TR/Agent.qazy.1472 & TR/Trash.gen die Streitrosse des Teufels

Bleu'd'Q

Während der OTL Quick-scan lief bekam ich 2 Warnungen von Avira 'TR.Spy.Bebloh.53'


OTL logfile created on: 22.04.2010 22:35:30 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Dokumente und Einstellungen\Hektor\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.012,00 Mb Total Physical Memory | 615,00 Mb Available Physical Memory | 61,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 105,94 Gb Total Space | 80,16 Gb Free Space | 75,67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HEXE
Current User Name: Hektor
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.04.22 22:32:35 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hektor\Desktop\OTL.exe
PRC - [2010.03.28 14:39:17 | 000,133,368 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.0\ICQ.exe
PRC - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.08.05 12:00:50 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.09 13:34:32 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.05.20 15:11:40 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe
PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.03.09 17:49:18 | 000,037,888 | ---- | M] () -- C:\Programme\Winamp\winampa.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.07.11 15:36:50 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Dokumente und Einstellungen\Hektor\Lokale Einstellungen\Temp\RtkBtMnt.exe
PRC - [2008.06.04 18:10:02 | 000,114,688 | ---- | M] (InterVideo Inc.) -- C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
PRC - [2008.05.26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Desktop Search\WindowsSearch.exe
PRC - [2008.05.22 15:30:16 | 000,425,984 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2008.05.14 05:14:34 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\QtZgAcer.EXE
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.02.28 09:00:10 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2010.04.22 22:32:35 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hektor\Desktop\OTL.exe
MOD - [2009.05.20 15:11:06 | 000,023,864 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\mgAdaptersProxy.dll
MOD - [2006.07.11 18:35:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\SweetIM\Messenger\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.08.05 12:00:50 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.09 13:34:32 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008.11.06 01:45:13 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.07.18 16:05:40 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010.03.08 21:29:05 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.09 13:34:32 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.27 23:24:24 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.07.08 03:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.07.01 05:27:44 | 000,108,800 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.05.20 17:31:26 | 001,312,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008.05.20 11:53:00 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.05.05 15:01:02 | 000,254,976 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2008.04.25 03:17:10 | 000,225,024 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.04.14 14:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.14 14:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008.04.14 14:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008.04.14 14:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008.04.14 14:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008.04.14 14:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008.04.14 14:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008.04.14 14:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008.04.14 14:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008.04.14 14:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008.04.14 14:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008.04.14 14:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008.04.14 14:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008.04.14 14:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008.04.14 14:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008.04.14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2008.04.14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008.04.14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008.02.15 07:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004.12.08 08:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 445
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ant.com"
FF - prefs.js..browser.startup.homepage: "resource:/browserconfig.properties"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


[2009.04.09 01:14:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Mozilla\Extensions
[2010.04.11 12:27:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Mozilla\Firefox\Profiles\3m5vvznf.default\extensions
[2009.07.05 20:34:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Mozilla\Firefox\Profiles\3m5vvznf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.12 00:39:32 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Mozilla\Firefox\Profiles\3m5vvznf.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009.07.07 14:23:11 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Mozilla\Firefox\Profiles\3m5vvznf.default\searchplugins\sweetim.xml
[2010.04.12 13:55:14 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - File not found
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [M3000Mnt] File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe ()
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224161720014 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Hektor\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Hektor\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.11 15:23:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9df76930-409b-11df-a9ac-0022697eafc5}\Shell - "" = AutoRun
O33 - MountPoints2\{9df76930-409b-11df-a9ac-0022697eafc5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9df76930-409b-11df-a9ac-0022697eafc5}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{b9ee00b6-3c0b-11df-a99e-0022697eafc5}\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe -- File not found
O33 - MountPoints2\{fe7e96b8-b1d4-11dd-a739-0022697eafc5}\Shell\Auto\command - "" = D:\activexdebugger32.exe -- File not found
O33 - MountPoints2\{fe7e96b8-b1d4-11dd-a739-0022697eafc5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe7e96b8-b1d4-11dd-a739-0022697eafc5}\Shell\explore\Command - "" = D:\activexdebugger32.exe -- File not found
O33 - MountPoints2\{fe7e96b8-b1d4-11dd-a739-0022697eafc5}\Shell\open\Command - "" = D:\activexdebugger32.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008.08.27 15:13:31 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010.04.22 22:32:26 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hektor\Desktop\OTL.exe
[2010.04.21 00:37:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Lokale Einstellungen\Anwendungsdaten\Yahoo
[2010.04.21 00:31:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo!
[2010.04.20 20:15:06 | 000,000,000 | ---D | C] -- C:\Programme\Safari
[2010.04.20 19:22:03 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.04.20 19:22:02 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.20 18:45:47 | 000,000,000 | ---D | C] -- C:\Avenger
[2010.04.20 18:17:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Malwarebytes
[2010.04.20 18:16:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware
[2010.04.20 18:16:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.20 18:16:47 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.20 18:16:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.20 18:16:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.04.20 17:49:53 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Hektor\Recent
[2010.04.20 17:38:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Desktop\CCleaner
[2010.04.20 17:38:16 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.04.20 13:17:06 | 000,000,000 | ---D | C] -- C:\Programme\TrendMicro
[2010.04.20 13:09:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Desktop\HiJackThis
[2010.04.16 19:42:47 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.04.16 19:36:23 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.04.16 01:27:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Lokale Einstellungen\Anwendungsdaten\Move Networks
[2010.04.06 23:34:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2010.04.05 20:27:39 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.04.05 20:27:29 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.04.02 22:56:23 | 000,000,000 | -HSD | C] -- C:\found.000
[2010.03.31 09:30:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.03.30 17:03:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Apple Computer
[2010.03.30 17:01:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010.03.30 16:59:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2010.03.30 16:58:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Lokale Einstellungen\Anwendungsdaten\Apple
[2010.03.30 16:58:52 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.03.30 16:57:29 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2010.03.30 16:57:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
[2010.03.30 16:55:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Lokale Einstellungen\Anwendungsdaten\Apple Computer
[2010.03.29 13:54:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Eigene Dateien\Downloads
[2010.03.28 17:21:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Desktop\Emma
[2010.03.12 00:39:36 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.03.12 00:39:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Lokale Einstellungen\Anwendungsdaten\Conduit
[2010.03.12 00:39:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoft
[2010.03.09 20:52:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Lokale Einstellungen\Anwendungsdaten\AOL
[2010.03.09 20:52:32 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.0
[2010.03.08 23:37:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Facebook
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010.04.22 22:32:35 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hektor\Desktop\OTL.exe
[2010.04.22 22:20:25 | 000,000,494 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2010.04.22 22:20:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.22 22:20:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.22 22:19:59 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.22 20:01:31 | 005,767,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Hektor\ntuser.dat
[2010.04.22 20:01:31 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Hektor\ntuser.ini
[2010.04.22 19:52:11 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Hektor\Desktop\2kkbgtql.exe
[2010.04.22 12:32:16 | 003,004,263 | ---- | M] () -- C:\Dokumente und Einstellungen\Hektor\Desktop\DSC00236.JPG
[2010.04.22 12:18:40 | 000,034,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Hektor\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.21 01:20:04 | 000,002,163 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk
[2010.04.20 20:16:12 | 000,055,200 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.04.20 19:26:55 | 000,781,909 | ---- | M] () -- C:\Dokumente und Einstellungen\Hektor\Desktop\RSIT.exe
[2010.04.19 23:42:56 | 000,000,616 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.04.15 10:17:59 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010.04.10 22:43:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.31 09:30:23 | 001,110,356 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.31 09:30:23 | 000,485,732 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.03.31 09:30:23 | 000,442,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.31 09:30:23 | 000,095,400 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.03.31 09:30:23 | 000,072,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.09 20:54:20 | 000,001,493 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ICQ7.lnk
[2010.03.08 21:29:05 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.22 19:51:31 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Hektor\Desktop\2kkbgtql.exe
[2010.04.22 12:32:16 | 003,004,263 | ---- | C] () -- C:\Dokumente und Einstellungen\Hektor\Desktop\DSC00236.JPG
[2010.04.22 12:22:21 | 001,424,031 | ---- | C] () -- C:\Dokumente und Einstellungen\Hektor\Desktop\DSC00227.JPG
[2010.04.22 12:21:57 | 001,438,800 | ---- | C] () -- C:\Dokumente und Einstellungen\Hektor\Desktop\DSC00237.JPG
[2010.04.22 12:21:48 | 001,459,005 | ---- | C] () -- C:\Dokumente und Einstellungen\Hektor\Desktop\DSC00223.JPG
[2010.04.20 20:16:12 | 000,055,200 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.04.20 20:15:18 | 000,002,163 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk
[2010.04.20 19:26:55 | 000,781,909 | ---- | C] () -- C:\Dokumente und Einstellungen\Hektor\Desktop\RSIT.exe
[2010.04.15 10:17:59 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010.03.09 20:54:20 | 000,001,493 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ICQ7.lnk
[2009.04.01 19:07:24 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.04.01 19:07:24 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008.07.11 17:16:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.05 09:01:02 | 000,254,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2008.04.14 14:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008.02.15 07:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2007.07.13 08:49:00 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2006.03.10 23:15:44 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005.03.29 00:45:26 | 000,000,141 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2003.09.22 07:49:36 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2002.11.22 02:57:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2002.11.22 02:57:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2002.11.22 02:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2002.11.22 02:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2002.11.22 02:57:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2002.11.22 02:57:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

========== LOP Check ==========

[2010.03.09 20:53:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2010.03.29 10:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
[2009.07.07 14:23:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
[2008.11.06 01:44:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2008.08.27 15:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010.03.30 17:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.04.03 22:22:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Any Video Converter
[2010.03.08 23:37:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Facebook
[2010.04.13 18:48:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\ICQ
[2008.11.06 01:45:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\TuneUp Software
[2009.06.05 23:11:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Windows Desktop Search
[2008.10.29 20:27:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Windows Live Writer
[2009.06.06 12:25:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Windows Search
[2010.04.22 22:20:25 | 000,000,494 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: FTDISK.SYS >
[2008.04.14 14:00:00 | 000,126,336 | ---- | M] (Microsoft Corporation) MD5=8F1955CE42E1484714B542F341647778 -- C:\WINDOWS\system32\dllcache\ftdisk.sys
[2008.04.14 14:00:00 | 000,126,336 | ---- | M] (Microsoft Corporation) MD5=8F1955CE42E1484714B542F341647778 -- C:\WINDOWS\system32\drivers\ftdisk.sys

< MD5 for: NDIS.SYS >
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.07.11 17:14:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.07.11 17:14:34 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.07.11 17:14:34 | 000,438,272 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >