Email-Account verschickt selbständig Emails ans komplette Adressbuch

astro_19

Hallo,

ich habe ein Problem mit meinem Email-Account bei web.de.
Vor 2 Tagen haben mir Freunde berichtet das von meinem Account eine Email versandt wurde. Die Email war auf englisch verfasst und war eine Aufforderung eine ebenfalls beigefügten Link zu betätigen. In meinem Ausgangsordner bei Web.de war auch tatsächlich eine Mail. Ferner habe ich festgestellt das die Mail an mein komplettes Adressbuch sowie an alle Email-Adressen von den MAils die noch gespeichert waren.
Was mich aber besonders stutzig macht ist, dass ich gar nicht online war als die Mail versandt wurde.
Darauf hin habe ich mit AVG Antivirus, nach einem Update, einen scann durchgeführt aber keinen Virus entdeckt.
Kann mir jemand helfen? Ich habe recht wenig Ahnung von der ganzen Materie und bin für jede Hilfe Dankbar.

Die geforderten Dateien konnte ich zumindest schomal erstellen. Lediglich mit der gmer.txt hatte ich Probleme weil ich mein Virusprogram nicht ausgeschaltet bekommen habe. Eine Datei konnte ich aber dennoch erstellen.

Schonmal vielen Dank für Eure Mühe

Viele Grüße Astro_19


hier die OTL.text:

OTL logfile created on: 02.08.2011 20:45:53 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 66,03% Memory free
6,19 Gb Paging File | 5,25 Gb Available in Paging File | 84,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 23,24 Gb Free Space | 16,13% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 135,72 Gb Free Space | 94,25% Space Free | Partition Type: NTFS

Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.02 20:01:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.04.18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe
PRC - [2011.04.18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011.04.14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgnsx.exe
PRC - [2011.03.16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgchsvx.exe
PRC - [2011.02.10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgwdsvc.exe
PRC - [2011.02.08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgrsx.exe
PRC - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.30 05:00:14 | 001,926,144 | ---- | M] () -- C:\Programme\Samsung\Samsung Recovery Solution II\WCScheduler.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.02 10:40:14 | 000,348,160 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2007.12.28 03:44:10 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2007.07.05 00:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2007.06.28 11:54:42 | 000,073,728 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
PRC - [2007.06.13 06:11:30 | 004,489,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.01 12:36:00 | 000,684,032 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe


========== Modules (SafeList) ==========

MOD - [2011.08.02 20:01:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.04.18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.09.19 16:49:13 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.28 11:54:42 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)


========== Driver Services (SafeList) ==========

DRV - [2011.04.14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.04.05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.03.16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.02.10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.02.10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.01.07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2008.04.16 01:28:05 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2008.03.18 15:56:20 | 003,542,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008.03.18 15:56:20 | 003,542,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.10.17 08:48:46 | 000,242,560 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
DRV - [2007.09.13 08:17:58 | 000,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.07.26 13:19:24 | 000,547,904 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ar5211.sys -- (AR5211)
DRV - [2007.04.26 03:15:26 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006.11.02 09:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56646

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.100005
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56646
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011.07.12 17:00:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.02 21:24:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.02 21:24:33 | 000,000,000 | ---D | M]

[2010.05.09 11:25:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.06.02 18:41:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ynjq1ki6.default\extensions
[2010.07.28 20:46:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ynjq1ki6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.28 09:25:35 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ynjq1ki6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.09 20:10:26 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ynjq1ki6.default\extensions\toolbar@ask.com
[2011.06.02 21:24:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.08.03 20:25:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.28 21:25:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.21 19:59:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011.07.12 17:00:37 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2010.08.03 20:25:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.28 21:25:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.21 19:59:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan-canvasx.cab (JordanUploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{139ce0a2-0dc3-11df-874d-0013776e369d}\Shell - "" = AutoRun
O33 - MountPoints2\{139ce0a2-0dc3-11df-874d-0013776e369d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Programme\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programme\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {340219A6-77F0-4A73-8735-3ECBE48CC077} - WEB.DE Browser Add-on
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {49626019-513B-1354-D4CB-1CFC6C5D9A42} - LightScribe Control Panel
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5D72DD6E-6845-C0CB-29C4-1BDD27A86A94} - Internet Explorer
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {808D9323-16E9-411B-9F6B-E733B6B955B9} - WEB.DE Update
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX: >{63B2C834-7567-43E9-B828-09D21C17A02B} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.08.02 20:01:50 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.07.17 20:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cheapics Foto-Bestellsoftware
[2011.07.17 20:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\cheapics Foto-Bestellsoftware
[2011.07.17 20:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\cheapics
[2011.07.17 15:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011.07.17 15:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.07.17 15:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.07.17 15:37:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2006.11.24 07:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 07:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.08.02 20:49:47 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.02 20:49:47 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.02 20:49:47 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.02 20:49:47 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.02 20:42:04 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.02 20:42:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.02 20:42:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.02 20:41:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.02 20:41:42 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.02 20:40:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.08.02 20:38:37 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.08.02 20:11:46 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\dj1gyjuc.exe
[2011.08.02 20:01:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ina\Desktop\OTL.exe
[2011.08.02 20:01:07 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2011.08.02 19:57:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.02 18:28:34 | 126,555,711 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.07.17 20:30:52 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\cheapics Foto-Bestellsoftware.lnk
[2011.07.17 15:38:08 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.07.15 14:41:48 | 000,379,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.12 17:00:37 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.08.02 20:38:37 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.08.02 20:11:38 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\dj1gyjuc.exe
[2011.08.02 20:01:05 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2011.07.17 20:30:52 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\cheapics Foto-Bestellsoftware.lnk
[2011.07.17 15:38:08 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.06.02 19:15:52 | 000,009,618 | ---- | C] () -- C:\Users\***\AppData\Roaming\49D6.1B9
[2010.07.26 21:32:18 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.09.17 07:19:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 07:19:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.29 16:51:10 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY2.INI
[2008.12.22 19:18:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.17 21:35:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.09.21 22:06:31 | 000,000,748 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.09.21 13:59:27 | 000,002,848 | ---- | C] () -- C:\Windows\System32\dmlg.dat
[2008.09.05 11:17:31 | 000,032,768 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.16 03:27:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.04.16 03:14:56 | 000,221,184 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2008.04.16 01:44:48 | 000,004,512 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008.04.16 01:37:29 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008.04.16 01:37:29 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.04.16 01:11:51 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2008.04.16 01:11:51 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2008.04.16 01:00:14 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.04.15 07:48:13 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.15 07:48:13 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.15 07:48:13 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.15 07:48:13 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.04.15 07:40:46 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.04.15 07:40:40 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.04.15 07:40:40 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.04.15 07:40:39 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.04.15 07:40:39 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007.04.24 11:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.02.26 09:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat
[2007.02.15 09:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.11.29 10:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe
[2006.11.29 10:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,379,072 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.09 03:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2001.11.14 06:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010.07.01 19:31:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2011.01.12 21:54:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ankh
[2011.06.02 21:59:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG10
[2010.12.22 22:52:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2010.01.05 21:00:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\becker
[2011.05.28 09:52:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.06.03 21:18:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fotobuch.de AG
[2011.08.02 20:40:47 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2011.06.03 15:55:48 | 000,000,000 | -H-D | M] -- C:\$AVG
[2008.09.05 10:05:33 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2008.04.16 03:47:17 | 000,000,000 | ---D | M] -- C:\avs contents
[2010.09.19 17:04:41 | 000,000,000 | ---D | M] -- C:\Boonty
[2011.06.24 17:54:59 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.10.04 11:17:56 | 000,000,000 | ---D | M] -- C:\Casino
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.09.05 10:01:03 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.10.04 16:45:55 | 000,000,000 | ---D | M] -- C:\filme
[2009.06.03 21:22:07 | 000,000,000 | ---D | M] -- C:\***
[2008.04.16 01:22:34 | 000,000,000 | ---D | M] -- C:\MyWorks
[2009.01.03 12:49:55 | 000,000,000 | ---D | M] -- C:\office
[2008.12.17 22:09:30 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.07.18 18:06:42 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.07.18 18:04:31 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.09.05 10:01:03 | 000,000,000 | -HSD | M] -- C:\Programme
[2008.04.16 01:42:50 | 000,000,000 | ---D | M] -- C:\Samsung
[2011.05.28 09:54:37 | 000,000,000 | ---D | M] -- C:\***
[2011.06.03 15:58:55 | 000,000,000 | ---D | M] -- C:\spiele
[2009.09.17 20:36:04 | 000,000,000 | ---D | M] -- C:\steuer ***
[2011.08.02 20:49:23 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.09.05 10:01:57 | 000,000,000 | R--D | M] -- C:\Users
[2011.07.17 20:22:12 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >


< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.04.16 02:08:56 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.04.16 02:08:56 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WININIT.EXE >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-02 16:31:55

< >

< End of report >