetch\FOXITR~1.EXE-54C77552.pf --------- 91340  
 07.04.2011 10:54     C:\Windows\Prefetch\DLLHOST.EXE-6202E8F2.pf --------- 213674  
 07.04.2011 10:24     C:\Windows\Prefetch\RUNDLL32.EXE-B641F777.pf --------- 33908  
 07.04.2011 09:51     C:\Windows\Prefetch\OUTLOOK.EXE-6869E875.pf --------- 265070  
 07.04.2011 09:46     C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 3350318  
 07.04.2011 08:37     C:\Windows\Prefetch\ITUNES.EXE-049DB451.pf --------- 271298  
 07.04.2011 08:01     C:\Windows\Prefetch\QTTASK.EXE-D42B72A5.pf --------- 10784  
 06.04.2011 16:59     C:\Windows\Prefetch\WERFAULT.EXE-B7E27BE5.pf --------- 33982  
 06.04.2011 15:22     C:\Windows\Prefetch\PAINTDOTNET.EXE-A48207C8.pf --------- 139468  
 06.04.2011 15:14     C:\Windows\Prefetch\MATLAB.EXE-83FCC2C9.pf --------- 317714  
 06.04.2011 15:14     C:\Windows\Prefetch\MATLAB.EXE-F8C74B66.pf --------- 31212  
 06.04.2011 15:14     C:\Windows\Prefetch\VCRT_CHECK.EXE-9270A550.pf --------- 17660  
 06.04.2011 13:34     C:\Windows\Prefetch\W32TM.EXE-5D2265F4.pf --------- 15448  
 06.04.2011 13:33     C:\Windows\Prefetch\CSC.EXE-4EF173D0.pf --------- 40938  
 06.04.2011 13:33     C:\Windows\Prefetch\CVTRES.EXE-419E4E46.pf --------- 13220  
 06.04.2011 13:33     C:\Windows\Prefetch\SDIAGNHOST.EXE-67CD1457.pf --------- 63440  
 06.04.2011 13:33     C:\Windows\Prefetch\RUNDLL32.EXE-85E123DD.pf --------- 8630  
 06.04.2011 13:26     C:\Windows\Prefetch\RUNDLL32.EXE-125D4518.pf --------- 43814  
 06.04.2011 13:23     C:\Windows\Prefetch\SVCHOST.EXE-8DA0BAAD.pf --------- 17266  
 06.04.2011 13:23     C:\Windows\Prefetch\DEFRAG.EXE-738093E8.pf --------- 15134  
 06.04.2011 13:23     C:\Windows\Prefetch\Layout.ini --------- 1261444  
 06.04.2011 08:01     C:\Windows\Prefetch\DISPSWITCHLAUNCHER.EXE-B5D5114D.pf --------- 15864  
 05.04.2011 15:08     C:\Windows\Prefetch\MPSIGSTUB.EXE-7C60A359.pf --------- 25040  
 05.04.2011 15:08     C:\Windows\Prefetch\MPMINISIGSTUB.EXE-5E580501.pf --------- 7166  
 05.04.2011 15:08     C:\Windows\Prefetch\MPAS-D_BD1.EXE-B82677C3.pf --------- 15744  
 05.04.2011 10:55     C:\Windows\Prefetch\RUNDLL32.EXE-A5D8DA74.pf --------- 18540  
 05.04.2011 10:54     C:\Windows\Prefetch\DEVICEDISPLAYOBJECTPROVIDER.E-5B0FD533.pf --------- 33620  
 05.04.2011 10:50     C:\Windows\Prefetch\SVCHOST.EXE-7488A139.pf --------- 22334  
 05.04.2011 08:00     C:\Windows\Prefetch\COCIMANAGER.EXE-24AD6BC2.pf --------- 22156  
 04.04.2011 16:06     C:\Windows\Prefetch\CALC.EXE-AC08706A.pf --------- 23096  
 04.04.2011 15:12     C:\Windows\Prefetch\JAVAWS.EXE-25FD1E0F.pf --------- 18906  
 04.04.2011 15:12     C:\Windows\Prefetch\JAUCHECK.EXE-04AFF24E.pf --------- 33028  
 04.04.2011 14:54     C:\Windows\Prefetch\IZARC.EXE-1472F2CB.pf --------- 139640  
 04.04.2011 13:16     C:\Windows\Prefetch\SNDVOL.EXE-783DCB11.pf --------- 26990  
 03.04.2011 23:00     C:\Windows\Prefetch\WSQMCONS.EXE-E2CE6542.pf --------- 1242  
 03.04.2011 21:30     C:\Windows\Prefetch\INSTALLFLASHPLAYER.EXE-5258DA1C.pf --------- 22546  
 03.04.2011 21:28     C:\Windows\Prefetch\SC.EXE-BC6DAF49.pf --------- 3606  
 01.04.2011 14:59     C:\Windows\Prefetch\DLLHOST.EXE-91B07125.pf --------- 15754  
 01.04.2011 14:59     C:\Windows\Prefetch\SOFTWAREUPDATE.EXE-2B0C49F7.pf --------- 26590  
 01.04.2011 14:57     C:\Windows\Prefetch\AgCx_SC1.db --------- 687516  
 01.04.2011 14:56     C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 280194  
 08.02.2010 08:22     C:\Windows\Prefetch\AgAppLaunch.db --------- 332116  
----------------------------------------

 
C:\Windows\Tasks

 08.04.2011 10:53     C:\Windows\Tasks\SA.DAT --------- 6  
 12.02.2011 03:21     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32632  
----------------------------------------

 
C:\Windows\Temp

 08.04.2011 10:53     C:\Windows\Temp\spserv.dat --------- 1024  
----------------------------------------

 
C:\Users\Hens\AppData\Local\Temp

 08.04.2011 10:56     C:\Users\Hens\AppData\Local\Temp\WPDNSE --------- 0  
 08.04.2011 10:52     C:\Users\Hens\AppData\Local\Temp\js6cy226kpp3fu006bryc5cx757a25077l2 --------- 8578  
 08.04.2011 10:44     C:\Users\Hens\AppData\Local\Temp\mik64428 --------- 0  
 08.04.2011 09:26     C:\Users\Hens\AppData\Local\Temp\Low --------- 0  
 07.04.2011 23:24     C:\Users\Hens\AppData\Local\Temp\0.46982674232693467.exe --------- 217202  
 07.04.2011 22:00     C:\Users\Hens\AppData\Local\Temp\manifest.xml --------- 5275  
 07.04.2011 22:00     C:\Users\Hens\AppData\Local\Temp\config.xml --------- 0  
 07.04.2011 22:00     C:\Users\Hens\AppData\Local\Temp\de-de --------- 0  
 07.04.2011 22:00     C:\Users\Hens\AppData\Local\Temp\en-us --------- 0  
 07.04.2011 22:00     C:\Users\Hens\AppData\Local\Temp\resource.h --------- 0  
 08.02.2010 08:31     C:\Users\Hens\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0  
----------------------------------------

 
C:\Program Files

 08.04.2011 10:37     C:\Program Files\Malwarebytes' Anti-Malware --------- 4096  
 08.04.2011 10:37     C:\Program Files\CCleaner --------- 0  
 08.04.2011 10:32     C:\Program Files\Trend Micro --------- 0  
 31.03.2011 09:17     C:\Program Files\Adobe --------- 4096  
 24.03.2011 22:55     C:\Program Files\Mozilla Firefox --------- 32768  
 24.03.2011 14:12     C:\Program Files\Common Files --------- 4096  
 24.03.2011 14:00     C:\Program Files\Pinnacle --------- 0  
 24.03.2011 12:50     C:\Program Files\SafeNet Sentinel --------- 0  
 24.03.2011 12:50     C:\Program Files\InstallShield Installation Information --------- 0  
 24.03.2011 12:37     C:\Program Files\Motion Analysis --------- 0  
 08.03.2011 09:52     C:\Program Files\Mozilla Thunderbird --------- 28672  
 21.02.2011 00:12     C:\Program Files\Paint.NET --------- 16384  
 12.02.2011 13:00     C:\Program Files\Java --------- 4096  
 09.02.2011 22:32     C:\Program Files\Internet Explorer --------- 4096  
 18.01.2011 11:09     C:\Program Files\MATLAB --------- 0  
 18.01.2011 10:19     C:\Program Files\KinTrak 7.0 --------- 0  
 08.01.2011 16:24     C:\Program Files\TechSmith --------- 0  
 31.12.2010 11:23     C:\Program Files\Skype --------- 0  
 16.12.2010 00:18     C:\Program Files\Windows Mail --------- 0  
 15.12.2010 15:37     C:\Program Files\JDownloader --------- 0  
 07.12.2010 13:04     C:\Program Files\Ask.com --------- 4096  
 07.12.2010 13:04     C:\Program Files\Foxit Software --------- 0  
 07.11.2010 11:53     C:\Program Files\IrfanView --------- 0  
 07.11.2010 11:47     C:\Program Files\Ghostgum --------- 0  
 07.11.2010 07:34     C:\Program Files\Ghostscript --------- 0  
 07.11.2010 07:23     C:\Program Files\Texmaker --------- 16384  
 07.11.2010 07:21     C:\Program Files\TeXnicCenter --------- 0  
 07.11.2010 01:26     C:\Program Files\MiKTeX 2.9 --------- 4096  
 03.11.2010 13:16     C:\Program Files\Adobe Media Player --------- 0  
 13.10.2010 07:23     C:\Program Files\Windows Media Player --------- 4096  
 12.09.2010 01:28     C:\Program Files\Logitech --------- 0  
 15.08.2010 00:41     C:\Program Files\Intel --------- 0  
 06.08.2010 02:48     C:\Program Files\DVDVideoSoft --------- 0  
 19.07.2010 13:47     C:\Program Files\7-Zip --------- 0  
 19.07.2010 13:38     C:\Program Files\Microsoft Synchronization Services --------- 0  
 19.07.2010 13:37     C:\Program Files\Microsoft Office --------- 4096  
 19.07.2010 13:37     C:\Program Files\Microsoft SQL Server Compact Edition --------- 0  
 19.07.2010 13:37     C:\Program Files\Microsoft.NET --------- 0  
 19.07.2010 13:32     C:\Program Files\Microsoft Analysis Services --------- 0  
 19.07.2010 13:06     C:\Program Files\IZArc --------- 4096  
 12.06.2010 08:53     C:\Program Files\PCTV Systems --------- 0  
 09.06.2010 12:12     C:\Program Files\Avanquest update --------- 0  
 07.06.2010 14:41     C:\Program Files\MDESIGN --------- 0  
 06.06.2010 04:09     C:\Program Files\MyPhoneExplorer --------- 4096  
 31.05.2010 02:48     C:\Program Files\DisplayLink Core Software --------- 8192  
 16.05.2010 10:57     C:\Program Files\MSECache --------- 0  
 05.05.2010 03:36     C:\Program Files\DAEMON Tools Lite --------- 0  
 21.04.2010 11:57     C:\Program Files\Microsoft CAPICOM 2.1.0.2 --------- 0  
 15.04.2010 03:48     C:\Program Files\WinRAR --------- 4096  
 14.04.2010 14:20     C:\Program Files\ScanSoft --------- 0  
 22.03.2010 07:19     C:\Program Files\HBM --------- 0  
 12.03.2010 10:05     C:\Program Files\proeWildfire 4.0 --------- 8192  
 12.03.2010 09:57     C:\Program Files\flexnet --------- 4096  
 06.03.2010 04:32     C:\Program Files\PokerStars.NET --------- 8192  
 02.03.2010 01:18     C:\Program Files\OpenVPN --------- 4096  
 01.03.2010 08:22     C:\Program Files\MSXML 4.0 --------- 0  
 27.02.2010 11:09     C:\Program Files\Nero --------- 0  
 21.02.2010 15:40     C:\Program Files\Fujitsu --------- 4096  
 21.02.2010 15:32     C:\Program Files\O2Micro OZ711 SCR Driver --------- 0  
 21.02.2010 15:30     C:\Program Files\Sierra Wireless Inc --------- 0  
 09.02.2010 14:57     C:\Program Files\Microsoft --------- 0  
 09.02.2010 14:57     C:\Program Files\Windows Live --------- 0  
 09.02.2010 14:57     C:\Program Files\Windows Live SkyDrive --------- 0  
 09.02.2010 03:29     C:\Program Files\Kensington Display Adapter --------- 0  
 08.02.2010 10:39     C:\Program Files\iTunes --------- 4096  
 08.02.2010 10:38     C:\Program Files\iPod --------- 0  
 08.02.2010 10:38     C:\Program Files\Bonjour --------- 0  
 08.02.2010 10:38     C:\Program Files\QuickTime --------- 4096  
 08.02.2010 10:37     C:\Program Files\Apple Software Update --------- 4096  
 08.02.2010 10:04     C:\Program Files\Rainlendar2 --------- 0  
 08.02.2010 09:05     C:\Program Files\VideoLAN --------- 0  
 08.02.2010 08:41     C:\Program Files\Kaspersky Lab --------- 0  
 08.02.2010 08:29     C:\Program Files\Windows NT --------- 4096  
 08.02.2010 08:29     C:\Program Files\Gemeinsame Dateien --------- 0  
 14.07.2009 02:56     C:\Program Files\DVD Maker --------- 0  
 14.07.2009 02:56     C:\Program Files\Windows Journal --------- 0  
 14.07.2009 02:56     C:\Program Files\Microsoft Games --------- 0  
 14.07.2009 02:47     C:\Program Files\Windows Sidebar --------- 0  
 14.07.2009 02:47     C:\Program Files\Windows Photo Viewer --------- 0  
 14.07.2009 02:47     C:\Program Files\Windows Defender --------- 0  
 13.07.2009 22:53     C:\Program Files\Uninstall Information --------- 0  
 13.07.2009 22:52     C:\Program Files\Windows Portable Devices --------- 0  
 13.07.2009 22:52     C:\Program Files\Reference Assemblies --------- 0  
 13.07.2009 22:52     C:\Program Files\MSBuild --------- 0  
 13.07.2009 22:41     C:\Program Files\desktop.ini --------- 174  
----------------------------------------

 
C:\ProgramData\.. 

Hens    
Default    
Public    
Default User    
All Users    
desktop.ini    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0           712 K
smss.exe                       288 Services                   0           820 K
csrss.exe                      384 Services                   0         2.804 K
csrss.exe                      432 Console                    1         4.608 K
wininit.exe                    440 Services                   0         3.572 K
services.exe                   500 Services                   0         5.304 K
lsass.exe                      508 Services                   0         7.244 K
lsm.exe                        520 Services                   0         2.800 K
winlogon.exe                   552 Console                    1         4.444 K
svchost.exe                    660 Services                   0         6.532 K
svchost.exe                    740 Services                   0         4.548 K
svchost.exe                    792 Services                   0         7.512 K
svchost.exe                    860 Services                   0         9.460 K
svchost.exe                    920 Services                   0         3.596 K
svchost.exe                    984 Services                   0         4.008 K
explorer.exe                  1140 Console                    1        47.812 K
ctfmon.exe                    1196 Console                    1         3.124 K
cmd.exe                       2012 Console                    1         3.248 K
conhost.exe                   2020 Console                    1         2.984 K
tasklist.exe                   952 Console                    1         4.200 K
dllhost.exe                   1316 Console                    1         5.596 K
WmiPrvSE.exe                  1400 Services                   0         4.756 K

 
***** Ende des Scans 08.04.2011 um 10:59:44,33 ***
         
Programme:

Code:
ATTFilter
Adobe AIR	Adobe Systems Inc.	03.11.2010		1.5.3.9120
Adobe Community Help	Adobe Systems Incorporated	03.11.2010		3.0.0.400
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	06.08.2010	6,00MB	10.1.53.64
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	03.04.2011	6,00MB	10.2.153.1
Adobe Media Player	Adobe Systems Incorporated	03.11.2010		1.8
Adobe Photoshop CS5	Adobe Systems Incorporated	03.11.2010	1.559MB	12.0
Adobe Reader 9.4.3 - Deutsch	Adobe Systems Incorporated	31.03.2011	164,6MB	9.4.3
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	05.10.2010		11.5.8.612
Akamai NetSession Interface		03.11.2010		
Apple Application Support	Apple Inc.	08.02.2010	32,4MB	1.1.0
Apple Mobile Device Support	Apple Inc.	08.02.2010	40,4MB	2.6.0.32
Apple Software Update	Apple Inc.	08.02.2010	2,16MB	2.1.1.116
Avanquest update	Avanquest Software	09.06.2010		1.22
Bonjour	Apple Inc.	08.02.2010	0,49MB	1.0.106
Camtasia Studio 7	TechSmith Corporation	08.01.2011	219MB	7.0.1
catmanEasy/AP  3.0.4.100	Hottinger Baldwin Messtechnik GmbH	22.03.2010		3.0.4.100
CCleaner	Piriform	08.04.2011		3.05
Compatibility Pack for the 2007 Office system	Microsoft Corporation	10.11.2010	129,5MB	12.0.6514.5001
DisplayLink Core Software	DisplayLink Corp.	09.02.2010	12,8MB	5.2.22617.0
DivX-Setup	DivX, Inc. 	04.10.2010		2.1.0.12
Dropbox		24.09.2010		0.7.110
EVaRT 5.0.4	Motion Analysis Corporation	24.03.2011	62,5MB	5.0.4
Facebook Plug-In	Facebook, Inc.	12.04.2010		
Faraday's Electromagnetic Lab	University of Colorado, Department of Physics	07.03.2010		
Foxit Reader	Foxit Corporation	07.12.2010	11,1MB	4.3.0.1110
Foxit Toolbar	Ask.com	07.12.2010	2,57MB	1.9.1.0
Free Audio CD Burner version 1.4.7	DVDVideoSoft Limited.	26.03.2011	10,7MB	
Free Studio version 5.0.6	DVDVideoSoft Limited.	24.03.2011	258MB	
Free YouTube Download 2.8	DVDVideoSoft Limited.	29.07.2010	25,5MB	
Free YouTube to MP3 Converter version 3.9.35.324	DVDVideoSoft Limited.	26.03.2011	36,0MB	
Fujitsu Display Manager	FUJITSU LIMITED	21.02.2010	1,09MB	50.0.1.0
Fujitsu Hotkey Utility	FUJITSU LIMITED	21.02.2010	0,22MB	3.0.0.0
Fujitsu MobilityCenter Extension Utility	FUJITSU LIMITED	21.02.2010	0,28MB	1.1.0.0
Fujitsu System Extension Utility	FUJITSU LIMITED	21.02.2010	0,13MB	2.1.1.0
GPL Ghostscript 9.00		07.11.2010		
GSview 4.9		07.11.2010		
HBM TEDS Editor	Hottinger Baldwin Messtechnik GmbH	22.03.2010		3.0.0.86
HiJackThis	Trend Micro	08.04.2011	0,36MB	1.0.0
HijackThis 2.0.2	TrendMicro	08.04.2011		2.0.2
Intel(R) Graphics Media Accelerator Driver	Intel Corporation	15.08.2010	54,3MB	8.15.10.1930
Intel(R) TV Wizard	Intel Corporation	15.08.2010		
IrfanView (remove only)	Irfan Skiljan	07.11.2010	1,50MB	4.27
iTunes	Apple Inc.	08.02.2010	146,3MB	9.0.3.15
IZArc 4.1.2	Ivan Zahariev	19.07.2010	13,8MB	4.1.2
Java(TM) 6 Update 23	Sun Microsystems, Inc.	23.05.2010	94,5MB	6.0.230
Java(TM) 6 Update 5	Sun Microsystems, Inc.	08.02.2010	140,9MB	1.6.0.50
JDownloader	AppWork UG (haftungsbeschränkt)	13.04.2010		0.89
Kaspersky Anti-Virus 2010	Kaspersky Lab	08.02.2010		9.0.0.459
Kensington Display Adapter	Kensington Computer Products Group	09.02.2010	1,83MB	5.2.22663.0
KinTrak 7.0	University of Calgary	18.01.2011	32,8MB	7.0.25
LifeBook Application Panel	FUJITSU LIMITED	21.02.2010	5,48MB	7.0.0.0
Logitech Vid HD	Logitech Inc..	11.09.2010		7.2 (7230)
Logitech Webcam Software	Logitech Inc.	21.04.2010	43,9MB	12.10.1113
Logitech Webcam Software-Treiberpaket	Logitech Inc.	20.04.2010		12.10.1110
Malwarebytes' Anti-Malware	Malwarebytes Corporation	08.04.2011	10,5MB	
MATLAB R2010a	The MathWorks, Inc.	18.01.2011		7.10
MDESIGN Roloff-Matek Edition		07.06.2010		2009
Microsoft Office Professional Plus 2010	Microsoft Corporation	19.07.2010		14.0.4763.1000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	16.02.2010	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	12.02.2010	0,42MB	8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	10.02.2010	0,20MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	08.02.2010	0,58MB	9.0.30729
MiKTeX 2.9	MiKTeX.org	07.11.2010		2.9
Mozilla Firefox 4.0 (x86 en-US)	Mozilla	24.03.2011	33,7MB	4.0
Mozilla Thunderbird (3.1.9)	Mozilla	08.03.2011		3.1.9 (de)
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	01.03.2010	35,00KB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	01.03.2010	1,33MB	4.20.9876.0
MSXML 4.0 SP2 Parser and SDK	Microsoft Corporation	12.06.2010	36,00KB	4.20.9818.0
MyPhoneExplorer	F.J. Wechselberger	06.06.2010		1.7.6
Nero 7 Essentials	Nero AG	27.02.2010	1.814MB	7.02.8076
OpenVPN 2.0.9-gui-1.0.3		02.03.2010		
OZ711 SCR Driver V3.0.0.9A	O2Micro	21.02.2010	0,95MB	3.0.0.9A
Paint.NET v3.5.7	dotPDN LLC	20.02.2011	10,4MB	3.57.0
Pinnacle Studio 14	Pinnacle Systems	24.03.2011	2.030MB	14.0.0.7255
Pinnacle Video Treiber	Pinnacle Systems	24.03.2011	4,96MB	12.1.0.030
PokerStars.net	PokerStars.net	05.03.2010		
Power Saving Utility	Fujitsu LIMITED	21.02.2010	0,76MB	3.1.1.0
Pro/ENGINEER Release Wildfire 4.0 Datecode F000	PTC	12.03.2010		Wildfire 4.0
PTC License Server Release Wildfire 4.0 Datecode F000	PTC	12.03.2010		Wildfire 4.0
QuickTime	Apple Inc.	08.02.2010	77,3MB	7.65.17.80
Rainlendar2 (remove only)		08.02.2010		
ScanSoft PDF Create! 4	Nuance, Inc.	14.04.2010	27,4MB	4.01.0109
Sentinel Protection Installer 7.3.0	SafeNet, Inc.	24.03.2011	2,56MB	7.3.0
Shock Sensor Utility	FUJITSU LIMITED	21.02.2010	0,75MB	2.2.0.0
Skype Toolbars	Skype Technologies S.A.	11.02.2011	5,76MB	5.0.4137
Skype™ 5.1	Skype Technologies S.A.	11.02.2011	22,7MB	5.1.112
Spider32 Setup		21.03.2010		
Texmaker		07.11.2010		
TVCenter	PCTV Systems	12.06.2010	160,5MB	6.3.0.584
Uninstall 1.0.0.1		26.03.2011	10,6MB	
VLC media player 1.0.3	VideoLAN Team	08.02.2010		1.0.3
Windows Live Anmelde-Assistent	Microsoft Corporation	09.02.2010	1,94MB	5.000.818.5
Windows Live Essentials	Microsoft Corporation	09.02.2010		14.0.8089.0726
Windows Live-Uploadtool	Microsoft Corporation	09.02.2010	0,22MB	14.0.8014.1029
WinRAR		15.04.2010		
Wireless Selector	FUJITSU LIMITED	21.02.2010	0,34MB	2.0.0.0
         
Waere sehr dankbar fuer Hilfe, was ich nun hijacken soll.

Ansonsten ist das Problem, dass ich den Malware detecter nicht aktualisieren kann (wie empfohlen) weil ich wegen dem Win7 nicht ins Inet komme.

Danke fuer eure Hilfe

Alt 08.04.2011, 19:09   #2
markusg
/// Malware-holic
 
Win 7 Security entfernen (log-files vorhanden) - Standard

Win 7 Security entfernen (log-files vorhanden)



1. nimm keinerlei reinigung selbstständig vor, sonst ist das nur störend.
2. reiche alle evtl vorhandenen scan logs mit funden nach
auch fundorte benennen.
3.
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten
__________________

__________________

Alt 08.04.2011, 21:15   #3
hens1988
 
Win 7 Security entfernen (log-files vorhanden) - Standard

Win 7 Security entfernen (log-files vorhanden)



OTL

Code:
ATTFilter
OTL logfile created on: 08.04.2011 13:15:13 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Hens\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 7,27 Gb Free Space | 4,88% Space Free | Partition Type: NTFS
Drive E: | 7,88 Gb Total Space | 1,55 Gb Free Space | 19,68% Space Free | Partition Type: FAT32
 
Computer Name: HENS-PC | User Name: Hens | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hens\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Hens\AppData\Local\dsh.exe ()
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\KMService.exe ()
PRC - C:\Programme\flexnet\i486_nt\obj\ptc_d.exe ()
PRC - C:\Programme\flexnet\i486_nt\obj\lmgrd.exe (Macrovision Corporation)
PRC - C:\Programme\Kensington Display Adapter\DisplayLinkKensingtonSupport.exe (DisplayLink Corp.)
PRC - C:\Programme\DisplayLink Core Software\DisplayLinkUI.exe (DisplayLink Corp.)
PRC - C:\Programme\DisplayLink Core Software\DisplayLinkUserAgent.exe (DisplayLink Corp.)
PRC - C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Fujitsu\WirelessSelector\WSUService.exe ()
PRC - C:\Programme\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED)
PRC - C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
PRC - C:\Windows\System32\srvany.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Hens\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_a35e6b9.dll ()
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (FLEXlm server for PTC) -- C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe (Macrovision Corporation)
SRV - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WirelessSelectorService) -- C:\Programme\Fujitsu\WirelessSelector\WSUService.exe ()
SRV - (PowerSavingUtilityService) -- C:\Programme\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
SRV - (SentinelProtectionServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (FJGSDisk) -- C:\Windows\system32\DRIVERS\FJGSDisk.sys (FUJITSU LIMITED)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (DisplayLinkUsbPort) -- C:\Windows\System32\drivers\DisplayLinkUsbPort_5.2.22617.0.sys (hxxp://libusb-win32.sourceforge.net)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (dlkmd) -- C:\Windows\system32\drivers\dlkmd.sys (DisplayLink Corp.)
DRV - (dlkmdldr) -- C:\Windows\system32\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom)
DRV - (LVUVC) Logitech QuickCam Pro 9000(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (azvusb) -- C:\Windows\System32\drivers\azvusb.sys (AzureWave Technologies, Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (SMSCIRDA) -- C:\Windows\System32\drivers\smscirda.sys (SMSC)
DRV - (SWUMX32) Sierra Wireless USB MUX Driver (UMTS32) -- C:\Windows\System32\drivers\swumx32.sys (Sierra Wireless Inc.)
DRV - (SWNC8U32) Sierra Wireless MUX NDIS Driver (UMTS32) -- C:\Windows\System32\drivers\swnc8u32.sys (Sierra Wireless Inc.)
DRV - (O2SCBUS) -- C:\Windows\System32\drivers\ozscr.sys (O2Micro)
DRV - (FUJ02E3) -- C:\Windows\System32\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV - (FUJ02B1) -- C:\Windows\System32\drivers\fuj02b1.sys (FUJITSU LIMITED)
DRV - (O2SDRDR) -- C:\Windows\system32\DRIVERS\o2sd.sys (O2Micro )
DRV - (O2MDRDR) -- C:\Windows\system32\DRIVERS\o2media.sys (O2Micro )
DRV - (tap0801) -- C:\Windows\System32\drivers\tap0801.sys (The OpenVPN Project)
DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.)
DRV - (SNTNLUSB) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (SafeNet, Inc.)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (DirectNT) -- C:\Windows\System32\drivers\DirectNT.sys (c't)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA 74 17 F2 04 EC CB 01  [binary data]
IE - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.zeit.de"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 22:55:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.31 09:18:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.08 09:52:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.01.03 16:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hens\AppData\Roaming\mozilla\Extensions
[2011.01.03 16:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hens\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.03.23 22:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hens\AppData\Roaming\mozilla\Firefox\Profiles\rowa3jhx.default\extensions
[2010.07.29 14:17:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Hens\AppData\Roaming\mozilla\Firefox\Profiles\rowa3jhx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.09.11 08:35:09 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Hens\AppData\Roaming\mozilla\Firefox\Profiles\rowa3jhx.default\extensions\vshare@toolbar
[2011.03.24 22:55:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.12.31 11:23:04 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.05.23 04:42:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.31 13:14:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.11 05:03:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.12 13:00:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.02.09 12:56:45 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) -- 
[2010.12.31 11:23:04 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2010.02.08 10:20:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2010.05.23 04:42:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.31 13:14:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.11 05:03:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.12 13:00:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.18 11:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2010.05.10 08:27:59 | 000,001,345 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IndicatorUtility] C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [openvpn-gui] C:\Programme\OpenVPN\bin\openvpn-gui.exe ()
O4 - HKLM..\Run: [PSUtility] C:\Programme\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [ScanSoft PDF Create! 4-reminder] C:\Program Files\ScanSoft\PDF Create! 4\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSUtility] C:\Programme\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TvOutSwitch] C:\Programme\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [USBToolTip] C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Hens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hens\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 136.159.89.2 136.159.130.8
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{36eb6e8f-3659-11df-949c-00037aaaaab2}\Shell - "" = AutoRun
O33 - MountPoints2\{36eb6e8f-3659-11df-949c-00037aaaaab2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{9d6f704a-17ce-11df-a047-00037aaaaab2}\Shell - "" = AutoRun
O33 - MountPoints2\{9d6f704a-17ce-11df-a047-00037aaaaab2}\Shell\AutoRun\command - "" = F:\Welcome\Welcome.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001..exefile [open] -- "C:\Users\Hens\AppData\Local\dsh.exe" -a "%1" %* ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\...exe [@ = exefile] -- "C:\Users\Hens\AppData\Local\dsh.exe" -a "%1" %* ()
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.08 12:46:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Hens\Desktop\OTL.exe
[2011.04.08 10:57:15 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Hens\Desktop\HiJackThis.exe
[2011.04.08 10:47:27 | 000,000,000 | ---D | C] -- C:\Users\Hens\Desktop\hjtscanlist
[2011.04.08 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Hens\AppData\Roaming\Malwarebytes
[2011.04.08 10:37:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.08 10:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.08 10:37:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.08 10:37:37 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.08 10:37:14 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.04.08 10:32:36 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2011.04.08 10:32:36 | 000,000,000 | ---D | C] -- C:\Users\Hens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.04.07 23:24:42 | 000,000,000 | ---D | C] -- C:\Users\Hens\AppData\Local\Panther
[2011.04.07 23:24:36 | 000,114,688 | -HS- | C] (Microsoft Corporation) -- C:\Users\Hens\AppData\Local\keg.exe
[2011.03.27 10:46:49 | 000,000,000 | ---D | C] -- C:\Users\Hens\Desktop\Maria's & Karelia's Party
[2011.03.24 14:16:09 | 000,000,000 | ---D | C] -- C:\Users\Hens\Documents\Pinnacle Studio
[2011.03.24 14:15:41 | 000,000,000 | ---D | C] -- C:\Users\Hens\AppData\Local\Pinnacle
[2011.03.24 14:12:14 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Pinnacle
[2011.03.24 14:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Ultimate Collection
[2011.03.24 14:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 14
[2011.03.24 14:06:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Projects
[2011.03.24 14:00:04 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Pegasus Imaging
[2011.03.24 14:00:03 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Yahoo!
[2011.03.24 14:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Studio 14
[2011.03.24 14:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Plus
[2011.03.24 14:00:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle
[2011.03.24 12:50:59 | 000,000,000 | ---D | C] -- C:\Programme\SafeNet Sentinel
[2011.03.24 12:50:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\SafeNet Sentinel
[2011.03.24 12:50:33 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011.03.24 12:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motion Analysis
[2011.03.24 12:37:32 | 000,000,000 | ---D | C] -- C:\Programme\Motion Analysis
[2011.03.24 11:48:14 | 000,000,000 | ---D | C] -- C:\Users\Hens\AppData\Roaming\DVDVideoSoft
[2011.03.19 19:36:43 | 000,000,000 | ---D | C] -- C:\Users\Hens\Desktop\Banff
[2010.06.06 04:21:30 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeA9D5.dll
[3 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.08 13:11:33 | 000,008,692 | -HS- | M] () -- C:\Users\Hens\AppData\Local\js6cy226kpp3fu006bryc5cx757a25077l2
[2011.04.08 13:11:33 | 000,008,692 | -HS- | M] () -- C:\ProgramData\js6cy226kpp3fu006bryc5cx757a25077l2
[2011.04.08 12:36:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Hens\Desktop\OTL.exe
[2011.04.08 12:18:18 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.08 12:18:18 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.08 12:10:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.08 12:10:17 | 1603,080,192 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.08 10:54:50 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Hens\Desktop\HiJackThis.exe
[2011.04.08 10:46:52 | 000,109,774 | ---- | M] () -- C:\Users\Hens\Documents\cc_20110408_104634.reg
[2011.04.08 10:37:46 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.08 10:37:15 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.08 10:32:36 | 000,002,959 | ---- | M] () -- C:\Users\Hens\Desktop\HiJackThis.lnk
[2011.04.08 09:49:33 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.08 09:49:33 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.08 09:49:33 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.08 09:49:33 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.07 23:24:36 | 000,114,688 | -HS- | M] (Microsoft Corporation) -- C:\Users\Hens\AppData\Local\keg.exe
[2011.04.07 23:24:22 | 000,217,202 | -HS- | M] () -- C:\Users\Hens\AppData\Local\dsh.exe
[2011.04.07 23:24:20 | 000,217,202 | -HS- | M] () -- C:\Users\Hens\AppData\Local\dxm.exe
[2011.04.06 17:21:33 | 000,208,896 | ---- | M] () -- C:\Users\Hens\Documents\Studierendenfeedback_Berufspraktikum_Hendrik_Enders.dot
[2011.04.04 23:10:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011.04.04 10:47:00 | 000,115,267 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011.04.04 10:47:00 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011.04.01 08:45:28 | 000,272,624 | ---- | M] () -- C:\Users\Hens\Desktop\payment.png
[2011.03.31 09:06:26 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.03.27 16:39:22 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.03.24 22:34:05 | 003,834,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.03.24 14:06:55 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\Pinnacle Studio 14.lnk
[2011.03.24 12:37:47 | 000,002,093 | ---- | M] () -- C:\Users\Public\Desktop\EVaRT 5.0.4.lnk
[2011.03.24 12:37:47 | 000,002,060 | ---- | M] () -- C:\Users\Public\Desktop\MAC License Tool.lnk
[2011.03.23 12:01:48 | 000,191,488 | ---- | M] () -- C:\Users\Hens\Desktop\Assessment_of_professional_internship_Hendrik_Enders.dot
[2011.03.23 11:59:39 | 000,214,528 | ---- | M] () -- C:\Users\Hens\Desktop\Student_feedback professional internship_Hendrik_Enders.dot
[2011.03.23 11:57:59 | 000,217,088 | ---- | M] () -- C:\Users\Hens\Desktop\Company_feedback_on_professional_internship__Hendrik_Enders.dot
[3 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.08 10:46:38 | 000,109,774 | ---- | C] () -- C:\Users\Hens\Documents\cc_20110408_104634.reg
[2011.04.08 10:37:46 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.08 10:37:15 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.08 10:32:36 | 000,002,959 | ---- | C] () -- C:\Users\Hens\Desktop\HiJackThis.lnk
[2011.04.07 23:24:38 | 000,008,692 | -HS- | C] () -- C:\Users\Hens\AppData\Local\js6cy226kpp3fu006bryc5cx757a25077l2
[2011.04.07 23:24:38 | 000,008,692 | -HS- | C] () -- C:\ProgramData\js6cy226kpp3fu006bryc5cx757a25077l2
[2011.04.07 23:24:22 | 000,217,202 | -HS- | C] () -- C:\Users\Hens\AppData\Local\dsh.exe
[2011.04.07 23:24:20 | 000,217,202 | -HS- | C] () -- C:\Users\Hens\AppData\Local\dxm.exe
[2011.04.06 17:14:36 | 000,208,896 | ---- | C] () -- C:\Users\Hens\Documents\Studierendenfeedback_Berufspraktikum_Hendrik_Enders.dot
[2011.03.31 09:17:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.03.24 22:55:35 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.03.24 14:06:55 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle Studio 14.lnk
[2011.03.24 12:37:47 | 000,002,093 | ---- | C] () -- C:\Users\Public\Desktop\EVaRT 5.0.4.lnk
[2011.03.24 12:37:47 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\MAC License Tool.lnk
[2011.03.23 12:01:48 | 000,191,488 | ---- | C] () -- C:\Users\Hens\Desktop\Assessment_of_professional_internship_Hendrik_Enders.dot
[2011.03.23 11:59:39 | 000,214,528 | ---- | C] () -- C:\Users\Hens\Desktop\Student_feedback professional internship_Hendrik_Enders.dot
[2011.03.23 11:57:58 | 000,217,088 | ---- | C] () -- C:\Users\Hens\Desktop\Company_feedback_on_professional_internship__Hendrik_Enders.dot
[2011.01.18 19:23:34 | 000,000,132 | ---- | C] () -- C:\Users\Hens\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010.09.21 07:41:59 | 000,012,956 | ---- | C] () -- C:\Users\Hens\AppData\Roaming\Kommagetrennte Werte (Windows).CAL
[2010.08.15 01:07:03 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe
[2010.08.15 01:07:03 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010.08.15 00:41:15 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010.04.20 17:07:12 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.04.14 14:20:19 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.03.15 09:13:35 | 000,739,328 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2010.03.15 09:13:35 | 000,073,728 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2010.03.15 09:12:56 | 000,872,507 | ---- | C] () -- C:\Windows\System32\mesa.dll
[2010.03.15 09:12:55 | 000,031,776 | ---- | C] () -- C:\Windows\System32\NT_IODRV.EXE
[2010.02.09 03:27:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd9.dll
[2010.02.09 03:27:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd10.dll
[2010.02.08 09:49:31 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.08 08:43:26 | 000,604,140 | -HS- | C] () -- C:\Windows\System32\drivers\ISwift3.dat
[2010.02.08 08:41:39 | 000,115,267 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.02.08 08:41:39 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.02.08 08:37:01 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.01.18 05:42:06 | 000,034,666 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.10.06 17:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.06 17:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.09.23 11:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009.07.14 02:47:43 | 000,643,866 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 02:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 02:47:43 | 000,126,394 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 02:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.13 22:33:53 | 003,834,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.13 20:05:48 | 000,607,190 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.13 20:05:48 | 000,103,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.13 18:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2009.07.13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.05.24 22:18:10 | 000,027,507 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2007.08.23 10:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
 
========== LOP Check ==========
 
[2010.02.12 06:35:55 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DAEMON Tools Lite
[2011.04.07 22:04:05 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Dropbox
[2011.03.24 11:49:11 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DVDVideoSoft
[2011.03.24 11:49:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.12 09:14:14 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Facebook
[2010.12.07 13:06:12 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Foxit Software
[2010.11.07 11:53:34 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\IrfanView
[2011.02.24 20:16:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\JabRef 2.6
[2010.04.20 17:08:56 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Leadertech
[2010.06.06 04:27:37 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\MyPhoneExplorer
[2010.02.13 14:32:00 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\PTC
[2010.04.14 14:23:43 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\ScanSoft
[2010.02.21 15:31:09 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Sierra Wireless
[2010.04.21 09:54:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\SmartDraw
[2010.11.07 01:34:21 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\SumatraPDF
[2011.01.03 16:28:35 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Thunderbird
[2010.11.07 07:44:08 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\xm1
[2010.04.14 14:21:48 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Zeon
[2011.02.12 03:21:24 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.01.11 14:04:11 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Adobe
[2010.02.28 08:59:05 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Ahead
[2010.02.28 11:35:31 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Apple Computer
[2010.02.12 06:35:55 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DAEMON Tools Lite
[2011.03.24 14:17:08 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DivX
[2011.04.07 22:04:05 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Dropbox
[2011.03.26 15:58:29 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\dvdcss
[2011.03.24 11:49:11 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DVDVideoSoft
[2011.03.24 11:49:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.12 09:14:14 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Facebook
[2010.12.07 13:06:12 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Foxit Software
[2010.02.08 08:30:01 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Identities
[2010.11.07 11:53:34 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\IrfanView
[2011.02.24 20:16:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\JabRef 2.6
[2010.04.20 17:08:56 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Leadertech
[2010.02.08 08:58:50 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Macromedia
[2011.04.08 10:42:20 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Malwarebytes
[2010.02.14 14:42:05 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\MathWorks
[2009.07.14 02:56:41 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Media Center Programs
[2011.03.24 14:12:16 | 000,000,000 | --SD | M] -- C:\Users\Hens\AppData\Roaming\Microsoft
[2010.11.07 01:49:45 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\MiKTeX
[2010.02.08 08:49:06 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Mozilla
[2010.06.06 04:27:37 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\MyPhoneExplorer
[2010.02.13 14:32:00 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\PTC
[2010.04.14 14:23:43 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\ScanSoft
[2010.02.21 15:31:09 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Sierra Wireless
[2011.04.08 10:44:57 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Skype
[2011.04.07 22:06:46 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\skypePM
[2010.04.21 09:54:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\SmartDraw
[2010.11.07 01:34:21 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\SumatraPDF
[2011.01.03 16:28:35 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Thunderbird
[2011.04.06 22:27:43 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\vlc
[2010.04.15 03:48:23 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\WinRAR
[2010.11.07 07:44:08 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\xm1
[2010.04.14 14:21:48 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Zeon
 
< %APPDATA%\*.exe /s >
[2010.02.25 23:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Hens\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2010.09.24 06:57:28 | 000,089,831 | ---- | M] () -- C:\Users\Hens\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2010.04.12 09:14:14 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Hens\AppData\Roaming\Facebook\uninstall.exe
[2010.04.13 10:18:24 | 000,048,963 | ---- | M] () -- C:\Users\Hens\AppData\Roaming\JabRef 2.6\JabRef.exe
[2011.02.24 20:16:47 | 000,062,536 | ---- | M] (JabRef Team) -- C:\Users\Hens\AppData\Roaming\JabRef 2.6\uninstall.exe
[2011.04.08 10:32:36 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Hens\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2011.03.24 14:12:16 | 000,029,926 | R--- | M] () -- C:\Users\Hens\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.13 19:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.13 19:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.13 19:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.23 17:22:16 | 000,032,890 | ---- | M] () MD5=4FA5D1120762802A741F374F8B391E69 -- C:\Programme\MATLAB\R2010a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2007.02.12 07:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\fsc.tmp\1010858\64bit\iastor.sys
[2007.02.12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\fsc.tmp\1010858\32bit\iastor.sys
[2007.02.12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007.02.12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_32495ab0b5cbc36c\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009.07.13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.13 19:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.13 19:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.27 23:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.13 19:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.13 17:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.13 17:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.02.12 06:01:34 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.13 19:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\expsrv.dll
[2004.08.04 08:00:00 | 001,355,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\MSVBVM50.DLL
[2009.07.13 19:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll
[2009.07.13 19:16:18 | 000,489,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< End of report >
         
Extras

Code:
ATTFilter
OTL Extras logfile created on: 08.04.2011 13:15:13 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Hens\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 7,27 Gb Free Space | 4,88% Space Free | Partition Type: NTFS
Drive E: | 7,88 Gb Total Space | 1,55 Gb Free Space | 19,68% Space Free | Partition Type: FAT32
 
Computer Name: HENS-PC | User Name: Hens | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Users\Hens\AppData\Local\dsh.exe ()
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DB2A37A-67C1-48DB-AA21-1F003FF11D91}" = DisplayLink Core Software
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18BD326E-89F9-430C-B4BD-11DE323CCCA3}" = Wireless Selector
"{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{273BEEED-2915-4C6C-B63E-564A4B2819B7}" = KinTrak 7.0
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{33E6FA96-31C0-4CEF-B385-C20D51C0FA06}" = OZ711 SCR Driver V3.0.0.9A
"{3D05721D-98BD-41AB-B529-30AABE96E7F9}" = ScanSoft PDF Create! 4
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{404C18ED-873A-4191-BA03-30F627445418}" = Sentinel Protection Installer 7.3.0
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45212F71-750F-4B98-8931-2F35DBE6B661}" = Paint.NET v3.5.7
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6733975E-52C9-4624-805D-36A4F79F7BBB}" = MDESIGN Roloff-Matek Edition
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D71C3D1-7E36-4655-9A5E-6118C891DC25}" = Kensington Display Adapter
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7426D8C8-7323-4A3D-9F94-2465B95C26B5}" = TVCenter
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C99490E-9ACE-440D-A717-E750AAF89E6E}" = EVaRT 5.0.4
"{827517C3-9B89-458E-A8F2-96DD24BDFE29}" = Shock Sensor Utility
"{8556B16D-AD7A-42A7-8A75-F7C532371031}" = Nero 7 Essentials
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EAB283A2-3F35-4FCD-81B0-31A63D2470F9}" = Power Saving Utility
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2BCC06B-72EF-49E5-B54F-DCCDFEA42CA2}" = Fujitsu Display Manager
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"A71701C3-4C1A-4181-93FA-D7CA487F287D_is1" = HBM TEDS Editor
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"catmanEasy3.0_is1" = catmanEasy/AP  3.0.4.100
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.0.6
"Free YouTube Download_is1" = Free YouTube Download 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"GSview 4.9" = GSview 4.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{18BD326E-89F9-430C-B4BD-11DE323CCCA3}" = Wireless Selector
"InstallShield_{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"InstallShield_{33E6FA96-31C0-4CEF-B385-C20D51C0FA06}" = OZ711 SCR Driver V3.0.0.9A
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{7C99490E-9ACE-440D-A717-E750AAF89E6E}" = EVaRT 5.0.4
"InstallShield_{827517C3-9B89-458E-A8F2-96DD24BDFE29}" = Shock Sensor Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EAB283A2-3F35-4FCD-81B0-31A63D2470F9}" = Power Saving Utility
"InstallShield_{F2BCC06B-72EF-49E5-B54F-DCCDFEA42CA2}" = Fujitsu Display Manager
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2010a" = MATLAB R2010a
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"MPE" = MyPhoneExplorer
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenVPN" = OpenVPN 2.0.9-gui-1.0.3
"PokerStars.net" = PokerStars.net
"Pro/ENGINEER Release Wildfire 4.0 Datecode F000" = Pro/ENGINEER Release Wildfire 4.0 Datecode F000
"PTC License Server Release Wildfire 4.0 Datecode F000" = PTC License Server Release Wildfire 4.0 Datecode F000
"Rainlendar2" = Rainlendar2 (remove only)
"Spider32 Setup" = Spider32 Setup
"Texmaker" = Texmaker
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Faraday's Electromagnetic Lab" = Faraday's Electromagnetic Lab
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.04.2011 18:44:12 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt,
 dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus
 starten?.
 
Error - 06.04.2011 18:50:00 | Computer Name = Hens-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.5123.5000,
 Zeitstempel: 0x4c646b38  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
 Zeitstempel: 0x4cc7ab44  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000c35e3  ID des fehlerhaften
 Prozesses: 0x1060  Startzeit der fehlerhaften Anwendung: 0x01cbf4acf2f2e718  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 339dffca-60a0-11e0-af37-c268356a43de
 
Error - 06.04.2011 18:50:12 | Computer Name = Hens-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.5123.5000,
 Zeitstempel: 0x4c646b38  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
 Zeitstempel: 0x4cc7ab44  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000c35e3  ID des fehlerhaften
 Prozesses: 0x1340  Startzeit der fehlerhaften Anwendung: 0x01cbf4acfb365982  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 3a6071e1-60a0-11e0-af37-c268356a43de
 
Error - 06.04.2011 18:50:22 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt,
 dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus
 starten?.
 
Error - 06.04.2011 18:56:08 | Computer Name = Hens-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.5123.5000,
 Zeitstempel: 0x4c646b38  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
 Zeitstempel: 0x4cc7ab44  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000c35e3  ID des fehlerhaften
 Prozesses: 0x1420  Startzeit der fehlerhaften Anwendung: 0x01cbf4adce3bb062  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 0ec44c73-60a1-11e0-af37-c268356a43de
 
Error - 06.04.2011 18:56:34 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt,
 dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus
 starten?.
 
Error - 06.04.2011 18:56:49 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt,
 dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus
 starten?.
 
Error - 06.04.2011 18:56:59 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt,
 dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus
 starten?.
 
Error - 06.04.2011 18:59:32 | Computer Name = Hens-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.5123.5000,
 Zeitstempel: 0x4c646b38  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
 Zeitstempel: 0x4cc7ab44  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000c35e3  ID des fehlerhaften
 Prozesses: 0x7b8  Startzeit der fehlerhaften Anwendung: 0x01cbf4ae46a32346  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 885d8d11-60a1-11e0-af37-c268356a43de
 
Error - 06.04.2011 18:59:51 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt,
 dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus
 starten?.
 
[ System Events ]
Error - 08.04.2011 12:56:53 | Computer Name = Hens-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 08.04.2011 12:56:53 | Computer Name = Hens-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 08.04.2011 12:56:54 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.04.2011 12:56:54 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.04.2011 12:56:54 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.04.2011 12:56:54 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.04.2011 12:56:55 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.04.2011 12:56:55 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.04.2011 14:02:02 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.04.2011 14:02:03 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
Mein Malwarebztes Scanner laeuft noch.

Danke schon mal
__________________

Alt 08.04.2011, 23:26   #4
hens1988
 
Win 7 Security entfernen (log-files vorhanden) - Standard

Win 7 Security entfernen (log-files vorhanden)



lodatei Malwarebytes scanner

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6314

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.04.2011 16:20:18
mbam-log-2011-04-08 (16-20-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 430309
Laufzeit: 3 Stunde(n), 58 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> 540 -> No action taken.
c:\Users\Hens\AppData\Local\dsh.exe (Trojan.Agent) -> 3704 -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Hens\AppData\Local\dsh.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Hens\AppData\Local\dsh.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Hens\AppData\Local\dsh.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Users\Hens\AppData\Local\dsh.exe" -a "%1" %*) Good: ("%1" %*) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> No action taken.
c:\Users\Hens\AppData\Local\dsh.exe (Trojan.Agent) -> No action taken.
c:\Users\Hens\AppData\Local\dxm.exe (Trojan.Agent) -> No action taken.
c:\Users\Hens\AppData\Local\Temp\0.46982674232693467.exe (Trojan.Agent) -> No action taken.
c:\Users\Hens\AppData\LocalLow\Sun\Java\deployment\cache\6.0\59\5fe6bdfb-57f354a0 (Trojan.Agent) -> No action taken.
c:\Users\Hens\Desktop\techsmith camtasia studio v7.0.1\keymaker(zwt)\keygen.exe (Backdoor.RBot) -> No action taken.
c:\Users\Hens\downloads\microsoft office professional plus 2010\activator\mini-kms_activator_v1.052.exe (Riskware.Keygen) -> No action taken.
c:\Windows\System32\sysprep\cryptbase.dll (Trojan.Agent) -> No action taken.
         
kann ich die gefundenen infektionen hier loeschen oder "stoert" das dann wie vorher erwaehnt?

Alt 09.04.2011, 10:33   #5
markusg
/// Malware-holic
 
Win 7 Security entfernen (log-files vorhanden) - Standard

Win 7 Security entfernen (log-files vorhanden)



die beiden hab idch ja ganz übersehen
c:\Users\Hens\downloads\microsoft office professional plus 2010\activator\mini-kms_activator_v1.052.exe (Riskware.Keygen) -> No action taken.
c:\Windows\System32\sysprep\cryptbase.dll (Trojan.Agent) -> No action taken.
wer so was nutzt muss sich über malware nicht wundern, desweiteren sehe ich noch verdächtige hosts einträge, du nutzt also wohl noch illegal adobe produkte.
dies unterstützen wir nicht, da dies eine straftat ist.
du bekommst hier hilfe beim neu aufsetzen, mehr nicht.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Win 7 Security entfernen (log-files vorhanden)
7-zip, analysis, avp, avp.exe, bho, bootmgr, c:\hiberfil.sys, c:\windows\kmservice.exe, cache.dat, computer, converter, department, desktop, desktop.ini, display adapter, entfernen, excel, flash player, hiberfil.sys, hijack, hijackthis, installation, javaws.exe, jdownloader, kaspersky, log files, logfile, lws.exe, malware, mozilla, mozilla thunderbird, mp3, mpsigstub.exe, myphoneexplorer, notepad.exe, ntdll.dll, problem, recycle.bin, schannel.dll, security, senden, server, shell32.dll, sierra, software, studio, system, tastatur, twain.dll, twunk_32.exe, win32k.sys, windows, wmploc.dll



Ähnliche Themen: Win 7 Security entfernen (log-files vorhanden)


  1. Log Files Beurteilung: insb. Vorgehen bei Meldung in Log Files "Files to move or delete:..."
    Log-Analyse und Auswertung - 20.05.2014 (15)
  2. GVU - trojaner Windows 7 brauche hilfe beim entfernen frstlog vorhanden
    Plagegeister aller Art und deren Bekämpfung - 19.11.2013 (5)
  3. GVU Trojaner auf Windows7 entfernen Log.txt schon vorhanden
    Log-Analyse und Auswertung - 03.10.2013 (1)
  4. Prüft Norton Internet Security alle .EXE-Files vor deren Ausführung oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 27.09.2013 (7)
  5. Microsoft Security Essentials gesperrt/nicht mehr vorhanden
    Alles rund um Windows - 29.06.2013 (3)
  6. Bundestrojaner 1.13 entfernen ... OTL und EXTRAS schon vorhanden, wie gehts weiter?
    Log-Analyse und Auswertung - 25.11.2012 (4)
  7. Live Platinum Security - Was tun ? Logfiles vorhanden
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (1)
  8. Bundestrojaner evtl . noch vorhanden, ComboFix + Malwarebytes ausgeführt, Logfiles vorhanden
    Log-Analyse und Auswertung - 27.07.2012 (5)
  9. Log Files nach Entfernen von Live Security Platinum - Was muss ich nun noch tun?
    Log-Analyse und Auswertung - 27.07.2012 (9)
  10. Bundepolizei Trojaner wie bei XP entfernen? OTL-log files vorhanden. Kasp.RescueCD10 klappt nicht
    Log-Analyse und Auswertung - 17.06.2012 (3)
  11. Abnow versucht zu entfernen - Reste vorhanden?
    Log-Analyse und Auswertung - 10.04.2012 (31)
  12. 50€-AKM-Virus: OTL-Files bereits vorhanden
    Log-Analyse und Auswertung - 31.03.2012 (20)
  13. Achtung! Ihr Computer wurde gesperrt!!!! OTL-files vorhanden
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (6)
  14. Viele 'file missing'-Einträge vorhanden - entfernen?
    Log-Analyse und Auswertung - 12.06.2010 (1)
  15. Ständiges WINDOWS SECURITY ALERT: Wie entferne ich diesen Trojaner? Logfile vorhanden
    Plagegeister aller Art und deren Bekämpfung - 01.08.2008 (7)
  16. Trojaner! Hilfe! wie entfernen? meine HiJackThis Log-Files
    Log-Analyse und Auswertung - 23.06.2008 (6)
  17. VirusProtect !!! entfernen unmöglich !!! hier meine log files
    Plagegeister aller Art und deren Bekämpfung - 30.12.2007 (10)

Zum Thema Win 7 Security entfernen (log-files vorhanden) - Hallo, ich habe mir bereits einige Threads zum Thema Win7 Security entfernen durhcgelesen. Ich habe HijackThis installiert und jeweils beide log files erstellt. Ausserdem noch mit CCleaner meine installierten Programme - Win 7 Security entfernen (log-files vorhanden)...
Archiv
Du betrachtest: Win 7 Security entfernen (log-files vorhanden) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.