Blumenwiese | 15.11.2011 10:17 | OTL Logfile: Code:
OTL logfile created on: 15.11.2011 09:54:28 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\*\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 81,87% Memory free
6,19 Gb Paging File | 5,85 Gb Available in Paging File | 94,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,61 Gb Total Space | 405,56 Gb Free Space | 70,34% Space Free | Partition Type: NTFS
Drive D: | 19,55 Gb Total Space | 13,33 Gb Free Space | 68,19% Space Free | Partition Type: FAT32
Computer Name: *-PC | User Name: * | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.11.14 11:49:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - [2011.08.01 18:12:42 | 003,730,192 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro SafeSync\hrfscore.exe -- (OnlineStorageService)
SRV - [2011.07.04 19:11:47 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 08:06:19 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.01 14:12:56 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2011.03.01 14:12:56 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.11.16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.10.13 21:03:54 | 000,187,456 | -H-- | M] (DATA BECKER GmbH & Co KG) [Auto | Stopped] -- C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2009.07.10 11:23:54 | 000,036,864 | ---- | M] (Realtek) [Auto | Stopped] -- C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2011.08.01 18:20:10 | 000,143,120 | ---- | M] (Trend Micro Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hrfsmrx.sys -- (hrfsmrx)
DRV - [2011.07.04 19:11:48 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.04 19:11:48 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.03.10 09:33:48 | 000,526,848 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.09.10 08:50:11 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.06.09 12:04:48 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.13 05:41:54 | 004,179,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.09.05 01:01:00 | 000,419,328 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV - [2008.09.05 01:01:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2008.09.05 01:01:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2007.12.08 07:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007.11.17 19:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.10.12 15:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;*.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: foxyseotool@foxyseotool.com:0.8.4
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: senseo@nicosteiner.de:1.4.3
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.6.6
FF - prefs.js..extensions.enabledItems: seoquake-plugin-seolinx@seoquake.com:1.0.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\*\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.06 11:35:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.06 10:46:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.04 18:33:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
[2010.11.18 11:08:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2010.11.18 11:08:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.05.05 10:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.11.11 09:34:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions
[2010.10.29 09:09:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.25 09:21:25 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2009.10.08 11:02:24 | 000,000,000 | ---D | M] (RankQuest SEO Toolbar) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{556d6eb2-aed0-4a4c-98a0-6f1dd597b98b}
[2011.10.06 11:35:55 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2009.10.08 11:05:05 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\seoquake-plugin-seolinx@seoquake.com
[2011.05.20 10:42:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.01.20 10:18:18 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.07.03 13:29:44 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2011.05.20 10:37:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.05.20 10:42:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2009.07.03 13:29:44 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\FOXYSEOTOOL@FOXYSEOTOOL.COM.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\SENSEO@NICOSTEINER.DE.XPI
[2011.10.06 11:35:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.05.30 00:20:07 | 000,535,840 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCltInstall.dll
[2011.04.14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.06 11:35:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.06 11:35:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.06 11:35:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.06 11:35:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.06 11:35:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.06 11:35:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\13.0.782.220\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\13.0.782.220\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\13.0.782.220\gears.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: iLinc Communications Netscape/Mozilla Install Plugin v 10.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCltInstall.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\*\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe (Corel Corporation)
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://ips.poi.de/ips-opdata/operator/69189345/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{389EAD2B-CB3B-4DBE-AF76-B4DDA96042D2}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{676F61E6-2878-4DB0-9FC3-602069A8F55B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{754E2F00-44F8-4003-A773-0E2976769286}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FAD0C66-3017-4A6F-B0FC-39D80FB40CD4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9067AE95-3FC3-4C5A-A0DB-3AB697C7FD83}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{914E0EA0-B606-40E8-BACC-BAC20B424978}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC299F6F-9EAA-4D25-9CE3-E963A17F1F3B}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C47FD66D-8815-4180-BD75-9F637405777B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{088d9884-a746-11de-a692-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{088d9884-a746-11de-a692-002185c49f05}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{80d15e22-71d9-11de-b623-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{80d15e22-71d9-11de-b623-002185c49f05}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{97f527cc-ecd4-11df-b06b-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{97f527cc-ecd4-11df-b06b-002185c49f05}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{d4011230-4d15-11df-ac73-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d4011230-4d15-11df-ac73-806e6f6e6963}\Shell\AutoRun\command - "" = G:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2011.11.14 17:22:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.11.14 15:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.14 11:49:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2011.11.14 11:25:06 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011.11.10 13:53:35 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Facility
[2011.11.01 10:01:35 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Timelines
[2011.10.25 14:34:29 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Legionellen
[1 C:\Users\*\AppData\Local\*.tmp files -> C:\Users\*\AppData\Local\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.11.15 08:09:38 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.15 08:09:38 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.15 08:09:38 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.15 08:09:38 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.15 08:05:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.14 17:22:06 | 000,007,512 | ---- | M] () -- C:\Users\*\AppData\Local\d3d9caps.dat
[2011.11.14 12:01:29 | 000,302,592 | ---- | M] () -- C:\Users\*\Desktop\knnmbkcs.exe
[2011.11.14 11:59:33 | 000,000,000 | ---- | M] () -- C:\Users\*\defogger_reenable
[2011.11.14 11:59:04 | 000,050,477 | ---- | M] () -- C:\Users\*\Desktop\Defogger.exe
[2011.11.14 11:49:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2011.11.14 11:30:40 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2011.11.14 11:30:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.14 11:30:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.14 11:30:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.14 11:28:03 | 000,000,440 | -H-- | M] () -- C:\ProgramData\oRf1rBdMoFDJPb
[2011.11.14 11:25:11 | 000,000,613 | ---- | M] () -- C:\Users\*\Desktop\System Restore.lnk
[2011.11.14 11:25:11 | 000,000,288 | -H-- | M] () -- C:\ProgramData\~oRf1rBdMoFDJPb
[2011.11.14 11:25:11 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~oRf1rBdMoFDJPbr
[2011.11.14 10:47:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.14 10:42:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1121016878-2803726019-2787449478-1000UA.job
[2011.11.10 13:54:23 | 000,040,448 | ---- | M] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.10 08:42:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1121016878-2803726019-2787449478-1000Core.job
[2011.10.27 08:44:28 | 000,004,096 | -H-- | M] () -- C:\Users\Public\Documents\0000055F.LCS
[2011.10.21 17:40:39 | 080,464,399 | ---- | M] () -- C:\Users\*\Documents\gynefix herstellerseite neu 21_10_2011 18_40_31.w2b
[2011.10.20 15:43:17 | 000,023,921 | ---- | M] () -- C:\Users\*\Desktop\google36afa2453f3593ee.html
[2011.10.17 14:03:50 | 000,359,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\*\AppData\Local\*.tmp files -> C:\Users\*\AppData\Local\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.11.14 12:01:29 | 000,302,592 | ---- | C] () -- C:\Users\*\Desktop\knnmbkcs.exe
[2011.11.14 11:59:33 | 000,000,000 | ---- | C] () -- C:\Users\*\defogger_reenable
[2011.11.14 11:59:13 | 000,050,477 | ---- | C] () -- C:\Users\*\Desktop\Defogger.exe
[2011.11.14 11:25:11 | 000,000,613 | ---- | C] () -- C:\Users\*\Desktop\System Restore.lnk
[2011.11.14 11:25:11 | 000,000,288 | -H-- | C] () -- C:\ProgramData\~oRf1rBdMoFDJPb
[2011.11.14 11:25:11 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~oRf1rBdMoFDJPbr
[2011.11.14 11:24:57 | 000,000,440 | -H-- | C] () -- C:\ProgramData\oRf1rBdMoFDJPb
[2011.10.21 17:40:38 | 080,464,399 | ---- | C] () -- C:\Users\*\Documents\gynefix herstellerseite neu 21_10_2011 18_40_31.w2b
[2011.10.20 15:43:16 | 000,023,921 | ---- | C] () -- C:\Users\*\Desktop\google36afa2453f3593ee.html
[2011.09.28 12:42:00 | 000,000,000 | ---- | C] () -- C:\Users\*\AppData\Local\{028D49B7-4ABC-43E5-985D-38B5923CD516}
[2011.09.27 07:03:33 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.06.21 06:42:38 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
[2011.05.20 10:55:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.05.20 10:55:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.03.10 09:34:24 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011.01.20 10:19:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.09 07:50:56 | 000,007,512 | ---- | C] () -- C:\Users\*\AppData\Local\d3d9caps.dat
[2010.04.21 08:34:45 | 000,015,917 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2009.08.28 07:35:23 | 000,000,176 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2009.07.28 19:38:04 | 000,040,448 | ---- | C] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.03 13:28:59 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.06.09 11:58:22 | 000,016,070 | ---- | C] () -- C:\Windows\German2.ini
[2009.06.09 11:58:21 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2009.06.09 11:58:21 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini
[2009.06.05 15:49:15 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2009.06.05 14:37:12 | 011,206,656 | R--- | C] () -- C:\Windows\System32\zhhp_res.dll
[2009.06.05 14:37:12 | 000,749,568 | R--- | C] () -- C:\Windows\System32\agissi.dll
[2009.06.05 14:37:12 | 000,348,160 | R--- | C] () -- C:\Windows\System32\zshp2600.exe
[2009.06.05 14:37:12 | 000,299,008 | R--- | C] () -- C:\Windows\System32\zhhp2600.exe
[2009.06.05 13:09:03 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009.01.06 19:15:52 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.01.06 19:15:52 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.01.06 19:15:52 | 000,125,870 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.01.06 19:15:52 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.01.06 11:32:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.01.06 11:00:22 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009.01.06 11:00:22 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.01.06 11:00:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.01.06 11:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.01.06 11:00:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009.01.06 10:26:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.01.21 03:24:13 | 001,868,868 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,359,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2009.10.15 17:29:04 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DasTelefonbuch GelbeSeiten Map&Route
[2010.06.07 14:28:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FRITZ!
[2011.10.06 11:15:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ProtectDisc
[2010.11.18 11:08:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thunderbird
[2010.02.08 09:34:50 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TuneUp Software
[2009.10.15 17:29:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TVG
[2009.07.11 14:41:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Zeiterfassung.6E382B54F302B7E9C6B2FE0F7306F12B647405FB.1
[2011.11.14 11:30:40 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2011.11.14 11:29:02 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.17 10:32:53 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E06AF3D3-5AFE-464C-84A3-8485B5260C55}.job
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.07.11 09:44:07 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Adobe
[2010.02.10 14:02:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Apple Computer
[2009.06.05 13:26:54 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ATI
[2011.07.14 08:00:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Avira
[2009.06.17 20:27:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Corel
[2009.10.15 17:29:04 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DasTelefonbuch GelbeSeiten Map&Route
[2011.04.21 08:16:36 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\dvdcss
[2010.06.07 14:28:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FRITZ!
[2009.06.16 10:28:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Google
[2009.06.05 13:26:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Identities
[2009.06.05 13:26:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Macromedia
[2011.05.20 09:16:50 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Media Center Programs
[2011.01.26 09:56:08 | 000,000,000 | --SD | M] -- C:\Users\*\AppData\Roaming\Microsoft
[2009.06.16 13:38:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Mozilla
[2009.07.07 10:50:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Nero
[2011.10.06 11:15:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ProtectDisc
[2011.11.03 15:31:18 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Skype
[2011.11.03 12:38:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\skypePM
[2010.11.18 11:08:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thunderbird
[2010.02.08 09:34:50 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TuneUp Software
[2009.10.15 17:29:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TVG
[2010.05.17 21:17:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\U3
[2011.11.11 12:05:15 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\vlc
[2010.05.17 12:39:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\WinRAR
[2009.07.11 14:41:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Zeiterfassung.6E382B54F302B7E9C6B2FE0F7306F12B647405FB.1
< %APPDATA%\*.exe /s >
[2009.07.22 16:28:36 | 000,477,976 | ---- | M] (Protect GmbH) -- C:\Users\*\AppData\Roaming\ProtectDisc\License Helper v2\PDLicenseHelperBroker.exe
[2011.03.24 17:27:39 | 000,059,043 | ---- | M] () -- C:\Users\*\AppData\Roaming\ProtectDisc\License Helper v2\uninst.exe
[2007.10.23 08:27:20 | 000,110,592 | ---- | M] () -- C:\Users\*\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 09:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\*\AppData\Roaming\U3\temp\Launchpad Removal.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: IASTORV.SYS >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: NVSTOR32.SYS >
[2007.12.08 07:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) MD5=1A649B87A7B7C1220A2B16B121F2198E -- C:\Windows\System32\drivers\nvstor32.sys
[2007.12.08 07:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) MD5=1A649B87A7B7C1220A2B16B121F2198E -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_933da2ea\nvstor32.sys
< MD5 for: SCECLI.DLL >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: USER32.DLL >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WININIT.EXE >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< End of report > --- --- --- |