![]() |
Log-Analyse und Auswertung: Log-Analyse und AuswertungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
![]() | #1 |
| ![]() Log-Analyse und Auswertung OTL logfile created on: 14.01.2012 12:48:12 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Lilly\Downloads Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 65,66% Memory free 6,49 Gb Paging File | 5,19 Gb Available in Paging File | 79,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 270,45 Gb Total Space | 204,09 Gb Free Space | 75,46% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 81,79 Gb Free Space | 83,75% Space Free | Partition Type: NTFS Drive E: | 232,88 Gb Total Space | 232,75 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Drive F: | 39,60 Gb Total Space | 39,50 Gb Free Space | 99,75% Space Free | Partition Type: NTFS Drive G: | 98,64 Gb Total Space | 64,56 Gb Free Space | 65,45% Space Free | Partition Type: NTFS Drive H: | 98,63 Gb Total Space | 59,70 Gb Free Space | 60,53% Space Free | Partition Type: NTFS Drive I: | 135,74 Gb Total Space | 64,00 Gb Free Space | 47,15% Space Free | Partition Type: NTFS Drive J: | 102,77 Gb Total Space | 78,51 Gb Free Space | 76,39% Space Free | Partition Type: NTFS Drive K: | 97,66 Gb Total Space | 73,00 Gb Free Space | 74,75% Space Free | Partition Type: NTFS Drive L: | 97,66 Gb Total Space | 97,55 Gb Free Space | 99,89% Space Free | Partition Type: NTFS Drive M: | 97,66 Gb Total Space | 97,55 Gb Free Space | 99,89% Space Free | Partition Type: NTFS Drive N: | 3,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive O: | 14,64 Gb Total Space | 11,48 Gb Free Space | 78,40% Space Free | Partition Type: FAT32 Drive P: | 15,12 Gb Total Space | 14,99 Gb Free Space | 99,13% Space Free | Partition Type: FAT32 Computer Name: LILLY-PC | User Name: Lilly | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.14 12:47:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lilly\Downloads\OTL.exe PRC - [2012.01.05 19:48:43 | 000,246,272 | -HS- | M] () -- C:\Users\Lilly\AppData\Local\Temp\sysdown .exe PRC - [2012.01.02 21:14:17 | 000,127,040 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.7\ICQ.exe PRC - [2011.11.10 04:11:50 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011.11.10 04:11:20 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011.07.28 20:18:59 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 22:29:12 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe PRC - [2010.11.20 22:29:11 | 001,169,224 | -HS- | M] (Microsoft Corporation) -- C:\Windows\Temp\svhost.exe PRC - [2010.10.05 21:26:46 | 000,129,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe PRC - [2010.04.14 20:45:22 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeacoms.exe PRC - [2009.07.14 02:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe PRC - [2009.06.04 00:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe PRC - [2009.06.04 00:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe PRC - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.01.12 03:08:36 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll MOD - [2012.01.12 03:02:13 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll MOD - [2012.01.12 03:02:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll MOD - [2012.01.05 19:48:43 | 000,246,272 | -HS- | M] () -- C:\Users\Lilly\AppData\Local\Temp\sysdown .exe MOD - [2011.12.28 14:10:07 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll MOD - [2011.12.28 14:09:04 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll MOD - [2011.12.28 14:08:45 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll MOD - [2011.12.28 14:08:45 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll MOD - [2011.12.28 14:08:34 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll MOD - [2011.12.28 14:08:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2011.12.28 14:08:18 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll MOD - [2011.12.28 14:07:00 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011.12.28 14:00:18 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011.12.28 14:00:07 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011.12.28 14:00:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011.12.28 14:00:02 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011.12.28 13:59:57 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.11.09 22:10:38 | 000,369,152 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\\mscorlib.resources.dll MOD - [2009.08.23 18:58:06 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2009.03.26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL MOD - [2006.06.09 15:20:04 | 000,003,072 | ---- | M] () -- C:\Windows\CTXFIGER.DLL ========== Win32 Services (SafeList) ========== SRV - [2012.01.10 18:26:35 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service) SRV - [2011.12.26 19:58:06 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.12.23 19:41:27 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP) SRV - [2011.12.23 19:33:33 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2011.11.10 04:11:20 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.06.29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.04.14 20:45:22 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeacoms.exe -- (lxea_device) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) ========== Driver Services (SafeList) ========== DRV - [2012.01.09 18:54:28 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2012.01.09 18:54:28 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2012.01.02 21:23:48 | 000,428,088 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2011.12.23 19:22:16 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2011.11.10 04:44:12 | 008,913,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011.11.10 03:12:20 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011.10.17 18:40:44 | 000,085,520 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010.11.20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - [2010.11.20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010.11.20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\terminpt.sys -- (terminpt) DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.06.09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2010.06.09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1) DRV - [2010.04.22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009.06.04 02:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k) DRV - [2009.06.04 02:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia) DRV - [2009.06.04 02:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2009.06.04 02:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2009.06.04 02:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv) DRV - [2009.06.04 02:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2009.06.04 02:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2009.06.04 02:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k) DRV - [2009.06.04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS) DRV - [2009.06.04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV - [2009.06.04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS) DRV - [2009.06.04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT) DRV - [2009.06.04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS) DRV - [2009.06.04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT) DRV - [2005.08.17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2005.08.17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2005.08.17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 1B 3E 21 A0 C1 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011.12.23 19:41:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011.12.23 19:41:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011.12.23 19:41:27 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012.01.14 12:49:21 | 000,000,193 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: virustotal.com O1 - Hosts: vscan.novirusthanks.org O1 - Hosts: irusscan.jotti.org O1 - Hosts: virscan.org O1 - Hosts: www.virus-trap.org O1 - Hosts: www.filterbit.com O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Service Agent] C:\Windows\System32\agl23s.exe () O4 - HKLM..\Run: [WindowsUpdate] C:\Google.exe File not found O4 - HKLM..\Run: [WindowsUpdateService] WindowsUpdateService.exe File not found O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Microsoft] C:\Users\Lilly\AppData\Roaming\Microsoft\service.exe (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) O4 - HKCU..\Run: [rundll32] C:\Users\Lilly\AppData\Local\Temp\rundll32 .exe File not found O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O4 - HKCU..\Run: [sysdown] C:\Users\Lilly\AppData\Local\Temp\sysdown .exe () O4 - HKCU..\Run: [Windows Service Agent] C:\Windows\System32\agl23s.exe () O4 - HKCU..\Run: [WindowsUpdate] C:\Google.exe File not found O4 - HKCU..\Run: [WinUpdtr] C:\Users\Lilly\AppData\Roaming\WinUpdtr\botables.exe (Don HO don.h@free.fr) O4 - HKLM..\RunServices: [Windows Service Agent] C:\Windows\System32\agl23s.exe () O4 - Startup: C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe () O4 - Startup: C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sysdown .exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\Lilly\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lilly\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6532558-479D-4DA7-8292-9951C32A15CE}: DhcpNameServer = O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) -C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.06.13 10:58:45 | 000,000,000 | ---D | M] - H:\Auto NEU -- [ NTFS ] O33 - MountPoints2\O\Shell - "" = AutoRun O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.11 19:42:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2012.01.11 19:42:49 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012.01.11 19:42:49 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2012.01.10 19:07:17 | 000,516,096 | ---- | C] (ashampoo GmbH & Co. KG ) -- C:\Users\Lilly\AppData\Roaming\CDC6.exe [2012.01.10 18:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision [2012.01.10 18:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia Shared [2012.01.10 18:26:31 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70.dll [2012.01.10 18:26:31 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp70.dll [2012.01.10 18:26:31 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll [2012.01.10 18:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia [2012.01.10 18:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia [2012.01.10 18:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Macromedia [2012.01.10 18:14:54 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\FileZilla [2012.01.10 18:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2012.01.10 18:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client [2012.01.09 20:59:39 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.01.09 20:50:50 | 000,516,096 | ---- | C] (ashampoo GmbH & Co. KG ) -- C:\Users\Lilly\AppData\Roaming\66A0.exe [2012.01.09 18:54:28 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys [2012.01.09 18:54:28 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys [2012.01.09 18:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson [2012.01.09 18:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Ericsson [2012.01.09 18:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson [2012.01.09 12:59:01 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\WinRAR [2012.01.09 12:59:01 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.01.09 12:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.01.09 12:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012.01.09 12:55:24 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool [2012.01.09 12:55:15 | 000,000,000 | ---D | C] -- C:\Flashtool [2012.01.07 21:44:17 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\ImgBurn [2012.01.07 21:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2012.01.07 21:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn [2012.01.07 19:38:33 | 000,000,000 | ---D | C] -- C:\Users\Lilly\.dvdcss [2012.01.07 19:17:14 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\vlc [2012.01.07 19:00:29 | 000,230,962 | ---- | C] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp03402.exe [2012.01.07 19:00:18 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Local\MPlayer [2012.01.07 18:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.01.07 18:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.01.07 18:59:29 | 000,544,656 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.01.07 18:59:29 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.01.07 18:59:29 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.01.07 18:59:29 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.01.07 18:59:23 | 000,230,962 | ---- | C] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp00670.exe [2012.01.07 18:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.01.07 18:58:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server [2012.01.07 18:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS [2012.01.07 18:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server [2012.01.07 18:40:22 | 000,230,962 | ---- | C] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp82133.exe [2012.01.07 18:11:54 | 000,230,962 | ---- | C] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp34854.exe [2012.01.07 18:04:14 | 000,230,962 | ---- | C] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp06121.exe [2012.01.06 19:22:13 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\DVDVideoSoft [2012.01.06 19:22:07 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.06 19:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.01.06 19:22:03 | 000,000,000 | ---D | C] -- C:\Users\Lilly\Documents\DVDVideoSoft [2012.01.06 19:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2012.01.06 19:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2012.01.05 12:26:27 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\WinUpdtr [2012.01.05 12:26:24 | 000,785,920 | ---- | C] (Don HO don.h@free.fr) -- C:\botables.exe [2012.01.02 21:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012.01.02 21:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2012.01.02 21:23:10 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\DAEMON Tools Lite [2012.01.02 21:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2012.01.02 21:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7 [2012.01.02 21:14:20 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\ICQ [2012.01.02 21:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.7 [2011.12.28 16:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk [2011.12.28 13:16:28 | 000,000,000 | ---D | C] -- C:\Users\Lilly\Documents\ConvertXToDVD [2011.12.28 13:15:11 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Lilly\AppData\Roaming\pcouffin.sys [2011.12.28 13:15:10 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\Vso [2011.12.28 13:15:10 | 000,000,000 | ---D | C] -- C:\Users\Lilly\Documents\PcSetup [2011.12.28 13:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO [2011.12.28 13:15:07 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc1dmod.dll [2011.12.28 13:15:07 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll [2011.12.28 13:15:07 | 000,273,408 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\Pncrt.dll [2011.12.28 13:15:07 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv43260.dll [2011.12.28 13:15:07 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv33260.dll [2011.12.28 13:15:07 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv23260.dll [2011.12.28 13:15:07 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\sipr3260.dll [2011.12.28 13:15:07 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\cook3260.dll [2011.12.28 13:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\VSO [2011.12.28 13:11:16 | 000,000,000 | ---D | C] -- C:\Users\Lilly\Desktop\Der Grinch 1080p [2011.12.28 13:07:38 | 000,000,000 | ---D | C] -- C:\Users\Lilly\Desktop\Big Daddy 1080p [2011.12.28 13:07:21 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\DYA_GMGSLTBCQOCCSBQMB [2011.12.28 13:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\DYA_GMGSLTBCQOCCSBQMB [2011.12.26 20:32:50 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\Macromedia [2011.12.26 20:32:48 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.12.26 20:19:23 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Local\Adobe [2011.12.26 20:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011.12.26 20:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.12.26 20:00:47 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\Adobe [2011.12.26 19:59:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2011.12.26 19:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2011.12.26 19:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2011.12.26 19:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark [2011.12.26 19:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\lx_Cats [2011.12.26 19:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011.12.26 19:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark S300-S400 Series [2011.12.26 19:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark [2011.12.26 03:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2011.12.25 03:00:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.12.25 03:00:48 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.12.25 03:00:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.12.25 03:00:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.12.25 03:00:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.12.25 03:00:45 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.12.24 09:28:31 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Local\ScriptPower OHG [2011.12.24 09:28:31 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Local\CrashRpt [2011.12.24 09:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.12.24 09:28:02 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2011.12.24 09:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLoad [2011.12.24 09:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\iLoad [2011.12.24 09:27:39 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\Paloma Networks, Inc [2011.12.24 09:26:29 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.12.24 09:26:28 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2011.12.24 09:26:28 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2011.12.24 09:26:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.12.24 09:26:14 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.12.24 09:26:13 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2011.12.24 09:26:12 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.12.24 09:26:11 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.12.23 19:45:32 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\Creative [2011.12.23 19:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative [2011.12.23 19:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared [2011.12.23 19:33:22 | 000,000,000 | ---D | C] -- C:\Program Files\Creative [2011.12.23 19:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative [2011.12.23 19:32:55 | 000,102,400 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\cttele32.dll [2011.12.23 19:32:49 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2011.12.23 19:32:49 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2011.12.23 19:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL [2011.12.23 19:31:45 | 000,020,480 | ---- | C] (Creative Technology Limited) -- C:\Windows\INRESGER.DLL [2011.12.23 19:31:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\Data [2011.12.23 19:31:38 | 022,691,984 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\AppSetup.exe [2011.12.23 19:31:37 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2011.12.23 19:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2011.12.23 19:30:00 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\ATI [2011.12.23 19:30:00 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Local\ATI [2011.12.23 19:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.12.23 19:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP [2011.12.23 19:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2011.12.23 19:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011.12.23 19:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2011.12.23 19:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2011.12.23 19:26:39 | 000,000,000 | ---D | C] -- C:\ATI [2011.12.23 19:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2011 [2011.12.23 19:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2011.12.23 19:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011.12.23 19:22:16 | 000,488,536 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2011.12.23 19:21:33 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2011.12.23 19:16:59 | 000,000,000 | R--D | C] -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.12.23 19:16:59 | 000,000,000 | R--D | C] -- C:\Users\Lilly\Searches [2011.12.23 19:16:59 | 000,000,000 | R--D | C] -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.12.23 19:16:52 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\Identities [2011.12.23 19:16:50 | 000,000,000 | R--D | C] -- C:\Users\Lilly\Contacts [2011.12.23 19:16:44 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Local\VirtualStore [2011.12.23 19:16:43 | 000,000,000 | --SD | C] -- C:\Users\Lilly\AppData\Roaming\Microsoft [2011.12.23 19:16:43 | 000,000,000 | R--D | C] -- C:\Users\Lilly\Videos [2011.12.23 19:16:43 | 000,000,000 | R--D | C] -- C:\Users\Lilly\Saved Games [2011.12.23 19:16:43 | 000,000,000 | R--D | C] -- C:\Users\Lilly\Pictures [2011.12.23 19:16:43 | 000,000,000 | R--D | C] -- C:\Users\Lilly\Music [2011.12.23 19:16:43 | 000,000,000 | R--D | C] -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.12.23 19:16:43 | 000,000,000 | R--D | C] -- C:\Users\Lilly\Links [2011.12.23 19:16:43 | 000,000,000 | R--D | C] -- C:\Users\Lilly\Favorites [2011.12.23 19:16:43 | 000,000,000 | R--D | C] -- C:\Users\Lilly\Downloads [2011.12.23 19:16:43 | 000,000,000 | R--D | C] -- C:\Users\Lilly\Documents [2011.12.23 19:16:43 | 000,000,000 | R--D | C] -- C:\Users\Lilly\Desktop [2011.12.23 19:16:43 | 000,000,000 | R--D | C] -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Vorlagen [2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\AppData\Local\Verlauf [2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\AppData\Local\Temporary Internet Files [2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Startmenü [2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\SendTo [2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Recent [2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Netzwerkumgebung [2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Lokale Einstellungen [2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Documents\Eigene Videos [2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Documents\Eigene Musik [2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Eigene Dateien [2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Documents\Eigene Bilder [2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Druckumgebung [2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Cookies [2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\AppData\Local\Anwendungsdaten [2011.12.23 19:16:43 | 000,000,000 | -HSD | C] -- C:\Users\Lilly\Anwendungsdaten [2011.12.23 19:16:43 | 000,000,000 | -H-D | C] -- C:\Users\Lilly\AppData [2011.12.23 19:16:43 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Local\Temp [2011.12.23 19:16:43 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Local\Microsoft [2011.12.23 19:16:43 | 000,000,000 | ---D | C] -- C:\Users\Lilly\AppData\Roaming\Media Center Programs [2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\Recovery [2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\Programme [2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop [2011.12.23 19:16:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2011.12.23 19:16:29 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011.12.23 18:33:21 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2011.12.23 18:33:16 | 000,000,000 | ---D | C] -- C:\Windows\CSC [2011.12.23 18:31:49 | 000,000,000 | -HSD | C] -- C:\Boot [2010.04.14 20:45:24 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxeaih.exe [2010.04.14 20:45:22 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeacoms.exe [2010.04.14 20:45:22 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeacfg.exe [2010.04.13 19:41:34 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeacoin.dll [2009.12.09 19:47:50 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxeapmui.dll [2009.12.09 19:43:14 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxeaserv.dll [2009.12.09 19:41:22 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeahbn3.dll [2009.12.09 19:40:12 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxeausb1.dll [2009.12.09 19:37:34 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxeahcp.dll [2009.12.09 19:36:32 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxealmpm.dll [2009.12.09 19:35:50 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeaiesc.dll [2009.12.09 19:35:44 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeacomc.dll [2009.12.09 19:35:32 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeainpa.dll [2009.06.04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll [2009.06.04 00:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.14 12:50:04 | 000,000,193 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.01.14 12:47:12 | 000,032,746 | ---- | M] () -- C:\Users\Lilly\Desktop\85104-otl-otlogfile-by-oldtimer.htm [2012.01.14 12:45:58 | 000,012,933 | -H-- | M] () -- C:\Users\Lilly\AppData\Roaming\logs.dat [2012.01.14 12:45:58 | 000,006,181 | -H-- | M] () -- C:\Users\Lilly\AppData\Roaming\Lillyv1.18.0 - Trial versionlog.dat [2012.01.14 12:43:55 | 000,132,597 | ---- | M] () -- C:\Users\Lilly\Desktop\Flash_Disinfector.exe [2012.01.14 12:39:56 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.14 12:39:56 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.14 12:39:56 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.14 12:39:56 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.14 12:33:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.14 12:33:10 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys [2012.01.13 23:26:38 | 000,055,084 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00261102}.rfx [2012.01.13 23:26:38 | 000,055,084 | ---- | M] () -- C:\Windows\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00261102}.rfx [2012.01.13 23:26:38 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00261102}.rfx [2012.01.13 23:26:09 | 000,017,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.13 23:26:09 | 000,017,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.13 23:19:57 | 007,871,362 | ---- | M] () -- C:\Users\Lilly\Desktop\SHADE+OF+GALAXY+v2.0++SP1+VRT+black+statusbar.zip [2012.01.12 11:25:53 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\AACF.exe [2012.01.12 03:30:18 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\70BD.exe [2012.01.12 03:18:39 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\C5ED.exe [2012.01.12 03:09:21 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\C4EF.exe [2012.01.11 21:49:25 | 000,761,856 | ---- | M] () -- C:\ex.exe [2012.01.11 20:30:59 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\D0D.exe [2012.01.11 20:29:44 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\E81E.exe [2012.01.11 20:04:57 | 000,166,159 | ---- | M] () -- C:\Users\Lilly\Desktop\Unbenannt.png [2012.01.11 19:40:15 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\9A2C.exe [2012.01.10 19:07:17 | 000,516,096 | ---- | M] (ashampoo GmbH & Co. KG ) -- C:\Users\Lilly\AppData\Roaming\CDC6.exe [2012.01.10 18:46:04 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\6081.exe [2012.01.10 18:37:14 | 000,001,334 | ---- | M] () -- C:\Users\Lilly\Desktop\weihnachten.html [2012.01.10 18:37:08 | 000,001,334 | ---- | M] () -- C:\Users\Lilly\Desktop\weinachten.html [2012.01.10 18:34:44 | 000,024,660 | ---- | M] () -- C:\Users\Lilly\Desktop\_wsb_310x256_Fotolia_Sonderaktion.jpg [2012.01.10 18:01:10 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\4542.exe [2012.01.10 13:40:51 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\F375.exe [2012.01.09 21:18:48 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\D95D.exe [2012.01.09 21:18:29 | 001,348,096 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe [2012.01.09 21:18:29 | 001,348,096 | ---- | M] () -- C:\Windows\System32\Ganja17.exe [2012.01.09 20:50:50 | 000,516,096 | ---- | M] (ashampoo GmbH & Co. KG ) -- C:\Users\Lilly\AppData\Roaming\66A0.exe [2012.01.09 19:49:03 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\D527.exe [2012.01.09 18:59:55 | 000,000,386 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\DBCA.exe [2012.01.09 18:55:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf [2012.01.09 18:55:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf [2012.01.09 18:54:28 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys [2012.01.09 18:54:28 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys [2012.01.09 18:38:54 | 000,000,386 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\9C66.exe [2012.01.09 18:18:41 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\1829.exe [2012.01.09 13:02:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf [2012.01.09 12:20:03 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\C3EA.exe [2012.01.07 19:00:29 | 000,230,962 | ---- | M] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp03402.exe [2012.01.07 18:59:24 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.01.07 18:59:24 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.01.07 18:59:24 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.01.07 18:59:24 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.01.07 18:59:23 | 000,230,962 | ---- | M] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp00670.exe [2012.01.07 18:58:46 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk [2012.01.07 18:40:22 | 000,230,962 | ---- | M] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp82133.exe [2012.01.07 18:11:54 | 000,230,962 | ---- | M] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp34854.exe [2012.01.07 18:04:16 | 000,230,962 | ---- | M] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp06121.exe [2012.01.05 19:48:43 | 000,246,272 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sysdown .exe [2012.01.05 19:48:43 | 000,246,272 | ---- | M] () -- C:\rundll.exe [2012.01.05 19:47:07 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\6EF6.exe [2012.01.05 12:26:27 | 000,785,920 | ---- | M] (Don HO don.h@free.fr) -- C:\botables.exe [2012.01.05 12:09:56 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\DD96.exe [2012.01.04 20:20:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012.01.04 20:20:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012.01.04 20:20:02 | 000,000,386 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\36F8.exe [2012.01.04 19:43:42 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\F131.exe [2012.01.01 19:00:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.12.30 16:24:09 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\BD36.exe [2011.12.29 16:52:32 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI [2011.12.29 16:52:13 | 000,161,628 | ---- | M] () -- C:\Users\Lilly\Desktop\fb.rtf [2011.12.29 16:10:39 | 000,916,543 | ---- | M] () -- C:\Users\Lilly\Desktop\Facebook_php.mht [2011.12.29 16:06:24 | 003,680,801 | ---- | M] () -- C:\Users\Lilly\Desktop\fb.xps [2011.12.28 16:43:19 | 000,001,057 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\vso_ts_preview.xml [2011.12.28 13:15:54 | 000,000,000 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\chrtmp [2011.12.28 13:15:11 | 000,087,608 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\inst.exe [2011.12.28 13:15:11 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Lilly\AppData\Roaming\pcouffin.sys [2011.12.28 13:15:11 | 000,007,887 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\pcouffin.cat [2011.12.28 13:15:11 | 000,001,144 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\pcouffin.inf [2011.12.28 13:15:10 | 000,001,190 | ---- | M] () -- C:\Users\Lilly\Desktop\ConvertXtoDVD 4.lnk [2011.12.28 13:07:20 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\6D91.exe [2011.12.28 13:05:19 | 001,612,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.26 20:32:48 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.12.26 20:20:18 | 001,418,565 | ---- | M] () -- C:\Users\Lilly\Desktop\fe4b3a6cdd3fe87bb41be87acb8ecc6a_b.jpg [2011.12.26 19:58:01 | 000,000,384 | ---- | M] () -- C:\Users\Public\Desktop\Vollständige Support-Software von Lexmark abrufen.LNK [2011.12.26 19:57:56 | 000,000,154 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf [2011.12.24 09:28:12 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.12.24 09:27:57 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\iLoad.lnk [2011.12.24 09:19:49 | 001,814,553 | ---- | M] () -- C:\Users\Lilly\Desktop\oO.png [2011.12.24 09:19:27 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011.12.23 19:41:26 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2011.12.23 19:41:26 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2011.12.23 19:40:06 | 000,000,803 | ---- | M] () -- C:\Users\Lilly\Desktop\Steam - Verknüpfung.lnk [2011.12.23 19:32:49 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2011.12.23 19:32:49 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2011.12.23 19:32:48 | 000,000,087 | RH-- | M] () -- C:\Windows\ctfile.rfc [2011.12.23 19:29:36 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2011.12.23 19:22:16 | 000,488,536 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2011.12.23 18:36:11 | 000,000,771 | ---- | M] () -- C:\Windows\System32\license.rtf [2011.12.23 18:31:51 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.14 12:47:07 | 000,032,746 | ---- | C] () -- C:\Users\Lilly\Desktop\85104-otl-otlogfile-by-oldtimer.htm [2012.01.14 12:43:50 | 000,132,597 | ---- | C] () -- C:\Users\Lilly\Desktop\Flash_Disinfector.exe [2012.01.13 23:20:15 | 007,871,362 | ---- | C] () -- C:\Users\Lilly\Desktop\SHADE+OF+GALAXY+v2.0++SP1+VRT+black+statusbar.zip [2012.01.12 11:25:53 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\AACF.exe [2012.01.12 03:30:18 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\70BD.exe [2012.01.12 03:18:39 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\C5ED.exe [2012.01.12 03:09:21 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\C4EF.exe [2012.01.11 21:49:23 | 000,761,856 | ---- | C] () -- C:\ex.exe [2012.01.11 20:30:59 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\D0D.exe [2012.01.11 20:29:44 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\E81E.exe [2012.01.11 20:04:57 | 000,166,159 | ---- | C] () -- C:\Users\Lilly\Desktop\Unbenannt.png [2012.01.11 19:40:15 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\9A2C.exe [2012.01.10 18:46:04 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\6081.exe [2012.01.10 18:34:52 | 000,024,660 | ---- | C] () -- C:\Users\Lilly\Desktop\_wsb_310x256_Fotolia_Sonderaktion.jpg [2012.01.10 18:28:11 | 000,001,334 | ---- | C] () -- C:\Users\Lilly\Desktop\weinachten.html [2012.01.10 18:28:11 | 000,001,334 | ---- | C] () -- C:\Users\Lilly\Desktop\weihnachten.html [2012.01.10 18:01:10 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\4542.exe [2012.01.10 13:40:51 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\F375.exe [2012.01.09 21:18:48 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\D95D.exe [2012.01.09 21:18:33 | 001,348,096 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe [2012.01.09 21:18:28 | 001,348,096 | ---- | C] () -- C:\Windows\System32\Ganja17.exe [2012.01.09 19:49:03 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\D527.exe [2012.01.09 18:59:55 | 000,000,386 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\DBCA.exe [2012.01.09 18:55:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf [2012.01.09 18:55:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf [2012.01.09 18:38:54 | 000,000,386 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\9C66.exe [2012.01.09 18:18:41 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\1829.exe [2012.01.09 13:02:35 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf [2012.01.09 12:20:03 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\C3EA.exe [2012.01.07 21:35:40 | 000,001,827 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2012.01.07 18:58:46 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk [2012.01.05 19:48:45 | 000,246,272 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sysdown .exe [2012.01.05 19:48:42 | 000,246,272 | ---- | C] () -- C:\rundll.exe [2012.01.05 19:47:07 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\6EF6.exe [2012.01.05 12:09:56 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\DD96.exe [2012.01.04 20:20:04 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2012.01.04 20:20:04 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2012.01.04 20:20:02 | 000,000,386 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\36F8.exe [2012.01.04 19:43:42 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\F131.exe [2012.01.02 21:34:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.01.01 19:00:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.12.30 16:24:09 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\BD36.exe [2011.12.29 16:52:32 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.12.29 16:52:13 | 000,161,628 | ---- | C] () -- C:\Users\Lilly\Desktop\fb.rtf [2011.12.29 16:10:37 | 000,916,543 | ---- | C] () -- C:\Users\Lilly\Desktop\Facebook_php.mht [2011.12.29 16:06:22 | 003,680,801 | ---- | C] () -- C:\Users\Lilly\Desktop\fb.xps [2011.12.28 13:15:54 | 000,000,000 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\chrtmp [2011.12.28 13:15:52 | 000,001,057 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\vso_ts_preview.xml [2011.12.28 13:15:11 | 000,087,608 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\inst.exe [2011.12.28 13:15:11 | 000,007,887 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\pcouffin.cat [2011.12.28 13:15:11 | 000,001,144 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\pcouffin.inf [2011.12.28 13:15:10 | 000,001,190 | ---- | C] () -- C:\Users\Lilly\Desktop\ConvertXtoDVD 4.lnk [2011.12.28 13:07:20 | 001,049,837 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\6D91.exe [2011.12.26 20:18:18 | 001,418,565 | ---- | C] () -- C:\Users\Lilly\Desktop\fe4b3a6cdd3fe87bb41be87acb8ecc6a_b.jpg [2011.12.26 20:01:28 | 000,001,095 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk [2011.12.26 20:00:38 | 000,001,181 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk [2011.12.26 20:00:04 | 000,001,361 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk [2011.12.26 19:59:53 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk [2011.12.26 19:58:59 | 000,001,057 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk [2011.12.26 19:58:01 | 000,000,384 | ---- | C] () -- C:\Users\Public\Desktop\Vollständige Support-Software von Lexmark abrufen.LNK [2011.12.26 19:57:56 | 000,000,154 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf [2011.12.24 09:28:12 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.12.24 09:27:57 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\iLoad.lnk [2011.12.24 09:19:49 | 001,814,553 | ---- | C] () -- C:\Users\Lilly\Desktop\oO.png [2011.12.24 09:19:27 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011.12.23 19:40:06 | 000,000,803 | ---- | C] () -- C:\Users\Lilly\Desktop\Steam - Verknüpfung.lnk [2011.12.23 19:34:31 | 000,055,084 | ---- | C] () -- C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00261102}.rfx [2011.12.23 19:34:31 | 000,055,084 | ---- | C] () -- C:\Windows\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00261102}.rfx [2011.12.23 19:34:31 | 000,000,788 | ---- | C] () -- C:\Windows\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00261102}.rfx [2011.12.23 19:34:04 | 000,007,062 | ---- | C] () -- C:\Windows\System32\audiopid.vxd [2011.12.23 19:32:48 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2011.12.23 19:32:48 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2011.12.23 19:32:48 | 000,000,087 | RH-- | C] () -- C:\Windows\ctfile.rfc [2011.12.23 19:31:45 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIGER.DLL [2011.12.23 19:29:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.12.23 19:22:43 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2011.12.23 19:22:43 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2011.12.23 19:17:00 | 000,001,413 | ---- | C] () -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.12.23 18:32:54 | 2616,057,856 | -HS- | C] () -- C:\hiberfil.sys [2011.12.23 18:31:51 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2011.12.23 18:31:49 | 000,383,786 | RHS- | C] () -- C:\bootmgr [2011.11.10 03:28:32 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2011.11.10 03:28:32 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll [2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011.10.21 20:30:14 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.07.28 20:23:32 | 001,049,837 | RHS- | C] () -- C:\Windows\System32\agl23s.exe [2010.11.21 01:30:51 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.11.21 01:30:51 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.11.21 01:30:51 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.11.21 01:30:51 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.11.20 22:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.11.09 08:06:26 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeainsb.dll [2009.11.09 08:06:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeacub.dll [2009.11.09 08:06:06 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeacu.dll [2009.11.09 08:05:54 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeains.dll [2009.11.09 07:59:58 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxeagcfg.dll [2009.10.21 10:06:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeacui.dll [2009.09.09 19:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 001,612,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.06.08 00:40:42 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxeainsr.dll [2009.06.08 00:40:40 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeacur.dll [2009.06.08 00:40:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeajswr.dll [2009.06.08 00:36:22 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeagrd.dll [2009.06.08 00:20:10 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeacuir.dll [2009.06.04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini [2009.06.04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini [2009.06.04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll [2009.06.04 00:40:44 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat [2009.06.04 00:40:44 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat [2009.06.04 00:36:30 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe [2009.06.04 00:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe [2009.05.27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini [2009.04.28 07:56:30 | 000,024,064 | ---- | C] () -- C:\Windows\System32\lxeasmr.dll [2009.02.20 08:48:04 | 000,299,008 | ---- | C] () -- C:\Windows\System32\lxeasm.dll [2008.03.05 02:55:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeavs.dll [2005.04.08 03:16:43 | 000,012,933 | -H-- | C] () -- C:\Users\Lilly\AppData\Roaming\logs.dat [2005.04.08 03:16:43 | 000,006,181 | -H-- | C] () -- C:\Users\Lilly\AppData\Roaming\Lillyv1.18.0 - Trial versionlog.dat ========== LOP Check ========== [2012.01.04 19:44:03 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\DAEMON Tools Lite [2012.01.06 19:24:30 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\DVDVideoSoft [2012.01.06 19:23:55 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.28 13:07:21 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\DYA_GMGSLTBCQOCCSBQMB [2012.01.10 18:37:45 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\FileZilla [2012.01.14 12:33:40 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\ICQ [2012.01.07 22:58:10 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\ImgBurn [2011.12.24 09:27:39 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\Paloma Networks, Inc [2011.12.28 16:43:20 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\Vso [2012.01.05 12:26:27 | 000,000,000 | ---D | M] -- C:\Users\Lilly\AppData\Roaming\WinUpdtr [2009.07.14 05:53:46 | 000,008,696 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BFM6JT01H5GK4MX1T3WF6XJ7KJKXFSVF7VB4VP4GV < End of report > |
![]() | #2 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Log-Analyse und Auswertung hi
__________________würdest du es persönlich nicht höflicher finden, wenn andere etwas wollen das sie vllt erst einmal eine kurze einleitung schreiben, du hast weder nen vernünftigen themen titel noch ne problembeschreibung gewählt. ich sehe zwar schon einiges, aber es ist immer hilfreich zu wissen, welche probleme den leuten aufgefallen sind. :-) dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL PRC - [2010.11.20 22:29:11 | 001,169,224 | -HS- | M] (Microsoft Corporation) -- C:\Windows\Temp\svhost.exe MOD - [2012.01.05 19:48:43 | 000,246,272 | -HS- | M] () -- C:\Users\Lilly\AppData\Local\Temp\sysdown .exe O1 - Hosts: virustotal.com O1 - Hosts: vscan.novirusthanks.org O1 - Hosts: irusscan.jotti.org O1 - Hosts: virscan.org O1 - Hosts: www.virus-trap.org O1 - Hosts: www.filterbit.com O4 - HKLM..\Run: [Windows Service Agent] C:\Windows\System32\agl23s.exe () O4 - HKLM..\Run: [WindowsUpdate] C:\Google.exe File not found O4 - HKLM..\Run: [WindowsUpdateService] WindowsUpdateService.exe File not found O4 - HKCU..\Run: [Microsoft] C:\Users\Lilly\AppData\Roaming\Microsoft\service.exe (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) O4 - HKCU..\Run: [rundll32] C:\Users\Lilly\AppData\Local\Temp\rundll32 .exe File not found O4 - HKCU..\Run: [sysdown] C:\Users\Lilly\AppData\Local\Temp\sysdown .exe () O4 - HKCU..\Run: [Windows Service Agent] C:\Windows\System32\agl23s.exe () O4 - HKCU..\Run: [WindowsUpdate] C:\Google.exe File not found O4 - HKCU..\Run: [WinUpdtr] C:\Users\Lilly\AppData\Roaming\WinUpdtr\botables.exe (Don HO don.h@free.fr) O4 - HKLM..\RunServices: [Windows Service Agent] C:\Windows\System32\agl23s.exe () O4 - Startup: C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe () O4 - Startup: C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sysdown .exe () [2012.01.10 19:07:17 | 000,516,096 | ---- | C] (ashampoo GmbH & Co. KG ) -- C:\Users\Lilly\AppData\Roaming\CDC6.exe [2012.01.09 20:50:50 | 000,516,096 | ---- | C] (ashampoo GmbH & Co. KG ) -- C:\Users\Lilly\AppData\Roaming\66A0.exe [2012.01.07 19:00:29 | 000,230,962 | ---- | C] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp03402.exe [2012.01.07 18:59:23 | 000,230,962 | ---- | C] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp00670.exe [2012.01.07 18:40:22 | 000,230,962 | ---- | C] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp82133.exe [2012.01.07 18:11:54 | 000,230,962 | ---- | C] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp34854.exe [2012.01.07 18:04:14 | 000,230,962 | ---- | C] (sudore fo strato puntai ornai ogni gustai rombo prenda sorge gelidi sei spesi mense vino degna rubate du marmo more svelti canile) -- C:\Users\Lilly\AppData\Roaming\mp06121.exe [2012.01.05 12:26:24 | 000,785,920 | ---- | C] (Don HO don.h@free.fr) -- C:\botables.exe [2012.01.14 12:45:58 | 000,012,933 | -H-- | M] () -- C:\Users\Lilly\AppData\Roaming\logs.dat [2012.01.12 11:25:53 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\AACF.exe [2012.01.12 03:18:39 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\C5ED.exe [2012.01.12 03:30:18 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\70BD.exe [2012.01.12 03:09:21 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\C4EF.exe [2012.01.11 21:49:25 | 000,761,856 | ---- | M] () -- C:\ex.exe [2012.01.11 20:30:59 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\D0D.exe [2012.01.11 20:29:44 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\E81E.exe [2012.01.11 19:40:15 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\9A2C.exe [2012.01.10 19:07:17 | 000,516,096 | ---- | M] (ashampoo GmbH & Co. KG ) -- C:\Users\Lilly\AppData\Roaming\CDC6.exe [2012.01.10 18:46:04 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\6081.exe [2012.01.10 18:01:10 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\4542.exe [2012.01.10 13:40:51 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\F375.exe [2012.01.09 21:18:48 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\D95D.exe [2012.01.09 21:18:29 | 001,348,096 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe [2012.01.09 21:18:29 | 001,348,096 | ---- | M] () -- C:\Windows\System32\Ganja17.exe [2012.01.09 20:50:50 | 000,516,096 | ---- | M] (ashampoo GmbH & Co. KG ) -- C:\Users\Lilly\AppData\Roaming\66A0.exe [2012.01.09 19:49:03 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\D527.exe [2012.01.09 18:59:55 | 000,000,386 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\DBCA.exe [2012.01.09 18:38:54 | 000,000,386 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\9C66.exe [2012.01.09 18:18:41 | 001,049,837 | ---- | M] () -- C:\Users\Lilly\AppData\Roaming\1829.exe :Files C:\Windows\Temp\svhost.exe C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sysdown .exe C:\Users\Lilly\AppData\Local\Temp\sysdown .exe C:\Windows\System32\agl23s.exe C:\Users\Lilly\AppData\Roaming\Microsoft\service.exe C:\Users\Lilly\AppData\Roaming\WinUpdtr C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. folge dem link, und lade das archiv im upload channel hoch http://www.trojaner-board.de/54791-a...ner-board.html
__________________ |
![]() |
Themen zu Log-Analyse und Auswertung |
adobe, alternate, autorun, avp.exe, bho, black, bonjour, converter, defender, device driver, explorer, firefox, format, ftp, galaxy, helper, installation, kaspersky, langs, log-analyse und auswertung, logfile, mp3, photoshop, plug-in, registry, rundll, scan, security, software, tastatur, temp, virus, webcheck, windows |