sternchendan | 01.02.2012 16:15 | hier der otl.txtOTL Logfile: Code:
OTL logfile created on: 01.02.2012 15:40:01 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1013,30 Mb Total Physical Memory | 679,59 Mb Available Physical Memory | 67,07% Memory free
1,99 Gb Paging File | 1,69 Gb Available in Paging File | 84,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 37,27 Gb Free Space | 63,60% Space Free | Partition Type: NTFS
Drive D: | 159,19 Gb Total Space | 158,56 Gb Free Space | 99,60% Space Free | Partition Type: NTFS
Drive E: | 961,73 Mb Total Space | 961,17 Mb Free Space | 99,94% Space Free | Partition Type: FAT
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - (VmbService) -- File not found
SRV - (FSORSPClient) -- C:\Program Files\Vodafone\PC Protection\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (FSMA) -- C:\Program Files\Vodafone\PC Protection\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- C:\Program Files\Vodafone\PC Protection\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files\Vodafone\PC Protection\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (fsbts) -- C:\windows\system32\Drivers\fsbts.sys ()
DRV - (F-Secure Gatekeeper) -- C:\Program Files\Vodafone\PC Protection\Anti-Virus\minifilter\fsgk.sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (FSES) -- C:\Windows\System32\drivers\fses.sys (F-Secure Corporation)
DRV - (samsung_hspa_datacard_cdc_acm) -- C:\Windows\System32\drivers\samsung_hspa_datacard_cdc_acm.sys (Samsung)
DRV - (samsung_hspa_datacard_dc_enum) -- C:\Windows\System32\drivers\samsung_hspa_datacard_dc_enum.sys (Samsung)
DRV - (samsung_hspa_datacard_cdc_ecm) -- C:\Windows\System32\drivers\samsung_hspa_datacard_cdc_ecm.sys (Samsung)
DRV - (F-Secure HIPS) -- C:\Program Files\Vodafone\PC Protection\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (fsvista) -- C:\Program Files\Vodafone\PC Protection\Anti-Virus\minifilter\fsvista.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Klingeltöne, Handylogos, Handyspiele & MusicDownloads - Vodafone D2 - Home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/sm"
FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Vodafone\PC Protection\NRS\litmus-ff@f-secure.com [2011.11.04 14:31:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.09 15:26:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.25 16:13:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.22 22:25:05 | 000,000,000 | ---D | M]
[2010.08.27 19:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.01.09 19:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\csx97i5m.default\extensions
[2012.01.09 19:57:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\csx97i5m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.10 04:40:41 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\csx97i5m.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.06.09 19:16:34 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\csx97i5m.default\extensions\engine@conduit.com
[2011.10.27 16:14:53 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\csx97i5m.default\extensions\plugin@yontoo.com
[2010.10.16 20:29:45 | 000,000,873 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\csx97i5m.default\searchplugins\conduit.xml
[2010.11.25 20:48:19 | 000,002,342 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\csx97i5m.default\searchplugins\icq-search.xml
[2011.02.17 21:42:07 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\csx97i5m.default\searchplugins\icqplugin-1.xml
[2011.04.29 22:19:35 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\csx97i5m.default\searchplugins\icqplugin-2.xml
[2011.06.02 20:32:51 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\csx97i5m.default\searchplugins\icqplugin-3.xml
[2011.06.30 19:58:36 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\csx97i5m.default\searchplugins\icqplugin-4.xml
[2011.08.20 16:46:15 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\csx97i5m.default\searchplugins\icqplugin-5.xml
[2011.09.01 09:17:02 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\csx97i5m.default\searchplugins\icqplugin-6.xml
[2011.09.08 11:00:27 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\csx97i5m.default\searchplugins\icqplugin-7.xml
[2011.10.02 08:34:09 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\csx97i5m.default\searchplugins\icqplugin-8.xml
[2011.11.10 12:20:59 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\csx97i5m.default\searchplugins\icqplugin-9.xml
[2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\csx97i5m.default\searchplugins\icqplugin.xml
[2011.11.10 17:26:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.09 15:26:52 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.01.25 16:13:46 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.22 22:24:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.02 08:31:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 08:31:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.02 08:31:06 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.02 08:31:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 08:31:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 08:31:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Vodafone\PC Protection\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Vodafone\PC Protection\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Vodafone\PC Protection\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Vodafone\PC Protection\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKCU..\Run: [Firefox helper] C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe File not found
O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 File not found
O4 - HKCU..\Run: [Mozilla client] C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe File not found
O4 - HKCU..\Run: [Userinit] C:\Users\***\AppData\Roaming\appconf32.exe ()
O4 - HKCU..\Run: [vasja] C:\Users\***\AppData\Local\Temp\0.23535058900445038.exe (Orb Networks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Vodafone\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Vodafone\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Vodafone\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Vodafone\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Vodafone\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Vodafone\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Vodafone\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Vodafone\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Vodafone\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Vodafone\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Vodafone\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Vodafone\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6432BB28-6AEB-4496-A461-D9B2B06B818E}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CB44DBC-6166-496D-B83D-F8183DC7BE4B}: NameServer = 139.7.30.126 139.7.30.125
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{02ecf432-d63e-11df-b150-506313bbde78}\Shell - "" = AutoRun
O33 - MountPoints2\{02ecf432-d63e-11df-b150-506313bbde78}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0711cbb3-b132-11df-9014-506313bbde78}\Shell - "" = AutoRun
O33 - MountPoints2\{0711cbb3-b132-11df-9014-506313bbde78}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{0711cbb5-b132-11df-9014-506313bbde78}\Shell - "" = AutoRun
O33 - MountPoints2\{0711cbb5-b132-11df-9014-506313bbde78}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{396aa6c6-0855-11e0-a617-506313bbde78}\Shell - "" = AutoRun
O33 - MountPoints2\{396aa6c6-0855-11e0-a617-506313bbde78}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{396aa704-0855-11e0-a617-001e101f57d0}\Shell - "" = AutoRun
O33 - MountPoints2\{396aa704-0855-11e0-a617-001e101f57d0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4462ef78-e75f-11df-ad14-506313bbde78}\Shell - "" = AutoRun
O33 - MountPoints2\{4462ef78-e75f-11df-ad14-506313bbde78}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4462ef7a-e75f-11df-ad14-506313bbde78}\Shell - "" = AutoRun
O33 - MountPoints2\{4462ef7a-e75f-11df-ad14-506313bbde78}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4462ef8f-e75f-11df-ad14-506313bbde78}\Shell - "" = AutoRun
O33 - MountPoints2\{4462ef8f-e75f-11df-ad14-506313bbde78}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{60995e36-7c70-11e0-a991-506313bbde78}\Shell - "" = AutoRun
O33 - MountPoints2\{60995e36-7c70-11e0-a991-506313bbde78}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b0130370-d17f-11df-9df2-506313bbde78}\Shell - "" = AutoRun
O33 - MountPoints2\{b0130370-d17f-11df-9df2-506313bbde78}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d1df96be-1cf4-11e0-accf-506313bbde78}\Shell - "" = AutoRun
O33 - MountPoints2\{d1df96be-1cf4-11e0-accf-506313bbde78}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{d80928b3-d183-11df-b0a7-002454753268}\Shell - "" = AutoRun
O33 - MountPoints2\{d80928b3-d183-11df-b0a7-002454753268}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d80928b6-d183-11df-b0a7-002454753268}\Shell - "" = AutoRun
O33 - MountPoints2\{d80928b6-d183-11df-b0a7-002454753268}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e3a25d6f-d180-11df-9d29-002454753268}\Shell - "" = AutoRun
O33 - MountPoints2\{e3a25d6f-d180-11df-9d29-002454753268}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e3a25d97-d180-11df-9d29-002454753268}\Shell - "" = AutoRun
O33 - MountPoints2\{e3a25d97-d180-11df-9d29-002454753268}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.02.01 15:38:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.01.17 14:07:00 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\50 er jahre
[2012.01.02 22:42:13 | 000,000,000 | ---D | C] -- C:\f9788601990740a36fc1
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.02.01 15:37:39 | 000,720,642 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.02.01 15:37:39 | 000,672,262 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.02.01 15:37:39 | 000,157,784 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.02.01 15:37:39 | 000,128,170 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.02.01 15:22:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.02.01 14:56:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.02.01 14:56:32 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.01 14:48:57 | 000,016,384 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012.02.01 10:52:09 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.01 10:52:09 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.01 00:51:31 | 000,017,277 | ---- | M] () -- C:\Users\***\Desktop\310252_225960787471369_100001723479431_575446_1000299521_n.jpg
[2012.02.01 00:50:39 | 000,008,915 | ---- | M] () -- C:\Users\***\Desktop\310731_225961207471327_100001723479431_575447_1137707446_n.jpg
[2012.02.01 00:50:06 | 000,011,196 | ---- | M] () -- C:\Users\***\Desktop\375243_226417044092410_676869320_n.jpg
[2012.02.01 00:48:58 | 000,016,981 | ---- | M] () -- C:\Users\***\Desktop\390065_226574287410019_100001723479431_577013_1456532536_n.jpg
[2012.02.01 00:47:45 | 000,015,978 | ---- | M] () -- C:\Users\***\Desktop\385950_225544207513027_100001723479431_574230_1551139175_n.jpg
[2012.01.28 19:18:47 | 000,007,801 | ---- | M] () -- C:\Users\***\Desktop\1-full.jpg
[2012.01.21 21:53:17 | 000,114,658 | ---- | M] () -- C:\Users\***\Desktop\l11.jpg
[2012.01.21 21:32:59 | 000,029,271 | ---- | M] () -- C:\Users\***\Desktop\l18.jpg
[2012.01.21 21:30:43 | 000,042,570 | ---- | M] () -- C:\Users\***\Desktop\l15.jpg
[2012.01.21 21:30:07 | 000,045,624 | ---- | M] () -- C:\Users\***\Desktop\l13.jpg
[2012.01.08 10:36:21 | 000,000,013 | ---- | M] () -- C:\Users\***\AppData\Roaming\urhtps.dat
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.02.01 00:51:30 | 000,017,277 | ---- | C] () -- C:\Users\***\Desktop\310252_225960787471369_100001723479431_575446_1000299521_n.jpg
[2012.02.01 00:50:37 | 000,008,915 | ---- | C] () -- C:\Users\***\Desktop\310731_225961207471327_100001723479431_575447_1137707446_n.jpg
[2012.02.01 00:50:05 | 000,011,196 | ---- | C] () -- C:\Users\***\Desktop\375243_226417044092410_676869320_n.jpg
[2012.02.01 00:48:55 | 000,016,981 | ---- | C] () -- C:\Users\***\Desktop\390065_226574287410019_100001723479431_577013_1456532536_n.jpg
[2012.02.01 00:47:33 | 000,015,978 | ---- | C] () -- C:\Users\***\Desktop\385950_225544207513027_100001723479431_574230_1551139175_n.jpg
[2012.01.28 19:18:36 | 000,007,801 | ---- | C] () -- C:\Users\***\Desktop\1-full.jpg
[2012.01.21 21:32:56 | 000,029,271 | ---- | C] () -- C:\Users\***\Desktop\l18.jpg
[2012.01.21 21:30:40 | 000,042,570 | ---- | C] () -- C:\Users\***\Desktop\l15.jpg
[2012.01.21 21:30:06 | 000,045,624 | ---- | C] () -- C:\Users\***\Desktop\l13.jpg
[2012.01.21 21:29:32 | 000,114,658 | ---- | C] () -- C:\Users\***\Desktop\l11.jpg
[2012.01.08 10:36:21 | 000,000,013 | ---- | C] () -- C:\Users\***\AppData\Roaming\urhtps.dat
[2011.10.10 21:02:32 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{9CD06E4E-6CF2-4EC8-B2EC-5F20E0797DDC}
[2010.04.03 07:16:38 | 000,042,672 | ---- | C] () -- C:\windows\System32\drivers\fsbts.sys
[2010.03.30 01:08:42 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2010.03.30 01:08:41 | 000,720,642 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2010.03.30 01:08:41 | 000,157,784 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2010.03.30 01:08:41 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2010.03.29 08:49:42 | 000,000,455 | ---- | C] () -- C:\windows\HotFixList.ini
[2010.03.29 08:36:09 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009.07.14 05:33:53 | 000,403,712 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,672,262 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,128,170 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009.07.13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009.07.13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009.07.13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009.07.13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009.04.09 13:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.12.09 16:23:13 | 000,052,784 | RHS- | C] () -- C:\Users\***\AppData\Roaming\appconf32.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:6DA3BBF2
< End of report > --- --- --- |