TR/Dropper.gen - OLT Scan bitte checken
 

Hallo Larusso,

ich hab mir auch den TR.Dropper.Gen eingefangen über die Googlebildsuche :-( Ich hab den Antivir-Scan durchlaufen lassen, bin seit heute morgen "virenfrei"

Trotzdem traue ich dem Trojaner nicht. Kannst Du Dir bitte den OLT-und den Extra-Scan anschauen, ob dort etwas verdächtiges zu sehen ist?

Vielen Dank und Grüße

OLT.txt (zu gross für Anhang)

OTL logfile created on: 04.08.2010 20:31:28 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Ulli\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,56 Gb Total Space | 172,65 Gb Free Space | 61,98% Space Free | Partition Type: NTFS
Drive D: | 19,52 Gb Total Space | 9,69 Gb Free Space | 49,66% Space Free | Partition Type: FAT32
Drive E: | 672,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ULLI-PC
Current User Name: Ulli
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.08.04 20:27:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Ulli\Downloads\OTL.exe
PRC - [2010.04.23 19:52:08 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.10.27 17:58:58 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009.10.27 17:58:48 | 000,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.30 17:25:58 | 000,970,240 | ---- | M] (Spigot, Inc.) -- C:\Programme\pdfforge Toolbar\SearchSettings.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.08.06 17:18:52 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.08.04 16:45:16 | 005,779,456 | ---- | M] () -- C:\Programme\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PRC - [2008.06.27 10:57:34 | 000,561,152 | ---- | M] (MSI) -- C:\Programme\System Control Manager\MGSysCtrl.exe
PRC - [2008.03.20 20:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Programme\HomeCinema\PowerDVD8\PDVD8Serv.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.08.23 14:37:18 | 000,061,440 | ---- | M] () -- C:\Programme\System Control Manager\edd.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006.09.11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe


========== Modules (SafeList) ==========

MOD - [2010.08.04 20:27:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Ulli\Downloads\OTL.exe
MOD - [2009.10.27 17:59:06 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2009.03.30 06:42:16 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcr80.dll
MOD - [2009.03.30 06:42:16 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcp80.dll
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010.08.03 21:45:58 | 000,137,184 | ---- | M] () [On_Demand | Stopped] -- c:\app\Ulli\product\11.1.0\db_1\ccr\bin\nmz.exe -- (OracleOraDb11g_home1ConfigurationManager)
SRV - [2010.04.23 19:52:08 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.12.04 16:36:20 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [On_Demand | Stopped] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009.10.27 17:58:58 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009.01.26 08:34:20 | 000,163,840 | ---- | M] () [On_Demand | Stopped] -- C:\app\Ulli\product\11.1.0\db_1\bin\OraVSSW.exe -- (OracleVssWriterORCL)
SRV - [2009.01.26 08:34:04 | 094,076,928 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- c:\app\ulli\product\11.1.0\db_1\bin\ORACLE.EXE -- (OracleServiceORCL)
SRV - [2009.01.26 08:33:50 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\app\ulli\product\11.1.0\db_1\Bin\extjob.exe -- (OracleJobSchedulerORCL)
SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.09.17 13:43:40 | 000,045,056 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\app\Ulli\product\11.1.0\db_1\BIN\nmesrvc.exe -- (OracleDBConsoleorcl)
SRV - [2008.09.17 13:02:34 | 000,479,232 | ---- | M] () [On_Demand | Stopped] -- C:\app\Ulli\product\11.1.0\db_1\BIN\TNSLSNR.exe -- (OracleOraDb11g_home1TNSListener)
SRV - [2008.08.04 16:45:16 | 005,779,456 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007.10.18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007.08.23 14:37:18 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Programme\System Control Manager\edd.exe -- (NishService)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.02.02 00:51:06 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- C:\OracleExpress\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)
SRV - [2006.02.02 00:49:14 | 000,204,800 | ---- | M] () [On_Demand | Stopped] -- C:\OracleExpress\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener)
SRV - [2006.02.02 00:47:28 | 000,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\OracleExpress\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2006.02.02 00:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oracleexpress\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)
SRV - [2006.02.02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- c:\oracleexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Ulli\AppData\Local\Temp\iatmunin.sys -- (iatmunin)
DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.12.04 16:36:24 | 000,446,664 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009.11.16 04:13:14 | 000,216,576 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.10.27 17:58:32 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.09.09 11:58:32 | 000,099,216 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.08.06 17:11:06 | 002,164,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.07.29 17:07:28 | 002,457,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.05.19 13:45:24 | 000,380,416 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28.sys -- (netr28)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.12.22 05:21:52 | 000,019,456 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MGHwCtrl.sys -- (MGHwCtrl)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoouk.start.iplay.com
IE - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.29


FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010.06.17 20:31:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.27 18:19:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.27 18:19:43 | 000,000,000 | ---D | M]

[2010.03.23 19:21:20 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\mozilla\Extensions
[2010.08.03 21:21:02 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\5cpa1gko.default\extensions
[2010.04.30 07:57:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\5cpa1gko.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.30 07:58:12 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\5cpa1gko.default\extensions\personas@christopher.beard
[2010.05.13 13:30:34 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.13 13:30:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.12 20:49:10 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.12 20:49:10 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.12 20:49:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.12 20:49:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.12 20:49:10 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Netviewer Support) - {4BE8B65B-EE14-40C1-B6BB-31E494FE6EBA} - C:\Programme\Netviewer\Support\Plugin\IE plugin\NVIEPluginSupport.dll (Netviewer AG)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O3 - HKLM\..\Toolbar: (&Netviewer Support) - {E1F9EDE7-EF90-4A65-A5A4-D2FFEEA5D469} - C:\Programme\Netviewer\Support\Plugin\IE plugin\NVIEPluginSupport.dll (Netviewer AG)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\HomeCinema\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe File not found
O4 - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Ulli\Pictures\tobesorted\fruity_1024x768.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ulli\Pictures\tobesorted\fruity_1024x768.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008.10.24 01:56:12 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2008.10.24 01:58:06 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.24 01:58:07 | 000,662,592 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2008.10.24 01:57:48 | 000,000,166 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{9ac706b7-b595-11dd-a5f1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9ac706b7-b595-11dd-a5f1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008.10.24 01:58:06 | 000,703,552 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{e2d81e95-96ca-11de-bf8a-002185db4d68}\Shell - "" = AutoRun
O33 - MountPoints2\{e2d81e95-96ca-11de-bf8a-002185db4d68}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010.08.04 00:08:30 | 000,000,000 | ---D | C] -- C:\Users\Ulli\Pavark
[2010.08.03 23:36:49 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.08.03 23:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.08.03 23:13:38 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\WinRAR
[2010.08.03 23:12:49 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.07.31 20:27:05 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\freshgames
[2010.07.31 20:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\freshgames
[2010.07.27 18:44:39 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Local\Artogon
[2010.07.16 19:13:59 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\Babylonia
[2010.07.15 14:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Sandlot Games
[2010.07.11 11:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Exorcist DS
[2010.07.03 20:11:53 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\EleFun Games
[2010.07.02 18:45:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\intenium
[2010.06.26 19:20:12 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\Fugazo
[2010.06.17 22:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Dekovir
[2010.06.12 22:44:14 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\Gestalt Games
[2010.06.12 22:22:15 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Oberon Media
[2010.06.12 22:22:02 | 000,000,000 | ---D | C] -- C:\Programme\Oberon Media
[2010.06.12 19:46:20 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\Facebook
[2010.06.09 18:22:03 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\PlayFirst
[2010.06.09 18:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst
[2010.06.05 21:32:10 | 000,000,000 | ---D | C] -- C:\Windows\IswTmp
[2010.06.04 10:23:24 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\CheckPoint
[2010.06.04 10:23:12 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint
[2010.06.04 10:23:08 | 000,046,472 | ---- | C] (Zone Labs Inc.) -- C:\Windows\System32\vsutil_loc0407.dll
[2010.06.04 10:22:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2010.06.04 10:22:36 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs
[2010.06.04 10:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010.06.04 10:22:08 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010.06.03 14:23:41 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\GraveyardShift
[2010.05.27 18:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media
[2010.05.25 20:05:51 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\Nevosoft Games
[2010.05.25 15:29:20 | 000,000,000 | ---D | C] -- C:\Programme\DEUTSCHLAND SPIELT
[2010.05.21 20:18:05 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\Farm Mania 2
[2010.05.14 10:42:15 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Local\Deadtime Stories

========== Files - Modified Within 90 Days ==========

[2010.08.04 20:35:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2010.08.04 20:31:12 | 003,407,872 | -HS- | M] () -- C:\Users\Ulli\NTUSER.DAT
[2010.08.04 19:33:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.04 19:33:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.04 19:33:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.04 19:33:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.04 19:33:10 | 3212,087,296 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.04 12:47:52 | 000,524,288 | -HS- | M] () -- C:\Users\Ulli\NTUSER.DAT{dc8661a0-1679-11df-a5f5-002185db4d68}.TMContainer00000000000000000001.regtrans-ms
[2010.08.04 12:47:52 | 000,065,536 | -HS- | M] () -- C:\Users\Ulli\NTUSER.DAT{dc8661a0-1679-11df-a5f5-002185db4d68}.TM.blf
[2010.08.04 12:47:40 | 002,707,213 | -H-- | M] () -- C:\Users\Ulli\AppData\Local\IconCache.db
[2010.08.04 09:39:21 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_8_4_9_39_21.dmp
[2010.08.04 00:47:37 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_8_4_0_47_37.dmp
[2010.08.03 23:37:03 | 000,001,075 | ---- | M] () -- C:\Users\Ulli\Desktop\Spybot - Search & Destroy.lnk
[2010.08.03 22:13:25 | 000,019,480 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_8_3_22_13_9.dmp
[2010.08.01 10:58:14 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_8_1_10_58_14.dmp
[2010.07.31 20:55:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_31_20_55_48.dmp
[2010.07.31 20:26:20 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\Ranch Rush 2.lnk
[2010.07.31 20:21:32 | 000,001,260 | ---- | M] () -- C:\Users\Public\Desktop\More Yahoo! Games.lnk
[2010.07.31 16:18:40 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_31_16_18_40.dmp
[2010.07.31 09:31:22 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_31_9_31_22.dmp
[2010.07.29 17:50:50 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_29_17_50_50.dmp
[2010.07.29 13:28:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_29_13_28_9.dmp
[2010.07.28 20:02:38 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_28_20_2_38.dmp
[2010.07.23 16:43:28 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_23_16_43_28.dmp
[2010.07.23 00:08:37 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_23_0_8_37.dmp
[2010.07.22 16:16:17 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\GAME CENTER.lnk
[2010.07.22 16:16:15 | 000,001,188 | ---- | M] () -- C:\Users\Public\Desktop\Cake Mania Main Street.lnk
[2010.07.20 17:33:23 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_20_17_33_23.dmp
[2010.07.19 08:27:14 | 000,020,986 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_19_8_27_8.dmp
[2010.07.18 22:55:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_18_22_55_44.dmp
[2010.07.18 09:32:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_18_9_32_33.dmp
[2010.07.17 19:23:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_17_19_23_15.dmp
[2010.07.15 14:53:50 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\CakeMania3.lnk
[2010.07.15 14:53:07 | 000,001,328 | ---- | M] () -- C:\Users\Public\Desktop\Das rätselhafte Kristall-Portal.lnk
[2010.07.11 12:13:20 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_11_12_13_20.dmp
[2010.07.11 10:55:23 | 001,432,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.11 10:55:23 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.11 10:55:23 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.11 10:55:23 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.11 10:55:23 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.10 10:26:54 | 000,019,416 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_10_10_26_39.dmp
[2010.07.09 18:11:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_9_18_11_12.dmp
[2010.07.06 21:13:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_6_21_13_30.dmp
[2010.07.05 21:09:57 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_5_21_9_57.dmp
[2010.07.03 16:13:25 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.07.03 14:14:14 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_3_14_14_14.dmp
[2010.07.03 09:08:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_3_9_8_10.dmp
[2010.06.26 18:39:21 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_26_18_39_21.dmp
[2010.06.24 16:41:19 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_24_16_41_19.dmp
[2010.06.22 23:12:00 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_22_23_12_0.dmp
[2010.06.22 10:01:05 | 000,021,594 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_22_10_0_58.dmp
[2010.06.20 20:15:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_20_20_15_25.dmp
[2010.06.18 20:59:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_18_20_59_48.dmp
[2010.06.18 18:06:49 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_18_18_6_48.dmp
[2010.06.17 22:54:36 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_17_22_54_36.dmp
[2010.06.12 22:50:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_12_22_50_33.dmp
[2010.06.12 21:47:42 | 000,330,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.12 08:50:05 | 000,020,888 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_12_8_49_59.dmp
[2010.06.12 08:42:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_12_8_42_58.dmp
[2010.06.09 17:37:26 | 000,001,024 | ---- | M] () -- C:\Users\Ulli\.rnd
[2010.06.08 18:42:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_8_18_42_53.dmp
[2010.06.07 18:38:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_7_18_38_6.dmp
[2010.06.06 19:07:37 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_6_19_7_37.dmp
[2010.06.06 08:52:32 | 000,027,970 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_6_8_52_27.dmp
[2010.06.05 20:39:31 | 000,036,196 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_5_20_39_24.dmp
[2010.06.04 10:37:20 | 000,021,698 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_4_10_37_12.dmp
[2010.06.04 10:34:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_4_10_34_24.dmp
[2010.06.04 10:23:48 | 000,422,437 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010.06.04 10:23:10 | 000,005,977 | ---- | M] () -- C:\Windows\System32\vsconfig.xml
[2010.06.04 10:23:10 | 000,000,875 | ---- | M] () -- C:\Users\Ulli\Desktop\ZoneAlarm Security.lnk
[2010.06.03 23:01:47 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_3_23_1_47.dmp
[2010.06.03 19:28:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_3_19_28_48.dmp
[2010.06.01 19:48:17 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_1_19_48_17.dmp
[2010.05.31 17:32:07 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_31_17_32_7.dmp
[2010.05.30 14:58:18 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_30_14_58_18.dmp
[2010.05.28 15:58:03 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_28_15_58_3.dmp
[2010.05.27 15:43:20 | 000,018,058 | ---- | M] () -- C:\Users\Ulli\Desktop\cover-letter-template.gif
[2010.05.26 22:13:02 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_26_22_13_2.dmp
[2010.05.24 10:59:46 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_24_10_59_46.dmp
[2010.05.23 12:38:32 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_23_12_38_32.dmp
[2010.05.20 09:38:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_20_9_38_29.dmp
[2010.05.15 23:34:49 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_15_23_34_49.dmp
[2010.05.14 20:21:18 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_14_20_21_18.dmp
[2010.05.14 16:30:04 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_14_16_30_4.dmp
[2010.05.13 21:29:21 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_13_21_29_21.dmp
[2010.05.13 09:30:32 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_13_9_30_32.dmp
[2010.05.12 20:24:01 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_12_20_24_1.dmp
[2010.05.10 09:23:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_10_9_23_12.dmp
[2010.05.09 20:43:35 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_9_20_43_35.dmp

========== Files Created - No Company Name ==========

[2010.08.04 09:39:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_8_4_9_39_21.dmp
[2010.08.04 00:47:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_8_4_0_47_37.dmp
[2010.08.03 23:37:03 | 000,001,075 | ---- | C] () -- C:\Users\Ulli\Desktop\Spybot - Search & Destroy.lnk
[2010.08.03 22:13:09 | 000,019,480 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_8_3_22_13_9.dmp
[2010.08.01 10:58:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_8_1_10_58_14.dmp
[2010.07.31 20:55:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_31_20_55_48.dmp
[2010.07.31 20:26:20 | 000,001,911 | ---- | C] () -- C:\Users\Public\Desktop\Ranch Rush 2.lnk
[2010.07.31 20:21:32 | 000,001,260 | ---- | C] () -- C:\Users\Public\Desktop\More Yahoo! Games.lnk
[2010.07.31 16:18:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_31_16_18_40.dmp
[2010.07.31 09:31:22 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_31_9_31_22.dmp
[2010.07.29 17:50:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_29_17_50_50.dmp
[2010.07.29 13:28:09 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_29_13_28_9.dmp
[2010.07.28 20:02:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_28_20_2_38.dmp
[2010.07.23 16:43:28 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_23_16_43_28.dmp
[2010.07.23 00:08:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_23_0_8_37.dmp
[2010.07.22 16:16:15 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\Cake Mania Main Street.lnk
[2010.07.20 17:33:23 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_20_17_33_23.dmp
[2010.07.19 08:27:08 | 000,020,986 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_19_8_27_8.dmp
[2010.07.18 22:55:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_18_22_55_44.dmp
[2010.07.18 09:32:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_18_9_32_33.dmp
[2010.07.17 19:23:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_17_19_23_15.dmp
[2010.07.15 14:53:50 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\CakeMania3.lnk
[2010.07.15 14:53:07 | 000,001,328 | ---- | C] () -- C:\Users\Public\Desktop\Das rätselhafte Kristall-Portal.lnk
[2010.07.11 12:13:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_11_12_13_20.dmp
[2010.07.11 11:29:17 | 000,000,928 | ---- | C] () -- C:\Users\Public\Desktop\GAME CENTER.lnk
[2010.07.10 10:26:39 | 000,019,416 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_10_10_26_39.dmp
[2010.07.09 18:11:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_9_18_11_12.dmp
[2010.07.06 21:13:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_6_21_13_30.dmp
[2010.07.05 21:09:57 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_5_21_9_57.dmp
[2010.07.03 14:14:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_3_14_14_14.dmp
[2010.07.03 09:08:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_3_9_8_10.dmp
[2010.06.26 18:39:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_26_18_39_21.dmp
[2010.06.24 16:41:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_24_16_41_19.dmp
[2010.06.22 23:12:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_22_23_12_0.dmp
[2010.06.22 10:00:58 | 000,021,594 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_22_10_0_58.dmp
[2010.06.20 20:15:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_20_20_15_25.dmp
[2010.06.18 20:59:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_18_20_59_48.dmp
[2010.06.18 18:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_18_18_6_48.dmp
[2010.06.17 22:54:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_17_22_54_36.dmp
[2010.06.12 22:50:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_12_22_50_33.dmp
[2010.06.12 08:49:59 | 000,020,888 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_12_8_49_59.dmp
[2010.06.12 08:42:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_12_8_42_58.dmp
[2010.06.08 18:42:54 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_8_18_42_53.dmp
[2010.06.07 18:38:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_7_18_38_6.dmp
[2010.06.06 19:07:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_6_19_7_37.dmp
[2010.06.06 08:52:28 | 000,027,970 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_6_8_52_27.dmp
[2010.06.05 20:39:24 | 000,036,196 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_5_20_39_24.dmp
[2010.06.04 10:37:12 | 000,021,698 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_4_10_37_12.dmp
[2010.06.04 10:34:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_4_10_34_24.dmp
[2010.06.04 10:23:10 | 000,000,875 | ---- | C] () -- C:\Users\Ulli\Desktop\ZoneAlarm Security.lnk
[2010.06.04 10:23:09 | 000,005,977 | ---- | C] () -- C:\Windows\System32\vsconfig.xml
[2010.06.04 10:22:37 | 000,422,437 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010.06.03 23:01:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_3_23_1_47.dmp
[2010.06.03 19:28:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_3_19_28_48.dmp
[2010.06.01 19:48:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_1_19_48_17.dmp
[2010.05.31 17:32:07 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_31_17_32_7.dmp
[2010.05.30 14:58:18 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_30_14_58_18.dmp
[2010.05.28 15:58:03 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_28_15_58_3.dmp
[2010.05.26 22:13:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_26_22_13_2.dmp
[2010.05.24 10:59:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_24_10_59_46.dmp
[2010.05.23 12:38:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_23_12_38_32.dmp
[2010.05.20 09:38:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_20_9_38_29.dmp
[2010.05.15 23:34:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_15_23_34_49.dmp
[2010.05.14 20:21:18 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_14_20_21_18.dmp
[2010.05.14 16:30:04 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_14_16_30_4.dmp
[2010.05.13 21:29:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_13_21_29_21.dmp
[2010.05.13 09:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_13_9_30_32.dmp
[2010.05.12 20:24:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_12_20_24_1.dmp
[2010.05.10 09:23:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_10_9_23_12.dmp
[2010.05.09 20:43:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_9_20_43_35.dmp
[2009.10.30 16:17:06 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.09.24 09:20:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.11 13:14:54 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.09.11 13:14:54 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\7CA21FBF99.sys
[2009.06.02 20:40:13 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.03.05 07:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008.10.10 11:53:40 | 000,110,592 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll
[2008.10.10 11:53:40 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll
[2008.10.10 11:18:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1537.dll
[2006.12.04 02:25:14 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugs1l3.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009.10.29 17:57:50 | 000,000,000 | -HSD | M] -- C:\Users\Ulli\AppData\Roaming\.#
[2010.07.16 20:13:57 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Babylonia
[2010.06.04 10:23:24 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\CheckPoint
[2010.03.17 19:50:41 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\City Interactive 3 Days Zoo Mystery
[2010.04.25 14:21:03 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Dekovir
[2010.07.03 20:11:53 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\EleFun Games
[2010.06.12 19:46:21 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Facebook
[2010.05.21 20:18:05 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Farm Mania 2
[2010.07.12 20:04:57 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Flood Light Games
[2010.07.31 20:27:05 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\freshgames
[2010.07.09 15:14:10 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Fugazo
[2010.06.12 22:44:14 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Gestalt Games
[2009.10.31 16:47:27 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Gogii Games
[2010.06.03 14:23:41 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\GraveyardShift
[2009.09.11 13:19:45 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\IrfanView
[2010.04.18 22:04:42 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Meridian93
[2010.05.25 20:05:51 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Nevosoft Games
[2009.11.15 14:27:46 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Oberon Games
[2010.06.20 20:15:00 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\PlayFirst
[2010.02.08 13:53:17 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Python-Eggs
[2008.12.06 23:49:05 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\StarOffice
[2010.01.19 20:52:52 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Template
[2009.08.27 16:20:36 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Yahoo 3 Days Zoo Mystery
[2009.08.28 14:16:38 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Yahoov1001
[2010.08.04 12:48:35 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.04 20:35:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.10.10 20:58:08 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.07.22 17:19:08 | 000,000,000 | ---- | M] () -- C:\GameCenterResultLog.txt
[2010.08.04 19:33:10 | 3212,087,296 | -HS- | M] () -- C:\hiberfil.sys
[2009.06.02 22:13:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009.06.02 22:13:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.08.04 19:33:09 | 3525,914,624 | -HS- | M] () -- C:\pagefile.sys
[2008.10.10 07:41:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008.10.10 13:38:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008.10.14 14:23:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008.10.10 07:41:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008.10.10 13:38:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008.10.14 14:23:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006.10.26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2006.09.18 02:57:22 | 000,019,456 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\spool\prtprocs\w32x86\sugs1pc.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >
[2008.07.18 20:39:16 | 000,587,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008.01.21 04:43:21 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-03 11:45:07

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:27B99ED6
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:B606BA34
< End of report >

Immer die genauen Schädlingsnamen und Pfadangaben notieren und posten!
Aus den Regeln:

5. Beschreibe Dein Problem in einigen Sätzen und arbeite diese Anleitung ab Punkt 2. durch
Auch Funde von deiner Sicherheitssoftware bitte im Thema nennen: (z.B. c:\windows\virus.exe)
Fehlen diese Angaben, kann und wird dir hier niemand helfen.