Trojaner-Board - Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute

Danke für die schnelle Antwort.

Also ich habe das Programm ausgeführt.

Nach "Do you wish to load the remote registry" wurde ich nicht gefragt.
Es wurde auch keine Extras.txt erstellt lediglich die OTL.txt:

OTL Logfile:

Code:

OTL logfile created on: 8/9/2012 2:07:48 PM - Run 

OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE

64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 110.00 Gb Total Space | 8.50 Gb Free Space | 7.73% Space Free | Partition Type: NTFS

Drive D: | 123.08 Gb Total Space | 18.47 Gb Free Space | 15.00% Space Free | Partition Type: NTFS

Drive E: | 65.01 Gb Total Space | 38.28 Gb Free Space | 58.88% Space Free | Partition Type: NTFS

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2012/06/26 12:21:54 | 000,239,616 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2012/03/26 12:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 12:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2011/12/13 04:29:20 | 000,036,160 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)

SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012/08/06 03:03:52 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/30 09:18:48 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/07/18 10:03:10 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/07/13 07:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/07/11 09:26:34 | 000,296,576 | ---- | M] (Steganos Software GmbH) [Auto] -- C:\Program Files (x86)\OkayFreedom\VPNService.exe -- (OkayFreedom VPN Starter Service)

SRV - [2012/06/27 06:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2012/05/30 02:53:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2012/04/25 13:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)

SRV - [2012/03/19 07:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012/01/26 09:08:56 | 003,665,752 | ---- | M] () [Auto] -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/12/13 04:34:52 | 002,028,864 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)

SRV - [2011/12/13 04:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)

SRV - [2011/08/31 11:34:02 | 000,017,920 | ---- | M] (Microsoft) [Auto] -- C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe -- (MouseWithoutBordersSvc)

SRV - [2010/07/08 06:50:20 | 000,450,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) [Auto] -- C:\Windows\SysWOW64\STGRAMDiskHandler64.exe -- (Steganos Volatile Disk)

SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012/06/26 13:36:26 | 010,256,384 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/06/26 11:22:10 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/05/18 13:50:53 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2012/03/24 07:08:23 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

DRV:64bit: - [2012/03/20 14:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2011/06/02 01:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2011/06/02 01:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV:64bit: - [2011/06/02 01:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV:64bit: - [2011/04/26 05:21:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)

DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/09/03 10:45:08 | 000,028,576 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt.com) [Driver] [Kernel | System] -- C:\Windows\System32\drivers\STGMFEngine64.sys -- (STGMFEngine64)

DRV:64bit: - [2010/02/24 06:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)

DRV:64bit: - [2009/08/22 23:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1E62x64.sys -- (L1E)

DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/03/18 10:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2011/07/07 09:46:56 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)

DRV - [2010/02/17 08:21:12 | 000,108,256 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System] -- C:\Windows\SleeN1764.sys -- (SLEE_17_DRIVER)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\Kilian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\Kilian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\Kilian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\Kilian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C E9 69 1A 97 07 CD 01  [binary data]

IE - HKU\Kilian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Kilian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

 

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.openintab: true

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.startup.homepage: "hxxp://www.wisedock.de/m.php?id=22339526c408566836ccc054b7ed0a063d476"

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_3_300_270.dll ()

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{09F060FA-566D-42D7-BF79-97AB30863433}: C:\Program Files (x86)\Steganos Privacy Suite 12\pfplugin [2012/04/09 05:20:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{00F0643E-B367-4779-B45D-7046EBA37A88}: C:\Program Files (x86)\Steganos Privacy Suite 12\spmplugin3 [2012/04/09 05:20:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 10:03:11 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 10:03:11 | 000,000,000 | ---D | M]

 

[2012/07/05 09:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kilian\AppData\Roaming\Mozilla\Extensions

[2012/07/05 10:16:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kilian\AppData\Roaming\Mozilla\Firefox\Profiles\slsie75b.default\extensions

[2012/07/26 07:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kilian\AppData\Roaming\Mozilla\Firefox\Profiles\v9113y5e.default\extensions

[2012/07/05 09:32:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

File not found (No name found) -- 

() (No name found) -- C:\USERS\KILIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V9113Y5E.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI

() (No name found) -- C:\USERS\KILIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V9113Y5E.DEFAULT\EXTENSIONS\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.XPI

() (No name found) -- C:\USERS\KILIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V9113Y5E.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI

[2012/07/18 10:03:11 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/06/14 18:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012/06/14 18:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/14 18:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012/06/14 18:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012/06/14 18:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012/06/14 18:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Steganos Password Manager Toolbar) - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll (Steganos Software GmbH)

O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()

O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()

O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\Kilian_ON_C..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)

O4 - HKU\Kilian_ON_C..\Run: [RfxSrvTray] C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)

O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found

O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O9 - Extra Button: Steganos Password Manager - {024538B9-3F39-49FF-9503-975F743210FA} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll (Steganos Software GmbH)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O13:64bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{2dff3f41-a111-11e1-91c4-00248c37c2d2}\Shell - "" = AutoRun

O33 - MountPoints2\{2dff3f41-a111-11e1-91c4-00248c37c2d2}\Shell\AutoRun\command - "" = G:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/08/09 04:43:32 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.D2A32AB0FB2287A7

[2012/08/09 04:40:08 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.8C2761D6686D7D15

[2012/08/09 04:34:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Kilian\Desktop\OTL.exe

[2012/08/08 14:25:56 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.99DF3ABB394E84E5

[2012/08/08 13:31:54 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.410513AFAC00BF4E

[2012/08/08 13:27:07 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.13648EA584A08AC6

[2012/08/08 13:23:02 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.5906DD4C46EDAE31

[2012/08/08 13:18:32 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.46094B52FD5F3D59

[2012/08/08 12:59:19 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.95D64C207261B9EC

[2012/08/08 12:53:48 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.8F7DAD3C40059AB2

[2012/08/08 12:48:36 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%

[2012/08/08 12:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2012/08/08 12:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/08/08 12:36:17 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan

[2012/08/08 12:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2012/08/08 12:35:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab

[2012/08/08 12:34:40 | 012,633,984 | ---- | C] (Microsoft Corporation) -- C:\Users\Kilian\Desktop\mseinstall.exe

[2012/08/08 08:54:47 | 000,000,000 | ---D | C] -- C:\Windows\de

[2012/08/08 08:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2012/08/08 05:14:14 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{2D36DB6B-A4BD-4430-A9EC-54BBB2729266}

[2012/08/08 05:13:52 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{41F4B885-B215-4FE1-87C9-14EC0433D297}

[2012/08/08 04:37:26 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{15A39281-DA12-4F44-9595-B670AB33590C}

[2012/08/07 16:23:04 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{00265519-A56C-42C5-AB06-038895EB9F2C}

[2012/08/07 16:22:53 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{A39A6767-3836-4B55-94B7-8CFF58EA5F24}

[2012/08/07 03:29:40 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{2B0A883C-13DD-4764-9A4F-AC56DBBB3040}

[2012/08/07 03:29:18 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{1B3FA0F3-E05A-4F55-9042-F38F37B16C8D}

[2012/08/07 03:12:12 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{665D92A6-2F78-4DDC-8926-B4AA45782597}

[2012/08/07 01:55:46 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{6529E9C4-AEE1-4282-AEE1-A59437825E8B}

[2012/08/07 01:23:33 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{E9B3B1D2-D031-4537-BC7F-9FFCF4CA0180}

[2012/08/06 07:46:58 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{22B860A0-86D2-45D5-86AF-AFF839D82815}

[2012/08/06 07:46:35 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{8C2240A7-A3DB-437C-92F4-28C8F39FC9CE}

[2012/08/06 06:41:31 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{43E9CE71-98CC-4CDE-96C1-68AB919146BB}

[2012/08/06 05:44:32 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{FDAB17FA-74BB-4B16-BC32-60536A665B98}

[2012/08/06 03:04:45 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\Macromedia

[2012/08/06 03:04:43 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{3CE68B40-8AF2-4B57-B7C5-7254C06C69E9}

[2012/08/06 03:04:10 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{945047BD-2DFE-49F5-A30E-180F6228DECB}

[2012/08/05 14:17:32 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{564D2BC1-685F-448B-9809-020200E4E023}

[2012/08/05 14:17:07 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{205BBBA9-DC90-47B9-A7EE-99C020819A80}

[2012/08/01 03:14:44 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{61EC093F-7CD7-46AA-B9B7-4EB4E58BA594}

[2012/08/01 03:14:20 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{754F6952-699A-4C25-866C-0418482927B0}

[2012/07/31 15:09:27 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{DDD8717F-55D2-4446-B55E-E9E0C2836992}

[2012/07/31 15:09:05 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{6AEA86D9-9462-4E9A-97A5-5DCD8C0C10C6}

[2012/07/31 14:35:42 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{39C6E035-17D1-4266-A305-4F8CA09303D2}

[2012/07/31 02:57:41 | 000,000,000 | ---D | C] -- C:\Users\Kilian\Documents\Stronghold 3

[2012/07/31 02:28:08 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{BC44443C-0FD6-4F51-B2A4-24DB4BEDD447}

[2012/07/31 02:27:45 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{B397EFD3-8158-40DE-A51B-B3B49EFCE673}

[2012/07/30 09:22:19 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

[2012/07/30 09:18:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam

[2012/07/30 09:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

[2012/07/30 09:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam

[2012/07/30 08:55:32 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{46331FCD-CA44-4AA0-8954-FC8C0AFF07E4}

[2012/07/30 08:55:10 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{ED5F6487-4BB1-49BF-BB42-98ED2C62E37A}

[2012/07/29 15:11:48 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{F6E06800-FA01-449E-BF8D-A1B263808962}

[2012/07/29 15:11:37 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{86BA98F7-3C00-4BCE-8DF9-672C0F7A1125}

[2012/07/29 02:50:42 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{54C12BC5-E3F2-488C-BA27-4F253AD25245}

[2012/07/29 02:50:20 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{D3E34700-6068-4502-AF56-6598B11E8500}

[2012/07/28 03:39:44 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{5A01197B-87D9-4148-9FF2-B1729A1091AC}

[2012/07/28 03:39:20 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{21EF2726-5B99-4C80-9BDF-9BEA8D53BEC7}

[2012/07/27 20:54:00 | 000,321,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

[2012/07/27 08:53:53 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{3B3B3D61-D64B-465C-A986-FAD91F871D1A}

[2012/07/27 08:53:29 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{6989D9AF-47FF-4883-A613-74732D65B6AB}

[2012/07/26 13:08:06 | 000,862,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll

[2012/07/26 13:08:06 | 000,534,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll

[2012/07/26 13:08:06 | 000,251,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll

[2012/07/26 13:08:06 | 000,153,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl110.dll

[2012/07/26 13:08:06 | 000,115,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vcomp110.dll

[2012/07/26 09:22:10 | 000,828,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr110.dll

[2012/07/26 09:22:10 | 000,661,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp110.dll

[2012/07/26 09:22:10 | 000,354,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vccorlib110.dll

[2012/07/26 09:22:10 | 000,177,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl110.dll

[2012/07/26 09:22:10 | 000,124,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vcomp110.dll

[2012/07/26 07:22:25 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{DB956D4F-4BBB-4827-8F3E-11BB345F66A2}

[2012/07/26 07:22:01 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{20B9196D-ECC2-474D-AAEA-D50A91BB4D92}

[2012/07/25 14:27:46 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{837FC125-F251-41D3-9FE4-2FF46A0491A5}

[2012/07/25 14:27:34 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{52C78030-8992-436E-AE58-6B23E7E1979A}

[2012/07/25 01:40:17 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{2A16B712-3957-4F96-A79D-87ED53EE930D}

[2012/07/25 01:39:49 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{DD6122B9-6FAC-4A10-8B35-56824D0EE730}

[2012/07/24 10:12:09 | 000,000,000 | ---D | C] -- C:\Users\Kilian\Documents\3DMark 11

[2012/07/24 05:35:17 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{36C53421-C515-4AF9-AB83-B97BFD17A8E3}

[2012/07/24 05:35:05 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{7D8AD1D0-AE71-46F0-BB30-C1E09818D9C3}

[2012/07/23 16:40:58 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{35F7E946-07E3-40C1-AEE6-1AFCC8F558C5}

[2012/07/23 14:15:24 | 000,000,000 | ---D | C] -- C:\Users\Kilian\Documents\Podcast Studio

[2012/07/23 14:14:48 | 000,962,560 | ---- | C] (East Wind Software) -- C:\Windows\SysWow64\advdaudio.ocx

[2012/07/23 14:14:47 | 000,634,880 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioEditor2.dll

[2012/07/23 14:14:47 | 000,522,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioTransform2.dll

[2012/07/23 14:14:47 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll

[2012/07/23 14:14:46 | 000,966,144 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioInformation2.dll

[2012/07/23 14:14:46 | 000,877,568 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTAudioFile2.dll

[2012/07/23 14:14:46 | 000,467,968 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioRecord2.dll

[2012/07/23 14:14:46 | 000,467,456 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioPlayer2.dll

[2012/07/23 14:14:45 | 000,413,696 | ---- | C] (Gabest) -- C:\Windows\SysWow64\flvsplitter.ax

[2012/07/23 14:14:45 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Roaming\concept design

[2012/07/23 14:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\concept design

[2012/07/23 11:26:40 | 000,000,000 | ---D | C] -- C:\Users\Kilian\Documents\NFSTR

[2012/07/23 11:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs

[2012/07/23 10:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed(TM) The Run

[2012/07/23 10:40:16 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller

[2012/07/23 04:39:41 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{ADB62121-EFF3-4D5A-83A1-86363248B416}

[2012/07/23 04:39:18 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{4C618B48-46D1-4C71-A731-9F39C7E662B1}

[2012/07/22 16:26:03 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Roaming\Tobit

[2012/07/22 16:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tobit.Software

[2012/07/22 16:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tobit Radio.fx

[2012/07/22 16:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tobit

[2012/07/22 16:25:43 | 003,537,752 | ---- | C] (Tobit.Software) -- C:\Windows\RXSUnins.exe

[2012/07/22 16:25:43 | 003,537,752 | ---- | C] (Tobit.Software) -- C:\Windows\RXCUnins.exe

[2012/07/22 11:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom

[2012/07/22 11:55:27 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{3438DCFC-0FC1-4CDA-BBD5-7BDE9F85A5C9}

[2012/07/22 11:55:14 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{B2DADBBA-7A13-4C71-B3B0-A55BD0C9C45A}

[2012/07/20 07:03:24 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{30DE8281-603B-4C48-A991-0B5662C2D4B1}

[2012/07/20 07:03:12 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{97C82C63-1FB5-4F18-B738-DBCA54F0AB87}

[2012/07/20 04:34:14 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{6BC89ADB-B5CB-4273-B747-B1519DFBA8D2}

[2012/07/19 15:05:29 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{569564B6-5132-41FC-8FE8-353D0D7CC65D}

[2012/07/19 15:05:17 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{55C91429-A3EC-4121-899E-BAEFA96F55B8}

[2012/07/19 03:00:46 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{0944B6F2-EB49-433B-A5F3-94A81D269C52}

[2012/07/19 03:00:23 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{934FF342-3149-4016-B71B-E59F90BE67D1}

[2012/07/18 07:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2012/07/18 07:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP

[2012/07/18 07:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2012/07/18 06:19:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

[2012/07/18 05:41:04 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{CD00B4D5-78AB-4A65-9F69-8E2DFE1C9427}

[2012/07/18 05:40:42 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{330A37C2-1EB5-439C-8E4F-689B9E1B2863}

[2012/07/17 16:29:27 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Roaming\AudioXP

[2012/07/17 16:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioExpert

[2012/07/17 16:29:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AudioExpert

[2012/07/17 16:17:11 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\Geckofx

[2012/07/17 09:49:20 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{CAC41E6B-14BA-41AF-9BA5-615304647569}

[2012/07/17 09:48:57 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{79BC0701-9BFF-4602-9D1C-01CDC5A2DE00}

[2012/07/16 13:56:27 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{CD37F23A-AD08-4FB1-8450-FE81E4D53388}

[2012/07/16 13:56:04 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{B3F3EC7B-12A4-444A-A38E-BE9B72880257}

[2012/07/16 01:13:56 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{14311B34-2569-49D7-BAE4-36A3F5EA9F53}

[2012/07/16 01:13:31 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{D11DB065-D0C8-491E-AE44-99067FFE2EBC}

[2012/07/15 05:00:49 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{29539E34-0F3B-46C5-AAE8-E73803E94D78}

[2012/07/15 05:00:27 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{B6AF6B92-FD5F-4A17-9431-B6A2858D1970}

[2012/07/14 19:02:16 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{D1AB1454-FFA0-449E-90C3-9210FE4C9B83}

[2012/07/14 19:00:58 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{6B93524C-355C-4F24-B70C-0A638531A871}

[2012/07/14 02:36:35 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{D7E4CB9B-1241-4265-980B-EAD0D31D4AF2}

[2012/07/14 02:36:23 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{2CF42721-9A8C-4916-BB6A-17B76DEDEC79}

[2012/07/13 03:03:32 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{9B9CC927-537F-4A2D-9B42-AF3CFB235E00}

[2012/07/13 03:03:09 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{F00E7599-2058-4B58-8863-899538E8D297}

[2012/07/12 09:32:03 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{F810049F-21A6-4363-AEF9-F9361EA219D7}

[2012/07/12 09:31:51 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{29D8FB58-B60F-4286-B086-348C98005177}

[2012/07/12 08:51:34 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{AED5362E-8024-4EC6-A67C-E6E17800AFC5}

[2012/07/11 15:16:33 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Roaming\MusicBee

[2012/07/11 14:54:17 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\LocalGoogle

[2012/07/11 14:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

[2012/07/11 05:34:14 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{A120A441-FDB8-4B43-9836-92989D949E04}

[2012/07/11 05:34:00 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{D266341C-F003-4516-9BE2-472D849698E5}

[2012/07/11 02:28:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll

[2012/07/11 02:28:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/07/11 02:28:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012/07/11 02:28:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/07/11 02:28:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012/07/11 02:28:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/07/11 02:28:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012/07/11 02:28:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/07/11 02:28:02 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012/07/11 02:28:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012/07/11 02:28:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/07/11 02:28:01 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll

[2012/07/11 02:28:01 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2012/07/11 02:28:01 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/07/11 02:26:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll

[2012/07/11 02:26:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll

[2012/07/11 02:26:49 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2012/07/11 02:26:49 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncrypt.dll

[2012/07/11 02:26:45 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll

[2012/07/11 02:26:44 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll

[2012/07/10 15:16:32 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{CCDBD618-3080-4D76-99A9-9DBB6A8D244E}

[2012/07/10 15:16:10 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{D6CEC54E-2C20-40FE-BD9C-9A2119D4C7A8}

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/08/09 04:47:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/09 04:46:14 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe

[2012/08/09 04:45:51 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/08/09 04:43:32 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.D2A32AB0FB2287A7

[2012/08/09 04:42:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/09 04:40:08 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.8C2761D6686D7D15

[2012/08/09 04:34:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Kilian\Desktop\OTL.exe

[2012/08/09 04:34:00 | 000,050,477 | ---- | M] () -- C:\Users\Kilian\Desktop\Defogger.exe

[2012/08/08 14:25:56 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.99DF3ABB394E84E5

[2012/08/08 13:31:54 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.410513AFAC00BF4E

[2012/08/08 13:27:07 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.13648EA584A08AC6

[2012/08/08 13:23:02 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.5906DD4C46EDAE31

[2012/08/08 13:18:32 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.46094B52FD5F3D59

[2012/08/08 12:59:19 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.95D64C207261B9EC

[2012/08/08 12:53:48 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.8F7DAD3C40059AB2

[2012/08/08 12:49:01 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/08 12:49:01 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/08 12:46:03 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/08/08 12:45:34 | 000,001,924 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/08/08 12:45:29 | 001,520,484 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/08/08 12:45:29 | 000,654,124 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012/08/08 12:45:29 | 000,616,312 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/08/08 12:45:29 | 000,130,064 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012/08/08 12:45:29 | 000,106,454 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/08/08 12:36:05 | 000,001,086 | ---- | M] () -- C:\Users\Kilian\Desktop\Kaspersky Security Scan.lnk

[2012/08/08 12:34:45 | 012,633,984 | ---- | M] (Microsoft Corporation) -- C:\Users\Kilian\Desktop\mseinstall.exe

[2012/08/08 12:04:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/08 08:54:33 | 000,001,314 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk

[2012/08/08 08:54:21 | 000,001,383 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk

[2012/08/08 08:53:51 | 000,001,467 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

[2012/08/06 12:58:15 | 000,147,242 | ---- | M] () -- C:\Users\Kilian\Desktop\BF.jpg

[2012/08/06 03:03:52 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/08/06 03:03:52 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/08/05 15:07:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

[2012/07/31 10:51:44 | 002,124,670 | ---- | M] () -- C:\Users\Kilian\Desktop\DSC_0023.JPG

[2012/07/30 09:22:19 | 000,000,221 | ---- | M] () -- C:\Users\Kilian\Desktop\Stronghold 3.url

[2012/07/30 09:18:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

[2012/07/27 20:54:00 | 000,321,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

[2012/07/26 13:08:06 | 000,862,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll

[2012/07/26 13:08:06 | 000,534,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll

[2012/07/26 13:08:06 | 000,251,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll

[2012/07/26 13:08:06 | 000,153,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\atl110.dll

[2012/07/26 13:08:06 | 000,115,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vcomp110.dll

[2012/07/26 09:22:10 | 000,828,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr110.dll

[2012/07/26 09:22:10 | 000,661,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp110.dll

[2012/07/26 09:22:10 | 000,354,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vccorlib110.dll

[2012/07/26 09:22:10 | 000,177,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl110.dll

[2012/07/26 09:22:10 | 000,124,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vcomp110.dll

[2012/07/23 10:40:22 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed(TM) The Run.lnk

[2012/07/23 10:40:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed(TM) The Run

[2012/07/23 10:40:21 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

[2012/07/22 16:25:58 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\Radio.fx.LNK

[2012/07/22 16:25:58 | 000,002,096 | ---- | M] () -- C:\Users\Kilian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Radio.fx.LNK

[2012/07/22 16:25:58 | 000,002,082 | ---- | M] () -- C:\Users\Kilian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\djukebox.LNK

[2012/07/22 16:25:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tobit.Software

[2012/07/22 11:56:32 | 000,001,110 | ---- | M] () -- C:\Users\Kilian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\OkayFreedom.lnk

[2012/07/22 11:56:32 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\OkayFreedom.lnk

[2012/07/22 11:56:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom

[2012/07/18 07:22:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2012/07/17 16:29:21 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\AudioExpert.lnk

[2012/07/17 16:29:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioExpert

[2012/07/11 15:17:31 | 000,001,727 | ---- | M] () -- C:\Users\Kilian\Desktop\Google Drive.lnk

[2012/07/11 05:29:56 | 002,280,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012/08/09 04:34:25 | 000,050,477 | ---- | C] () -- C:\Users\Kilian\Desktop\Defogger.exe

[2012/08/08 12:45:34 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/08/08 12:36:17 | 000,001,086 | ---- | C] () -- C:\Users\Kilian\Desktop\Kaspersky Security Scan.lnk

[2012/08/08 08:54:33 | 000,001,314 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk

[2012/08/08 08:54:21 | 000,001,383 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk

[2012/08/06 12:58:14 | 000,147,242 | ---- | C] () -- C:\Users\Kilian\Desktop\BF.jpg

[2012/07/31 10:51:43 | 002,124,670 | ---- | C] () -- C:\Users\Kilian\Desktop\DSC_0023.JPG

[2012/07/30 09:22:19 | 000,000,221 | ---- | C] () -- C:\Users\Kilian\Desktop\Stronghold 3.url

[2012/07/23 14:14:48 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll

[2012/07/23 14:14:47 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll

[2012/07/23 14:14:46 | 000,511,488 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

[2012/07/23 10:40:22 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed(TM) The Run.lnk

[2012/07/22 16:25:58 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\Radio.fx.LNK

[2012/07/22 16:25:58 | 000,002,096 | ---- | C] () -- C:\Users\Kilian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Radio.fx.LNK

[2012/07/22 16:25:58 | 000,002,082 | ---- | C] () -- C:\Users\Kilian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\djukebox.LNK

[2012/07/22 16:25:43 | 002,681,344 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll

[2012/07/22 11:56:32 | 000,001,110 | ---- | C] () -- C:\Users\Kilian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\OkayFreedom.lnk

[2012/07/22 11:56:32 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\OkayFreedom.lnk

[2012/07/17 16:29:21 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\AudioExpert.lnk

[2012/07/11 15:17:31 | 000,001,727 | ---- | C] () -- C:\Users\Kilian\Desktop\Google Drive.lnk

[2012/05/23 12:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2012/05/05 15:58:29 | 000,007,640 | ---- | C] () -- C:\Users\Kilian\AppData\Local\Resmon.ResmonCfg

[2012/04/16 10:48:57 | 000,006,656 | ---- | C] () -- C:\Users\Kilian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/04/09 07:20:16 | 000,000,021 | ---- | C] () -- C:\Windows\SysWow64\STGRAMDiskHandler64.ini

[2012/04/09 02:44:40 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat

[2012/04/09 02:44:40 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat

[2012/04/09 02:44:40 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat

[2012/04/09 02:44:40 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat

[2012/04/09 02:44:40 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat

[2012/04/09 02:44:40 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat

[2012/04/09 02:44:40 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat

[2012/04/09 02:44:40 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat

[2012/04/09 02:44:40 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat

[2012/04/09 02:44:40 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat

[2012/04/09 02:44:40 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat

[2012/04/09 02:44:40 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat

[2012/04/09 02:44:40 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat

[2012/04/09 02:44:40 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat

[2012/04/09 02:44:40 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat

[2012/04/09 02:44:40 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat

[2012/04/09 02:44:40 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat

[2012/04/09 02:44:40 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat

[2012/04/09 02:44:40 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2012/03/28 16:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2012/03/28 16:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2012/03/28 16:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2012/03/28 16:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2012/03/24 08:00:46 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2012/03/24 08:00:46 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

[2012/03/24 07:10:08 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2012/03/24 07:10:08 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2012/03/24 06:52:18 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2012/03/22 12:21:13 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}

[2012/03/22 12:21:13 | 000,000,164 | ---- | C] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E}

[2012/03/21 15:35:05 | 001,520,484 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/03/21 15:28:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012/03/09 08:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/04/09 13:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll

[2009/10/06 03:16:02 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll

[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

 
 ========== LOP Check ==========

 

[2012/04/09 08:16:25 | 000,000,000 | -HSD | M] -- C:\Users\Kilian\AppData\Roaming\.#

[2012/07/17 16:22:07 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\AllDup

[2012/07/01 14:25:46 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Android

[2012/06/25 14:41:41 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Audacity

[2012/07/18 10:48:40 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\AudioXP

[2012/07/23 14:22:04 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\concept design

[2012/06/04 03:42:42 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\CrystalIdea Software

[2012/06/16 14:00:10 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\D01 Software Manager

[2012/07/04 12:51:26 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\DAEMON Tools Lite

[2012/03/22 12:20:26 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Degener

[2012/06/22 03:36:00 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Downloaded Installations

[2012/07/14 08:10:05 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Dropbox

[2012/04/25 06:33:08 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\DVDVideoSoft

[2012/06/22 03:37:32 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\FileOpen

[2012/07/08 04:32:26 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Folder2List

[2012/06/24 03:00:22 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\FreeFLVConverter

[2012/03/29 10:59:29 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\FRITZ!

[2012/07/05 10:19:41 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\GHISLER

[2012/05/15 06:55:32 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\IrfanView

[2012/04/29 10:20:42 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Leadertech

[2012/06/24 07:19:34 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Mirillis

[2012/07/17 16:15:21 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Mp3tag

[2012/07/12 09:06:01 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\MusicBee

[2012/04/23 15:53:35 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\MusicBrainz

[2012/06/22 03:38:58 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Nitro PDF

[2012/07/02 12:40:09 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Notepad++

[2012/03/27 15:57:26 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Nvu

[2012/03/22 16:26:41 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Origin

[2012/05/25 05:39:29 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\ProtectDISC

[2012/07/07 03:27:13 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Samsung

[2012/06/10 05:07:32 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Steganos

[2012/07/08 16:39:39 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Steganos VPN

[2012/06/18 12:45:39 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\streamWriter

[2012/03/27 09:57:20 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\TeamViewer

[2012/06/13 10:48:05 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Temp

[2012/07/22 16:26:03 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Tobit

[2012/07/07 03:48:45 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\TuneUp Software

[2012/03/26 13:47:46 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Windows Live Writer

[2012/05/12 05:43:31 | 000,000,000 | ---D | M] -- C:\ProgramData\AllDup

[2012/05/06 03:00:57 | 000,000,000 | ---D | M] -- C:\ProgramData\AMD

[2012/03/21 15:00:35 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data

[2012/03/23 13:44:27 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ

[2012/05/18 13:54:54 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite

[2012/03/22 12:19:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Degener

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents

[2012/03/21 15:00:35 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente

[2012/04/29 10:44:14 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core

[2012/07/24 06:29:36 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Logs

[2012/06/24 12:50:49 | 000,000,000 | ---D | M] -- C:\ProgramData\eBay

[2012/07/23 11:26:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts

[2012/03/21 15:00:35 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites

[2012/06/22 03:37:32 | 000,000,000 | ---D | M] -- C:\ProgramData\FileOpen

[2012/07/31 02:57:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Firefly Studios

[2012/06/24 07:19:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Mirillis

[2012/06/22 03:36:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Nitro PDF

[2012/07/23 11:26:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Origin

[2012/04/09 03:03:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Panasonic

[2012/06/11 08:39:59 | 000,000,000 | ---D | M] -- C:\ProgramData\RapidSolution

[2012/07/07 03:27:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu

[2012/03/21 15:00:35 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates

[2012/07/07 03:49:15 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software

[2012/03/21 15:00:35 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen

[2012/07/07 03:47:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

[2012/04/24 06:16:11 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

[2012/07/30 02:17:05 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

< End of report >

--- --- ---

So, hier die Log-File:

Code:

========== OTL ==========

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\Kilian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\Kilian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Prefs.js: true removed from browser.search.openintab

Prefs.js: false removed from browser.search.suggest.enabled

Prefs.js: "hxxp://www.wisedock.de/m.php?id=22339526c408566836ccc054b7ed0a063d476" removed from browser.startup.homepage

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry key HKEY_USERS\LocalService_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.

Registry key HKEY_USERS\NetworkService_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_USERS\Kilian_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_USERS\Kilian_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_USERS\Kilian_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_USERS\Kilian_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_USERS\Kilian_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_USERS\Kilian_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.

File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.

File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ not found.

File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2dff3f41-a111-11e1-91c4-00248c37c2d2}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2dff3f41-a111-11e1-91c4-00248c37c2d2}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2dff3f41-a111-11e1-91c4-00248c37c2d2}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2dff3f41-a111-11e1-91c4-00248c37c2d2}\ not found.

File G:\setup.exe not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.

C:\Windows\SysWow64\tmpB386.tmp deleted successfully.

C:\Windows\SysWow64\tmpB397.tmp deleted successfully.

C:\Users\Kilian\AppData\Roaming\.# folder moved successfully.

========== FILES ==========

File\Folder c:\ProgramData\*.exe not found.

File\Folder C:\Users\Kilian\AppData\Roaming\*.exe not found.
 < ipconfig /flushdns /c >

Windows IP Configuration

An internal error occurred: The system cannot find the file specified.

 

Please contact Microsoft Product Support Services for further help.

Additional information: Unable to open registry key for tcpip.

C:\cmd.bat deleted successfully.

C:\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Kilian

->Temp folder emptied: 54952054 bytes

->Temporary Internet Files folder emptied: 56841760 bytes

->Java cache emptied: 5178758 bytes

->FireFox cache emptied: 225790084 bytes

->Flash cache emptied: 4113 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1024485305 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46212769 bytes

 

Total Files Cleaned = 1,348.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Kilian

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTLPE by OldTimer - Version 3.1.48.0 log created on 08092012_162420

Windows fährt hoch, allerdings erscheint wieder die Nachricht "Kritischer Fehler..", dafür ist MSE jetzt wieder aktiv und alle anderen Autostart-Programme starten auch wieder als Autostart. Nach 1 Minute kommt dann aber der übliche Neustart.

EDIT:

2.Neustart: Start geht an sich dtl. schneller als beim 1.Mal. "Kritischer Fehler..." erscheint wieder. MSE sagt jetzt nicht nur "Jetzt neustarten" sondern warnt vor einer Bedrohung und fordert zum bereinigen auf. Die Details lauten:

Hier die Details als Fotografie vom Bildschirm, Hoffentlich kann mans sehen:
Image-Link geht iwie nicht (IMG)

Zitat:

hxxp://s7.directupload.net/file/d/2977/fgwog7xs_jpg.htm

Wie soll ich weiter vorgehen? Entfernen o.ä. des Virus mit MSE habe ich nicht durchgeführt.