National Cyber Crime Trojaner / Logfiles. Naechste Schritte...

tsv4ever

Hallo zusammen,

ich habe mir auch diesen Bundespolizei National Cyber Crime Trojaner eingefangen.
Ich habe mich bislang an die entsprechenden Schritte aus dem Forum gehalten
Habe auf meinem REatogoXPE System OTLPE ausgefuehrt und den Scan gemacht.
Da jetzt gesagt wurde, ich solle die LogDatei oti.txt posten, mache ich das jetzt mal
Ich waere Euch sehr dankbar, wenn ihr mir dann sagen koenntet, was ich als naechstes machen soll.
Danke im Voraus!
/////////////////////
Hier die oti.txt

OTL logfile created on: 4/24/2012 11:53:10 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 77.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 75.31 Gb Total Space | 17.48 Gb Free Space | 23.21% Space Free | Partition Type: NTFS
Drive D: | 71.30 Gb Total Space | 12.38 Gb Free Space | 17.37% Space Free | Partition Type: NTFS
Drive E: | 2.44 Gb Total Space | 0.25 Gb Free Space | 10.32% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/04/23 12:33:29 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/10/09 10:02:32 | 000,055,144 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/06/28 14:10:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 11:47:25 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/27 08:14:31 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/11/19 10:31:52 | 001,051,968 | ---- | M] (TuneUp Software) [Auto] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/11/19 10:29:54 | 000,030,016 | ---- | M] (TuneUp Software) [Auto] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/09/11 06:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009/02/06 12:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/08/07 13:26:44 | 000,611,664 | ---- | M] (Lavasoft) [Auto] -- C:\Programme\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/04/21 18:27:06 | 000,498,952 | ---- | M] () [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2008/04/20 19:07:18 | 000,431,384 | ---- | M] (Acronis) [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/06/15 11:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/05/15 14:17:11 | 000,221,184 | ---- | M] (Sony DADC Austria AG.) [Auto] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)
SRV - [2005/04/01 20:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [2004/10/21 22:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (oUltraf)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (8de302a8-c142-4cb6-99a2-dbec0bcc64e9)
DRV - File not found [Kernel | On_Demand] -- -- (53d98f3b-4c2c-48ae-82c0-c2f7285e6cb4)
DRV - [2011/06/28 14:10:50 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 14:10:50 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 09:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/24 08:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/01/23 15:21:17 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2010/01/23 15:21:17 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/01/23 15:21:06 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2010/01/23 15:20:57 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2009/06/29 12:00:50 | 000,112,640 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/04/09 07:38:30 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/03/04 21:02:36 | 000,041,120 | ---- | M] (Realtek) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV - [2009/03/04 04:27:16 | 000,032,288 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2009/03/04 04:27:14 | 000,074,912 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/02/13 05:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009/01/19 14:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008/10/09 07:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2008/10/09 07:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/11/11 13:18:57 | 000,096,832 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007/02/22 06:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/02/22 06:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 06:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007/02/22 06:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2007/02/15 20:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2006/11/21 23:25:08 | 002,829,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/11/10 10:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/12/04 16:58:03 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2005/12/04 16:56:16 | 000,664,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2005/11/14 13:43:33 | 000,162,432 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ithsgt.sys -- (ithsgt)
DRV - [2005/11/14 13:43:32 | 000,012,032 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lilsgt.sys -- (lilsgt)
DRV - [2005/04/25 05:43:58 | 000,159,616 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Vax347b.sys -- (Vax347b)
DRV - [2004/10/08 07:59:11 | 000,326,656 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2004/10/08 07:57:48 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/10/07 10:09:22 | 000,115,744 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/10/07 10:05:05 | 000,080,576 | ---- | M] (Protection Technology) [Kernel | System] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/04/30 04:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Vax347s.sys -- (Vax347s)
DRV - [2003/12/01 11:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/18 19:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/06 08:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/01/10 04:56:34 | 000,030,921 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SQCaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator.JULIANWILKE_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Julian_Wilke_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\Julian_Wilke_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Julian_Wilke_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Programme\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2061: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2122: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1059: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010/05/03 11:57:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Programme\Object\facetheme [2011/08/07 10:33:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/03/27 16:42:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/06/06 17:01:02 | 000,000,000 | ---D | M]

[2010/06/17 13:58:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator.JULIANWILKE\Anwendungsdaten\mozilla\Extensions
[2010/06/18 09:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator.JULIANWILKE\Anwendungsdaten\mozilla\Firefox\Profiles\1pht7h6t.default\extensions
[2010/06/18 09:52:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator.JULIANWILKE\Anwendungsdaten\mozilla\Firefox\Profiles\1pht7h6t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/11 12:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008/12/18 05:16:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2012/03/27 16:42:31 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2008/02/22 11:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2011/10/03 07:32:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/03 07:32:25 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011/10/03 07:32:25 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/03 07:32:25 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/03 07:32:25 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/03 07:32:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010/06/26 07:23:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Facetheme) - {cbc5b60a-aa4d-45f6-84c2-d086f320299a} - C:\Programme\Object\bho_project.dll (InternetEngine)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\Julian_Wilke_ON_C..\Run: [] C:\Dokumente und Einstellungen\Julian Wilke\Lokale Einstellungen\Temp\wpbt0.dll ()
O4 - HKU\Julian_Wilke_ON_C..\Run: [{5CA00908-CD11-2F76-C3BC-3F87C2FDCAC0}] File not found
O4 - Startup: C:\Dokumente und Einstellungen\Julian Wilke\Startmenü\Programme\Autostart\Webshots.lnk = C:\Programme\Webshots\Launcher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.JULIANWILKE_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Julian_Wilke_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://as.photoprintit.de/ips-opdata/activex/IPSUploader.cab (IPSUploader Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop BackupWallPaper:
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/11 17:59:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Webshots.lnk - C:\Programme\Webshots\Launcher.exe - ()
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: LexwareInfoService - hkey= - key= - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/23 12:33:28 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/19 05:45:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Vivento
[2012/04/17 15:54:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Mitarbeiter Kundendatenbankmanagement
[2012/04/15 09:44:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Wetuzet
[2012/04/15 09:44:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Noup
[2012/04/12 13:31:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Headhunter
[2012/04/01 11:33:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Telekom
[2012/03/31 14:04:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Michael Page
[2012/03/27 04:36:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Deutsche Post Database Marketing
[2005/12/05 16:55:34 | 000,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347b.sys
[2005/12/05 16:55:34 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347s.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/24 16:08:00 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/24 14:19:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/24 14:17:38 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/24 14:17:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/24 14:17:09 | 1341,706,240 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/23 14:12:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/23 12:33:28 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/23 12:33:27 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/22 10:58:49 | 000,002,501 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Word.lnk
[2012/04/21 15:19:03 | 004,893,111 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\REWE_Broschuere_09.pdf
[2012/04/21 11:52:21 | 001,345,382 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Fakten_und_Zahlen_zum_deutschen_Reisemarkt_2010.pdf
[2012/04/18 05:08:39 | 003,068,147 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Bewerbung Julian Wilke Mitarbeiter Kundendatenbankmanagement_CRM-System.pdf
[2012/04/18 04:29:49 | 000,001,534 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/04/17 16:00:13 | 000,065,490 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\congstar_ManagerReporting_Datawarehouse_C40.pdf
[2012/04/17 06:55:03 | 000,492,262 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\artikel_stadtanzeiger_2011_web.jpg
[2012/04/12 17:43:07 | 000,506,418 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/04/12 17:43:07 | 000,481,082 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/12 17:43:07 | 000,098,486 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/04/12 17:43:07 | 000,082,908 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/12 17:37:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/12 13:38:30 | 000,039,999 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CV_Julian Wilke.pdf
[2012/04/06 14:09:02 | 005,200,031 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\die ärzte - Quadrophenia (offizielles Video).mp3
[2012/04/06 07:31:54 | 003,068,051 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Bewerbung Junior Manger operatives CRM Julian Wilke.pdf
[2012/04/03 13:54:34 | 000,109,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/01 05:32:36 | 000,001,534 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\iTunes.lnk
[2012/03/31 10:51:31 | 000,406,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\IMG_4212-001.JPG
[2012/03/31 08:47:47 | 000,052,956 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\51XZufENFML._SS500_.jpg
[2012/03/30 10:25:04 | 000,035,695 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\facebook_disconnect-2.1.1-fx.xpi
[2012/03/27 09:55:24 | 001,304,243 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Zeugnisse geringere Auflösung.pdf
[2012/03/27 09:53:03 | 000,554,140 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Zeugnis Aktion Mensch geringere Auflösung.pdf
[2012/03/27 09:52:21 | 000,088,116 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\3.pdf
[2012/03/27 09:51:52 | 000,110,190 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCI27032012_00002.JPG
[2012/03/27 09:50:38 | 000,215,806 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\1.pdf
[2012/03/27 09:49:56 | 000,277,066 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCI27032012_00001.JPG
[2012/03/27 09:48:26 | 000,258,306 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\2.pdf
[2012/03/27 09:47:13 | 000,328,908 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCI27032012_00000.JPG
[2012/03/27 09:45:35 | 000,399,366 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCF27032012_00000.pdf
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/21 15:19:02 | 004,893,111 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\REWE_Broschuere_09.pdf
[2012/04/21 11:52:21 | 001,345,382 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Fakten_und_Zahlen_zum_deutschen_Reisemarkt_2010.pdf
[2012/04/18 05:08:31 | 003,068,147 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Bewerbung Julian Wilke Mitarbeiter Kundendatenbankmanagement_CRM-System.pdf
[2012/04/18 04:29:49 | 000,001,534 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/04/17 16:00:05 | 000,065,490 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\congstar_ManagerReporting_Datawarehouse_C40.pdf
[2012/04/17 06:55:01 | 000,492,262 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\artikel_stadtanzeiger_2011_web.jpg
[2012/04/16 14:52:55 | 000,039,999 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CV_Julian Wilke.pdf
[2012/04/07 06:10:16 | 000,035,695 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\facebook_disconnect-2.1.1-fx.xpi
[2012/04/06 14:08:23 | 005,200,031 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\die ärzte - Quadrophenia (offizielles Video).mp3
[2012/04/06 07:27:52 | 003,068,051 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Bewerbung Junior Manger operatives CRM Julian Wilke.pdf
[2012/04/01 05:32:36 | 000,001,534 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\iTunes.lnk
[2012/03/31 10:51:31 | 000,406,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\IMG_4212-001.JPG
[2012/03/31 08:47:43 | 000,052,956 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\51XZufENFML._SS500_.jpg
[2012/03/27 09:55:21 | 001,304,243 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Zeugnisse geringere Auflösung.pdf
[2012/03/27 09:52:20 | 000,088,116 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\3.pdf
[2012/03/27 09:51:52 | 000,110,190 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCI27032012_00002.JPG
[2012/03/27 09:49:56 | 000,277,066 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCI27032012_00001.JPG
[2012/03/27 09:48:25 | 000,258,306 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\2.pdf
[2012/03/27 09:47:12 | 000,328,908 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCI27032012_00000.JPG
[2012/03/27 09:45:35 | 000,399,366 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCF27032012_00000.pdf
[2012/03/27 09:36:47 | 000,215,806 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\1.pdf
[2012/03/27 04:49:59 | 000,554,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Zeugnis Aktion Mensch geringere Auflösung.pdf
[2011/12/27 11:47:28 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2011/10/14 14:32:48 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/04/28 14:39:48 | 000,000,875 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\.recently-used.xbel
[2011/02/17 17:27:45 | 000,197,024 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010/06/03 08:31:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/04/21 10:24:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/06/16 07:25:02 | 000,121,512 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4
[2009/03/08 10:27:59 | 000,015,428 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\RefEdit.exd
[2008/10/08 12:43:41 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat
[2008/10/08 12:41:12 | 000,031,664 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/05/16 05:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/04/15 14:04:48 | 000,033,732 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/16 09:23:50 | 000,000,043 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2008/01/07 14:49:06 | 000,006,812 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/01/07 14:40:44 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2007/12/20 17:50:19 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2007/12/20 16:47:34 | 000,000,816 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2007/06/11 12:47:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/03/18 14:03:57 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/03/18 14:03:54 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2007/03/18 14:03:53 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/03/18 14:03:53 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/03/18 14:03:53 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/03/18 14:03:51 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/03/18 14:03:50 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2007/01/21 15:05:47 | 000,000,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\FixVTS.ini
[2006/11/24 14:02:32 | 000,000,468 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/11/24 14:02:32 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/11/24 14:02:32 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/11/24 13:59:43 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf05a.dat
[2006/11/24 13:59:09 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2006/11/21 23:07:59 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2006/09/28 16:27:00 | 000,001,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2006/09/24 11:19:03 | 000,000,065 | ---- | C] () -- C:\WINDOWS\gvcasinos.ini
[2006/08/06 13:35:26 | 000,017,867 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2006/08/06 11:32:24 | 000,000,851 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-Ogg Vorbis aoTuV b4 SSE2.dat
[2006/08/06 11:31:55 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat
[2006/03/28 18:41:31 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2006/02/07 19:07:07 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2005/11/14 13:43:32 | 000,162,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\ithsgt.sys
[2005/11/14 13:43:32 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\lilsgt.sys
[2005/11/09 12:53:10 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2005/11/09 12:46:23 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2005/11/09 12:46:13 | 000,138,101 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/06/18 17:49:01 | 000,003,152 | ---- | C] () -- C:\WINDOWS\tm.ini
[2005/06/01 14:04:47 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/06/01 14:04:47 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/06/01 14:04:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/06/01 14:04:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/06/01 14:04:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/06/01 14:04:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/04/30 02:28:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\telephon.ini
[2005/04/30 02:27:04 | 000,172,032 | ---- | C] () -- C:\WINDOWS\WSBTN.DLL
[2005/04/30 02:27:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\wsutil.exe
[2005/04/26 07:57:07 | 000,519,024 | ---- | C] () -- C:\WINDOWS\System32\burst.dll
[2005/04/26 07:57:06 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\winxp32.sys
[2005/03/19 12:55:43 | 000,000,123 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/03/19 12:12:01 | 000,000,063 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/18 16:26:01 | 000,000,565 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2005/03/13 12:59:32 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/03/12 13:15:23 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2005/03/12 12:47:22 | 000,109,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/12 12:31:09 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/11 19:09:01 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2005/03/11 19:09:01 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005/03/11 19:05:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/03/11 19:05:02 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/03/11 19:04:54 | 000,006,107 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/03/11 18:48:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/03/11 17:55:58 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/03/11 17:48:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/03/11 17:47:15 | 000,185,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,506,418 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/08/04 08:00:00 | 000,481,082 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,098,486 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/08/04 08:00:00 | 000,082,908 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/10/28 12:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2001/10/10 03:57:58 | 000,073,786 | ---- | C] () -- C:\WINDOWS\System32\dntvmc23.dll
[2001/10/10 03:57:58 | 000,061,497 | ---- | C] () -- C:\WINDOWS\System32\dntvm23.dll
[2001/08/27 14:40:56 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/27 14:39:30 | 000,004,484 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/03/07 03:02:30 | 000,229,431 | ---- | C] () -- C:\WINDOWS\System32\dnt23.dll
[1999/01/27 08:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 02:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/01/23 15:23:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Acronis
[2010/05/03 11:57:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Vodafone
[2005/07/02 10:02:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\.cptool
[2011/04/06 13:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Amazon
[2011/10/21 12:43:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Azureus
[2010/05/03 11:57:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Bytemobile
[2006/01/15 11:38:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Computent Systems
[2007/07/16 16:38:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\DeepBurner
[2012/04/22 13:52:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Dropbox
[2012/03/31 08:11:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\DVDVideoSoft
[2011/08/07 08:11:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\DVDVideoSoftIEHelpers
[2008/07/12 13:26:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\fotobuch.de AG
[2008/01/07 14:41:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\FotoWire
[2011/02/26 16:31:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\gtk-2.0
[2007/03/18 14:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Haufe
[2007/10/13 04:10:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Hiermit startenRipIt4Me
[2007/08/26 12:16:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\InfraRecorder
[2005/03/13 09:15:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Kazaa Lite
[2009/04/05 10:57:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Lexware
[2009/06/27 10:14:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Nokia
[2009/11/27 17:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Notepad++
[2012/04/15 12:05:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Noup
[2009/06/26 02:20:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\PC Suite
[2008/01/11 13:29:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\PersBackup
[2011/03/01 13:18:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\ProtectDisc
[2007/07/15 14:43:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\RipIt4Me
[2011/09/18 10:24:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Scan2PDF
[2007/01/22 12:34:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\SlySoft
[2009/04/11 06:06:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\TuneUp Software
[2010/05/03 11:59:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Vodafone
[2009/10/26 15:50:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Webshots
[2012/04/23 12:40:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Wetuzet
[2010/05/05 12:10:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Bytemobile
[2008/05/18 07:31:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2007/03/03 09:25:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2008/07/13 14:58:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Colormailer Photobooks
[2011/02/28 13:34:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DATA BECKER Downloads
[2008/07/12 13:26:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fotobuch.de AG
[2007/03/03 09:15:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe
[2010/09/05 12:00:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ifolor
[2007/11/10 10:03:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2009/04/05 10:57:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2005/11/07 14:10:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NFS Underground
[2009/06/26 02:20:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2008/12/23 10:22:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2007/11/17 10:14:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
[2008/08/07 12:53:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010/12/27 08:13:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010/05/03 11:57:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone
[2009/03/27 15:11:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/05/20 13:50:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/06 09:13:14 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/09/10 13:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/26 01:39:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/12/27 08:13:04 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2007/03/10 15:03:25 | 000,000,000 | ---D | M] -- C:\1a266c44ca408cebe4293f
[2007/01/02 08:31:57 | 000,000,000 | ---D | M] -- C:\ATI
[2007/11/17 13:34:06 | 000,000,000 | ---D | M] -- C:\CloneDVDTemp
[2006/04/01 09:04:29 | 000,000,000 | ---D | M] -- C:\Converted Music
[2010/06/17 13:57:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2012/04/22 13:51:37 | 000,000,000 | R--D | M] -- C:\Dropbox
[2008/10/14 12:42:48 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2009/06/27 06:10:07 | 000,000,000 | ---D | M] -- C:\Gigaset_WLAN11
[2007/01/26 12:51:10 | 000,000,000 | ---D | M] -- C:\My Shared Folder
[2012/03/27 10:03:43 | 000,000,000 | ---D | M] -- C:\Programme
[2011/10/14 14:32:48 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin
[2010/06/16 15:26:08 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2010/06/16 17:13:42 | 000,000,000 | ---D | M] -- C:\rsit(2)
[2011/03/01 18:21:17 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/04/13 15:49:12 | 000,000,000 | ---D | M] -- C:\WINDOWS

< %PROGRAMFILES%\*.exe >

Invalid Environment Variable: %LOCALAPPDATA%\*.exe

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/20 10:50:26 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/20 10:50:26 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/20 10:50:26 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/20 10:50:26 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004/08/04 08:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/13 09:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 09:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/08/04 08:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USER32.DLL >
[2005/03/02 14:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007/03/08 11:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005/03/02 14:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004/08/04 08:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007/03/08 11:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

< MD5 for: USERINIT.EXE >
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004/08/04 08:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 08:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2004/08/04 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004/08/04 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/03/11 18:46:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/03/11 18:46:16 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/03/11 18:46:15 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2012/03/02 00:00:10 | 011,082,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2012/03/01 07:00:08 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 22:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 22:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2011/01/21 10:44:10 | 008,503,296 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll

Invalid Environment Variable: %USERPROFILE%\*.*

Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe

Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll

Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe

< End of report >