Win XP - BKA Trojaner - kein abgesicherter Modus - Logfile OTLPE

OTL logfile created on: 9/9/2013 2:32:17 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,014.00 Mb Total Physical Memory | 808.00 Mb Available Physical Memory | 80.00% Memory free
902.00 Mb Paging File | 845.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37.26 Gb Total Space | 11.86 Gb Free Space | 31.84% Space Free | Partition Type: NTFS
Drive D: | 30.28 Gb Total Space | 9.37 Gb Free Space | 30.95% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (AppMgmt)
SRV - [2013/09/08 18:08:52 | 000,160,228 | ---- | M] (Sumitomo Forestry Corporation) [Auto] -- C:\DOKUME~1\ALLUSE~1\ANWEND~1\0rfdoiwj.plz -- (winmgmt)
SRV - [2012/11/01 22:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/13 22:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/08/31 11:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2006/01/16 04:25:02 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/01/06 16:25:12 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/12/21 04:06:28 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005/11/28 08:38:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/11/28 08:38:42 | 000,167,936 | ---- | M] (Sony Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/11/28 08:38:34 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/11/25 08:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/11/24 11:03:22 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/11/24 10:57:44 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/24 10:47:30 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/10/11 06:07:50 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/10/11 06:02:02 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/07/14 13:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/05/20 12:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/01/04 06:09:36 | 000,398,336 | ---- | M] (Sony Corporation) [Auto] -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe -- (VCI)
SRV - [2003/07/28 06:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (usb9162k)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand] --  -- (NIEthernetDeviceEnumerator)
DRV - File not found [Kernel | On_Demand] --  -- (niemrkw)
DRV - File not found [Kernel | On_Demand] --  -- (MBAMSwissArmy)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] --  -- (hwdatacard)
DRV - File not found [Kernel | On_Demand] --  -- (esgiguard)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2013/04/10 21:18:40 | 000,302,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/12/09 22:28:36 | 000,142,176 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/11/07 22:49:26 | 000,250,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/18 22:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/30 22:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 07:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 07:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 07:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/08/31 11:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/08 07:48:07 | 000,047,616 | -H-- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2008/04/13 18:16:10 | 000,049,024 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008/04/13 18:16:08 | 000,013,696 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2006/04/07 04:06:38 | 000,038,496 | RH-- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2006/02/20 17:12:00 | 000,077,824 | -H-- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2006/01/17 12:32:44 | 003,325,312 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/11/07 00:58:30 | 000,011,354 | -H-- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/10/18 03:53:24 | 000,998,656 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 03:52:34 | 000,202,112 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 03:52:30 | 000,721,280 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/09/21 05:22:42 | 000,468,768 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ExpasAG.sys -- (LEX_AS_NIC_SERVICE_YNOS)
DRV - [2005/06/29 01:35:10 | 003,173,888 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/07/14 06:54:42 | 000,676,864 | -H-- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/07/06 09:07:06 | 000,045,627 | RH-- | M] (Utimaco Safeware AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\privatediskm.sys -- (PrivateDisk)
DRV - [2004/05/11 13:11:02 | 000,099,968 | -H-- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2004/04/28 04:03:08 | 000,328,448 | -H-- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2003/09/29 00:31:38 | 000,094,601 | -H-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2000/12/05 11:18:02 | 000,003,952 | -H-- | M] (Sony Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 06:15:08 | 000,048,896 | -H-- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
 
IE - HKU\Roland_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Roland_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://spowww.sbg.ac.at/iffb/index.php?id=9
IE - HKU\Roland_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\Roland_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\WINDOWS\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG2012\Firefox4\ [2013/05/21 04:13:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Programme\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 06:32:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/03/30 20:03:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/06/04 02:43:44 | 000,000,000 | ---D | M]
 
[2013/05/12 16:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010/08/12 06:39:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/12 06:39:09 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/22 20:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/11/08 21:17:46 | 000,002,313 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2010/07/22 20:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010/07/22 20:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/07/22 20:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/07/22 20:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/09/27 08:18:38 | 000,000,850 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Roland_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Roland_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [PDService.exe] C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VAIO Update 2] C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Roland\Startmenü\Programme\Autostart\Dropbox.lnk =  File not found
O4 - Startup: C:\Dokumente und Einstellungen\Roland\Startmenü\Programme\Autostart\Greenshot.lnk = C:\Programme\Greenshot\Greenshot.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Roland\Startmenü\Programme\Autostart\jwiodfr0.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Roland\Startmenü\Programme\Autostart\lfbew7tfr.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 36592 = C:\DOKUME~1\ALLUSE~1\LOCALS~1\Temp\msrahqv.com
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Roland_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/23 07:14:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) - C:\Programme\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/08 18:09:26 | 000,160,228 | ---- | C] (Sumitomo Forestry Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rft7webfl.plz
[2013/09/08 18:08:52 | 000,160,228 | ---- | C] (Sumitomo Forestry Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0rfdoiwj.plz
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/08 18:19:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/08 18:12:49 | 095,025,368 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\jwiodfr0.pff
[2013/09/08 18:12:47 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lfbew7tfr.ctrl
[2013/09/08 18:12:46 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\jwiodfr0.ctrl
[2013/09/08 18:12:09 | 000,001,086 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/08 18:10:21 | 095,025,368 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lfbew7tfr.pff
[2013/09/08 18:10:01 | 000,000,806 | ---- | M] () -- C:\Dokumente und Einstellungen\Roland\Startmenü\Programme\Autostart\lfbew7tfr.lnk
[2013/09/08 18:09:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/09/08 18:09:26 | 000,160,228 | ---- | M] (Sumitomo Forestry Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rft7webfl.plz
[2013/09/08 18:09:04 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Roland\Startmenü\Programme\Autostart\jwiodfr0.lnk
[2013/09/08 18:08:52 | 000,160,228 | ---- | M] (Sumitomo Forestry Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0rfdoiwj.plz
[2013/09/08 17:57:01 | 000,001,090 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/08 15:39:05 | 136,409,437 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2013/09/07 20:42:44 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Roland\Desktop\Microsoft Office Word 2003.lnk
[2013/09/05 17:11:48 | 000,293,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2013/09/04 17:25:39 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/01 18:20:16 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\Roland\Desktop\Microsoft Office Excel 2003.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/08 18:09:55 | 000,000,806 | ---- | C] () -- C:\Dokumente und Einstellungen\Roland\Startmenü\Programme\Autostart\lfbew7tfr.lnk
[2013/09/08 18:09:51 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lfbew7tfr.ctrl
[2013/09/08 18:09:31 | 095,025,368 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lfbew7tfr.pff
[2013/09/08 18:09:04 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Roland\Startmenü\Programme\Autostart\jwiodfr0.lnk
[2013/09/08 18:09:04 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\jwiodfr0.ctrl
[2013/09/08 18:08:56 | 095,025,368 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\jwiodfr0.pff
[2013/04/06 11:51:22 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\AltShell.ini
[2013/03/13 10:18:54 | 000,281,838 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2910071037-2566558608-459476299-1007-0.dat
[2013/03/13 10:18:45 | 000,281,838 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2013/02/23 06:15:52 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\onvhe.sys
[2012/11/23 09:12:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/02 07:49:06 | 000,000,031 | ---- | C] () -- C:\WINDOWS\DateWiz.ini
[2012/04/04 09:35:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\pxisys.ini
[2012/04/04 09:35:48 | 000,000,030 | ---- | C] () -- C:\WINDOWS\pxiesys.ini
[2012/03/10 11:25:40 | 000,000,141 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2012/03/09 05:16:40 | 000,000,078 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat
[2012/02/22 19:21:14 | 000,000,272 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~iV3aIBsSnnn0Dj
[2012/02/22 19:21:14 | 000,000,184 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~iV3aIBsSnnn0Djr
[2012/02/22 19:21:12 | 000,000,464 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\iV3aIBsSnnn0Dj
[2012/02/14 18:46:31 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/01 11:14:38 | 000,000,040 | -H-- | C] () -- C:\WINDOWS\BO6050.INI
[2011/12/01 11:13:56 | 000,000,468 | -H-- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/12/01 11:13:56 | 000,000,026 | -H-- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/11/08 06:08:48 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Roland\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2011/08/14 13:26:55 | 000,000,085 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avbase.dat
[2011/07/08 07:50:33 | 000,003,287 | -H-- | C] () -- C:\WINDOWS\Motus32.INI
[2011/07/08 07:48:07 | 000,000,383 | -H-- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2011/05/23 06:10:40 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2011/05/23 06:10:40 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2010/08/12 06:27:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/31 08:44:29 | 000,866,837 | ---- | C] () -- C:\Dokumente und Einstellungen\Roland\test1.wmv
[2010/05/14 17:25:21 | 000,052,224 | ---- | C] () -- C:\Dokumente und Einstellungen\Roland\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/11 17:28:51 | 000,007,680 | -H-- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL
[2010/05/10 05:48:44 | 000,001,025 | -H-- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/05/10 05:48:44 | 000,001,025 | -H-- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010/05/10 05:48:44 | 000,001,025 | -H-- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010/05/10 05:48:44 | 000,000,205 | -H-- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/05/10 05:48:44 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2010/05/04 04:54:00 | 000,000,159 | -H-- | C] () -- C:\WINDOWS\hpbafd.ini
[2010/05/02 18:31:20 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/05/02 17:10:20 | 000,000,718 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2010/05/02 16:45:09 | 000,019,968 | -H-- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2010/05/02 16:42:36 | 000,000,057 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2010/05/02 16:37:41 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Roland\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/01/22 18:04:16 | 000,000,689 | -H-- | C] () -- C:\WINDOWS\m3jpeg.ini
[2009/08/27 15:04:44 | 000,557,003 | -H-- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/08/27 15:04:32 | 000,811,835 | -H-- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/08/27 15:03:52 | 004,456,201 | -H-- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/08/25 14:07:36 | 000,328,334 | -H-- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/08/25 13:38:04 | 000,425,040 | -H-- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/08/25 12:56:56 | 000,829,781 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/25 12:37:02 | 000,146,098 | -H-- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/08/11 16:21:26 | 000,087,552 | -H-- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/06/02 13:15:44 | 000,113,152 | -H-- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/06/02 13:15:18 | 000,146,944 | -H-- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/06/02 13:15:04 | 000,183,296 | -H-- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/06/02 13:14:56 | 000,178,688 | -H-- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/06/02 13:14:30 | 000,486,400 | -H-- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/06/02 13:13:58 | 000,257,024 | -H-- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/06/02 13:13:50 | 000,142,848 | -H-- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/06/02 13:11:26 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/06/02 13:11:16 | 000,085,504 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/10 18:17:32 | 000,163,840 | -H-- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/10 18:16:56 | 000,148,480 | -H-- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/10 18:16:50 | 000,108,032 | -H-- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/10 18:16:14 | 000,141,312 | -H-- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/10 18:16:04 | 000,335,872 | -H-- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2009/01/10 18:15:54 | 000,120,832 | -H-- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/10 18:15:44 | 000,159,744 | -H-- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 18:15:36 | 000,103,424 | -H-- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2009/01/10 18:15:32 | 000,102,400 | -H-- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/10 18:15:28 | 000,246,784 | -H-- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/10 18:15:12 | 000,097,280 | -H-- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/10 18:15:06 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2009/01/10 18:14:08 | 000,079,360 | -H-- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/10 18:14:06 | 000,023,552 | -H-- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/03 18:11:50 | 000,180,224 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 12:37:32 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/13 05:30:20 | 000,000,137 | -H-- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/02/26 10:31:06 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\niscdrau.dll
[2007/02/21 13:30:50 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini
[2006/03/08 12:18:04 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/02/24 05:46:05 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/24 04:45:02 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/02/24 04:45:02 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/02/24 04:45:02 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/02/24 04:45:02 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/02/24 04:45:02 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/02/24 04:45:02 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/02/24 04:34:17 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2006/02/24 04:32:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/02/23 11:22:52 | 000,143,360 | -H-- | C] () -- C:\WINDOWS\System32\WLANDLL.DLL
[2006/02/23 07:34:05 | 000,000,849 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2006/02/23 07:16:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/02/23 07:12:13 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/23 07:07:05 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/02/23 07:06:10 | 000,287,704 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/02/22 23:00:43 | 000,004,152 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/22 23:00:29 | 000,486,018 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006/02/22 23:00:29 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006/02/22 23:00:29 | 000,096,366 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006/02/22 23:00:29 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006/02/22 23:00:13 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/22 23:00:10 | 000,462,678 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/22 23:00:10 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/22 23:00:10 | 000,080,272 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/22 23:00:10 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/22 23:00:08 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/22 23:00:08 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/22 23:00:05 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/02/22 23:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/22 23:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/22 22:59:51 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/22 22:59:42 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/11/01 04:53:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2003/05/01 03:35:32 | 005,709,824 | -H-- | C] () -- C:\WINDOWS\System32\lvrt.dll
[2003/04/23 04:49:06 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\DNCompInfo.dll
[2003/02/20 11:53:42 | 000,005,702 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010/07/18 15:25:02 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\sony
[2013/03/27 18:34:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software
[2011/11/06 08:36:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\54A58
[2011/07/25 11:24:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\Ashampoo
[2012/02/24 15:23:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\AVG
[2012/02/24 10:36:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\AVG2012
[2011/11/05 05:27:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\B5E28
[2011/07/21 08:42:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\Babylon
[2011/07/21 08:43:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\BabylonToolbar
[2010/11/25 12:34:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\Dartfish
[2012/11/08 21:23:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\DesktopIconForAmazon
[2010/12/16 21:27:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\DirektFotoSystem3
[2013/09/08 13:04:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\Dropbox
[2013/03/27 18:38:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\DVDVideoSoft
[2012/11/24 20:08:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011/11/05 23:07:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\EndNote
[2013/02/28 15:59:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\Evybma
[2012/03/01 19:06:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\Exer
[2010/06/07 06:24:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\FreeScreenToVideo
[2010/05/06 02:21:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\Greenshot
[2011/10/21 13:10:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\ICAClient
[2013/07/19 11:01:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\inkscape
[2011/05/26 14:09:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\InterVideo
[2010/11/25 10:03:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\Kinovea
[2011/03/27 17:08:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\Leadertech
[2011/11/05 20:40:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\Litlink v41
[2011/06/10 18:44:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\mquadr.at
[2011/11/05 20:38:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\net.dacons.menucontrol
[2013/02/28 15:59:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\Nohe
[2013/03/27 18:22:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\OpenCandy
[2011/05/26 07:20:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\PersBackup5
[2010/08/12 06:19:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\PlagiarismFinder
[2011/08/08 16:53:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\PriceGong
[2013/02/28 16:04:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\Ryaze
[2012/02/22 20:11:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\Simply Super Software
[2011/07/21 08:44:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\To-Do DeskList
[2013/03/27 18:28:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\TuneUp Software
[2012/03/01 18:43:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\Voam
[2012/03/01 19:01:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\Xagiuz
[2011/07/22 06:55:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roland\Anwendungsdaten\XMedia Recode
[2012/04/19 07:52:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\529C50A800048CF05F7E5AB5D151FC84
[2011/07/25 11:07:06 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2013/05/27 08:27:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2012
[2011/07/21 08:42:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2011/03/15 04:35:23 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2010/11/25 12:33:18 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Dartfish
[2010/12/07 13:56:58 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ike.software
[2011/06/10 18:44:29 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\m2backup
[2013/05/21 04:13:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2011/06/10 18:44:29 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at
[2012/06/04 02:47:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\National Instruments
[2010/08/12 06:19:05 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PlagiarismFinder
[2010/11/25 12:11:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel
[2013/04/02 20:26:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2013/04/04 17:20:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thomson.ResearchSoft.Installers
[2013/03/27 18:32:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2013/03/27 21:56:12 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0B4227B4
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9
< End of report >