UKASH-Trojaner "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"

OTL logfile created on: 27.08.2012 20:16:19 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003  Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,94 Gb Total Physical Memory | 3,34 Gb Available Physical Memory | 84,99% Memory free
5,68 Gb Paging File | 5,52 Gb Available in Paging File | 97,21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 18,86 Gb Free Space | 38,62% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 166,01 Gb Free Space | 90,20% Space Free | Partition Type: NTFS
Drive E: | 310,51 Gb Total Space | 290,68 Gb Free Space | 93,62% Space Free | Partition Type: NTFS
Drive F: | 310,51 Gb Total Space | 148,26 Gb Free Space | 47,75% Space Free | Partition Type: NTFS
Drive G: | 310,50 Gb Total Space | 242,59 Gb Free Space | 78,13% Space Free | Partition Type: NTFS
Drive M: | 232,88 Gb Total Space | 232,80 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive N: | 232,88 Gb Total Space | 232,80 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
 
Computer Name: PC-NICKEL | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.27 19:43:20 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.15 20:27:47 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010.08.18 01:31:42 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2009.12.07 15:38:02 | 001,128,008 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2009.11.26 13:50:52 | 000,302,152 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan)
SRV - [2009.11.25 03:07:32 | 001,731,504 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2009.11.25 03:05:05 | 001,664,560 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2009.08.08 12:33:28 | 000,397,896 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2008.10.24 14:14:42 | 000,668,976 | ---- | M] (REINER SCT) [Auto | Stopped] -- C:\WINDOWS\SysWOW64\cjpcsc.exe -- (cjpcsc)
SRV - [2008.07.25 12:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.03.03 20:13:16 | 000,121,392 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008.03.03 20:12:38 | 000,150,064 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2008.03.03 20:12:34 | 000,109,104 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2007.11.30 17:23:02 | 000,186,928 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.03.23 10:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2007.02.17 01:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006.08.22 21:05:00 | 000,585,216 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SysWOW64\ati2saag.exe -- (ATI Smart)
SRV - [2006.06.14 23:11:40 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2005.03.25 14:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SysWOW64\wdfmgr.exe -- (UMWdf)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2009.10.11 11:56:05 | 000,022,528 | ---- | M] (G DATA Software AG) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\GDNdisIc.sys -- (GDNdisIc)
DRV - [2009.08.30 18:07:03 | 000,051,784 | ---- | M] (G DATA Software AG) [Kernel | Auto | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)
DRV - [2007.11.30 17:22:14 | 000,026,160 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2007.03.23 10:02:48 | 000,024,880 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2006.07.25 21:54:50 | 000,007,680 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\variable.sys -- (EfiVariable)
DRV - [2005.07.22 23:44:50 | 000,123,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\Drivers\LMOUKE.sys -- (LMouKE)
DRV - [2005.07.22 23:43:56 | 000,104,960 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\L8042MOU.SYS -- (L8042mou)
DRV - [2005.06.01 09:55:06 | 000,039,424 | R--- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\GVCplDrv64.sys -- (GVCPLDrv64)
DRV - [2005.05.03 17:34:09 | 000,033,280 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\Drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005.03.25 14:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2005.03.25 14:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-1669873307-2758126395-1878032800-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1669873307-2758126395-1878032800-500\..\SearchScopes,DefaultScope = {379670E5-B4B8-4BB8-A8E1-EA940A8FF03E}
IE - HKU\S-1-5-21-1669873307-2758126395-1878032800-500\..\SearchScopes\{379670E5-B4B8-4BB8-A8E1-EA940A8FF03E}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1669873307-2758126395-1878032800-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1669873307-2758126395-1878032800-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.07.31 21:54:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.11.22 19:24:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2009.01.03 18:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2009.01.03 18:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\cv38ddf1.default\extensions
[2009.10.11 12:27:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF
 
Hosts file not found
O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG)
O2:64bit: - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files (x86)\Ipswitch\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
O2 - BHO: (no name) - {CC2FDBAF-B03A-44C4-B830-8B281EFECE1C} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)
O3:64bit: - HKU\S-1-5-21-1669873307-2758126395-1878032800-500\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKU\S-1-5-21-1669873307-2758126395-1878032800-500\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKU\S-1-5-21-1669873307-2758126395-1878032800-500\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4:64bit: - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [WSManHTTPConfig] C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\912\WSManHTTPConfig.exe ()
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files (x86)\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG)
O4 - HKLM..\Run: [IntelAudioStudio] C:\Program Files (x86)\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe File not found
O4 - HKU\S-1-5-21-1669873307-2758126395-1878032800-500..\Run: [WallPaper] C:\Program Files (x86)\Wallpaper Changer\WallPaper.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1669873307-2758126395-1878032800-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00  [binary data]
O7 - HKU\S-1-5-21-1669873307-2758126395-1878032800-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1669873307-2758126395-1878032800-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O15 - HKU\S-1-5-21-1669873307-2758126395-1878032800-500\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-1669873307-2758126395-1878032800-500\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {439B6D3C-A359-4D73-8515-2AFE8CF90C08} hxxp://www.tradesignalonline.com/gallery/components/axts5we.cab (Reg Error: Key error.)
O16 - DPF: {439B6D3C-A359-4D73-8515-2AFE8CF90C08} hxxp://www.tradesignalonline.com/_v8/charts/bin/axts5we.cab (TS4WCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188048589843 (WUWebControl Class)
O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} https://notes.itgain.de/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB7B2101-9011-4F2A-9986-7758D5AEE56E}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -  File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (userinit) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) -  File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) -  File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) -  File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) -  File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) -  File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) -  File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) -  File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006.09.29 01:29:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3e174d14-e915-11e1-85ff-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{3e174d14-e915-11e1-85ff-005056c00008}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3e174d14-e915-11e1-85ff-005056c00008}\Shell\AutoRun\command - "" = I:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.27 19:55:43 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012.08.27 14:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\hellomoto
[2012.08.18 11:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mp3tag
[2012.08.18 11:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2012.08.18 11:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mp3tag
[2012.08.18 11:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2012.08.08 22:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Digital Editions
[2012.08.08 22:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2009.05.30 22:23:37 | 000,082,816 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.27 19:53:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.08.27 19:43:20 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012.08.27 14:54:17 | 003,932,214 | ---- | M] () -- C:\WINDOWS\default.bmp
[2012.08.26 22:27:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.08.19 12:36:30 | 000,015,742 | ---- | M] () -- C:\WINDOWS\UEDIT32.INI
[2012.08.18 11:55:52 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mp3tag.lnk
[2012.08.15 22:17:55 | 000,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.08.15 20:27:37 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2012.08.15 20:27:37 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.15 20:27:28 | 009,232,584 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe
[2012.08.09 21:41:38 | 000,000,432 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2012.08.08 22:02:24 | 000,001,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Digital Editions.lnk
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.18 11:55:52 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mp3tag.lnk
[2012.08.08 22:02:24 | 000,001,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Digital Editions.lnk
[2010.12.23 21:59:14 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.10 14:43:31 | 000,219,805 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\mdbu.bin
[2009.05.31 13:14:45 | 000,009,391 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\profile.ini
[2009.05.30 22:29:13 | 000,011,114 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MainApp.dll
[2009.05.30 22:23:37 | 000,099,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2009.05.30 22:23:37 | 000,007,859 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2009.05.30 22:23:37 | 000,001,167 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2009.02.07 19:41:29 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\.zreglib
[2006.12.03 22:29:34 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
 
========== LOP Check ==========
 
[2010.12.12 14:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BOM
[2012.07.02 20:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2012.03.30 19:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EAC
[2012.04.06 17:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\elsterformular
[2009.06.17 22:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Flash Undelete Software
[2012.08.27 14:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FRITZ!
[2012.08.27 14:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\hellomoto
[2007.03.18 21:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lexware
[2012.08.18 14:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mp3tag
[2007.12.27 12:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2007.12.27 12:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2009.03.22 19:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2009.12.20 13:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\tradesignal
[2009.05.30 22:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2007.03.18 21:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BTrieve
[2009.02.28 17:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2012.07.01 20:36:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012.07.02 20:36:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012.07.01 21:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2009.05.30 22:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Configs
[2008.03.07 19:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cyberJack Base Components
[2009.05.30 22:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVDXStudio
[2012.04.06 17:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ElsterFormular
[2007.04.09 14:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fun communications
[2009.03.20 12:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G DATA
[2007.12.27 12:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2007.03.18 22:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexware
[2007.12.27 12:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010.01.10 14:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photo Dose
[2009.04.10 18:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\REINER SCT
[2009.06.28 14:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tages
[2010.09.03 21:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012.08.27 14:51:51 | 000,032,310 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\SysWow64\shdocvw.dll:Updt_SummaryInformation
@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FF81EB0

< End of report >