Trojaner TR/kazy.mekml.1 (laut AntiVir) ?

OTL logfile created on: 20.04.2011 15:09:30 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\San\Desktop
Windows XP Professional Edition Service Pack 3, v.5857 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.3244)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 518,00 Mb Available Physical Memory | 51,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 19,53 Gb Total Space | 6,81 Gb Free Space | 34,87% Space Free | Partition Type: NTFS
Drive D: | 11,95 Gb Total Space | 11,87 Gb Free Space | 99,35% Space Free | Partition Type: NTFS
Drive G: | 149,05 Gb Total Space | 32,84 Gb Free Space | 22,03% Space Free | Partition Type: NTFS
 
Computer Name: PIKACHU | User Name: San | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.20 15:07:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\San\Desktop\OTL.exe
PRC - [2011.04.18 21:31:14 | 000,569,344 | -H-- | M] (BitSprx) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PFmPbJoHGuT.exe
PRC - [2011.03.18 19:56:37 | 000,924,632 | -H-- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.03.04 14:36:20 | 000,135,336 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.04 14:36:11 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.04 14:36:11 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.19 10:49:20 | 000,144,672 | -H-- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2007.12.29 14:05:17 | 000,486,856 | -H-- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe
PRC - [2007.10.30 23:51:22 | 001,036,800 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.10.30 23:51:14 | 000,012,288 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\attrib.exe
PRC - [2004.12.28 06:08:24 | 000,253,952 | -H-- | M] () -- C:\Programme\Mouse Driver\MouseDriver.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.20 15:07:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\San\Desktop\OTL.exe
MOD - [2007.10.30 23:51:10 | 000,278,528 | -H-- | M] () -- C:\WINDOWS\ofadagak.dll
MOD - [2007.10.30 23:49:12 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3244_x-ww_d74fff41\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.03.04 14:36:20 | 000,135,336 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.04 14:36:11 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.19 10:49:20 | 000,144,672 | -H-- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2005.04.04 01:41:10 | 000,069,632 | -H-- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.04 16:11:12 | 000,137,656 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.03.04 14:36:34 | 000,061,960 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 14:26:52 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.07.21 18:30:48 | 003,565,056 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.05.05 09:58:30 | 000,013,976 | -H-- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2008.11.06 07:13:33 | 000,044,696 | -H-- | M] (Phantombility, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\phmcd.sys -- (phmcd)
DRV - [2008.06.20 13:08:27 | 000,225,856 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008.01.22 16:50:42 | 000,715,248 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.01.18 16:16:28 | 000,100,648 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016obex.sys -- (a016obex)
DRV - [2008.01.18 16:16:26 | 000,110,504 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016mdm.sys -- (a016mdm)
DRV - [2008.01.18 16:16:26 | 000,104,488 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016mgmt.sys -- (a016mgmt) Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM)
DRV - [2008.01.18 16:16:24 | 000,015,016 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016mdfl.sys -- (a016mdfl)
DRV - [2008.01.18 16:16:22 | 000,083,880 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016bus.sys -- (a016bus) Sony Ericsson Device A016 driver (WDM)
DRV - [2007.10.30 18:47:08 | 000,010,624 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007.10.30 18:44:36 | 000,088,320 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007.01.16 19:28:00 | 000,165,376 | -H-- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007.01.16 19:27:59 | 000,018,048 | -H-- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2005.06.20 16:08:44 | 002,324,480 | RH-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005.03.04 05:10:26 | 000,074,496 | -H-- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004.08.31 20:07:08 | 000,026,240 | -H-- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2004.08.09 13:33:26 | 000,114,016 | -H-- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.08.09 13:29:28 | 000,053,920 | -H-- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004.08.03 23:31:36 | 000,032,768 | -H-- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004.08.03 22:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2004.07.19 16:49:54 | 000,007,040 | -H-- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2004.02.12 19:11:28 | 000,003,968 | -H-- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2003.12.16 19:13:02 | 000,034,297 | -H-- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2003.12.01 17:20:52 | 000,004,832 | -H-- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.10.02 17:25:48 | 000,011,264 | RH-- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003.07.01 22:42:00 | 000,027,904 | -H-- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003.03.25 18:50:46 | 000,004,096 | RH-- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\siside.sys -- (SiSide)
DRV - [2003.01.13 11:43:56 | 000,030,720 | RH-- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2002.10.17 16:14:46 | 000,049,024 | RH-- | M] (Windows (R) 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002.08.20 18:19:08 | 000,009,472 | RH-- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002.07.17 19:03:10 | 000,008,584 | -H-- | M] (AIPTEK International Inc.                                   ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stv680m.sys -- (STV680m)
DRV - [2002.07.17 19:03:08 | 000,111,800 | -H-- | M] (AIPTEK International Inc.                                   ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stv680.sys -- (STV680)
DRV - [2001.08.23 14:00:00 | 000,063,232 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.08.23 14:00:00 | 000,055,936 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001.08.17 15:00:04 | 000,002,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-515967899-789336058-1708537768-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-515967899-789336058-1708537768-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tattoodle.com?tid={B1310335-40C3-4490-97C0-C6FA98242D82}
IE - HKU\S-1-5-21-515967899-789336058-1708537768-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} -  File not found
IE - HKU\S-1-5-21-515967899-789336058-1708537768-1003\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programme\AskSearch\bin\DefaultSearch.dll ()
IE - HKU\S-1-5-21-515967899-789336058-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-515967899-789336058-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}:0.7.2
 
FF - HKLM\software\mozilla\Firefox\extensions\\{CA4A6ABB-34A1-4CB4-9665-84E8B5130EAF}: C:\Dokumente und Einstellungen\San\Lokale Einstellungen\Anwendungsdaten\{CA4A6ABB-34A1-4CB4-9665-84E8B5130EAF} [2011.04.18 21:32:59 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.19 22:23:13 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.19 22:23:13 | 000,000,000 | -H-D | M]
 
[2008.08.29 17:10:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Mozilla\Extensions
[2011.04.19 22:14:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Mozilla\Firefox\Profiles\dh96igz4.default\extensions
[2010.10.31 02:37:09 | 000,000,000 | -H-D | M] (MacOSX Theme) -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Mozilla\Firefox\Profiles\dh96igz4.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
[2010.11.01 18:32:15 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Mozilla\Firefox\Profiles\dh96igz4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.19 22:14:51 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Mozilla\Firefox\Profiles\dh96igz4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.26 12:21:04 | 000,000,000 | -H-D | M] (Fast Video Download (with SearchMenu)) -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Mozilla\Firefox\Profiles\dh96igz4.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2011.03.26 12:21:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Mozilla\Firefox\Profiles\dh96igz4.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.03.26 12:21:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Mozilla\Firefox\Profiles\dh96igz4.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2009.10.28 20:02:03 | 000,002,171 | -H-- | M] () -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Mozilla\Firefox\Profiles\dh96igz4.default\searchplugins\bing.xml
[2009.12.05 16:28:31 | 000,005,413 | -H-- | M] () -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Mozilla\Firefox\Profiles\dh96igz4.default\searchplugins\fast-browser-search.xml
[2011.04.17 16:16:59 | 000,000,961 | -H-- | M] () -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Mozilla\Firefox\Profiles\dh96igz4.default\searchplugins\icqplugin-2.xml
[2008.07.05 19:15:26 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Mozilla\Firefox\Profiles\dh96igz4.default\searchplugins\icqplugin-3.xml
[2008.07.19 17:48:29 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Mozilla\Firefox\Profiles\dh96igz4.default\searchplugins\icqplugin-4.xml
[2008.10.01 16:32:29 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Mozilla\Firefox\Profiles\dh96igz4.default\searchplugins\icqplugin-5.xml
[2008.11.21 16:37:41 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Mozilla\Firefox\Profiles\dh96igz4.default\searchplugins\icqplugin-6.xml
[2008.06.21 13:46:43 | 000,000,962 | -H-- | M] () -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Mozilla\Firefox\Profiles\dh96igz4.default\searchplugins\icqplugin.xml
[2008.09.08 20:30:43 | 000,001,504 | -H-- | M] () -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Mozilla\Firefox\Profiles\dh96igz4.default\searchplugins\imdb.xml
[2011.04.17 16:17:00 | 000,002,019 | -H-- | M] () -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Mozilla\Firefox\Profiles\dh96igz4.default\searchplugins\leo-de-en.xml
[2009.07.18 22:01:44 | 000,004,140 | -H-- | M] () -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Mozilla\Firefox\Profiles\dh96igz4.default\searchplugins\youtube.xml
[2011.04.19 12:26:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- 
[2011.04.18 21:32:59 | 000,000,000 | -H-D | M] (XULRunner) -- C:\DOKUMENTE UND EINSTELLUNGEN\SAN\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\{CA4A6ABB-34A1-4CB4-9665-84E8B5130EAF}
[2009.06.22 21:31:05 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.03.18 19:56:37 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.05.13 15:50:45 | 000,002,194 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.01.01 10:00:00 | 000,002,252 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.03.10 23:27:07 | 000,001,540 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 support.steampowered.com
O1 - Hosts: 127.0.0.1 support.steampowered.com
O1 - Hosts: 127.0.0.1 support.steampowered.com
O1 - Hosts: 127.0.0.1 support.steampowered.com
O1 - Hosts: 127.0.0.1 support.steampowered.com
O1 - Hosts: 127.0.0.1 support.steampowered.com
O1 - Hosts: 127.0.0.1 support.steampowered.com
O1 - Hosts: 127.0.0.1 support.steampowered.com
O1 - Hosts: 127.0.0.1 support.steampowered.com
O1 - Hosts: 127.0.0.1 support.steampowered.com
O1 - Hosts: 127.0.0.1 support.steampowered.com
O1 - Hosts: 127.0.0.1 support.steampowered.com
O1 - Hosts: 127.0.0.1 support.steampowered.com
O1 - Hosts: 127.0.0.1 support.steampowered.com
O1 - Hosts: 127.0.0.1 support.steampowered.com
O1 - Hosts: 127.0.0.1 support.steampowered.com
O1 - Hosts: 127.0.0.1 support.steampowered.com
O1 - Hosts: 127.0.0.1 support.steampowered.com
O1 - Hosts: 127.0.0.1 support.steampowered.com
O1 - Hosts: 127.0.0.1 support.steampowered.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} -  File not found
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} -  File not found
O3 - HKU\S-1-5-21-515967899-789336058-1708537768-1003\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} -  File not found
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Csonudo] C:\WINDOWS\ofadagak.dll ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SANSUNMouse ] C:\Programme\Mouse Driver\MouseDriver.exe ()
O4 - HKU\S-1-5-21-515967899-789336058-1708537768-1003..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-515967899-789336058-1708537768-1003..\Run: [PFmPbJoHGuT] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PFmPbJoHGuT.exe (BitSprx)
O4 - HKU\S-1-5-21-515967899-789336058-1708537768-1003..\Run: [Steam] g:\games\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-789336058-1708537768-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-515967899-789336058-1708537768-1003\..Trusted Domains:   ([]msn in Arbeitsplatz)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\San\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\San\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.07.08 19:08:55 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6ccad9c8-cdff-11de-b090-008048167d4c}\Shell - "" = AutoRun
O33 - MountPoints2\{6ccad9c8-cdff-11de-b090-008048167d4c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6ccad9c8-cdff-11de-b090-008048167d4c}\Shell\AutoRun\command - "" = K:\autorunner.exe "CosmosDirekt.html"
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm -  File not found
SafeBootNet: nm.sys -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msvideo7 - C:\WINDOWS\System32\stv680tg.dll (AIPTEK International Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.20 15:17:02 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\San\Recent
[2011.04.20 15:07:38 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\San\Desktop\OTL.exe
[2011.04.20 11:10:26 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Malwarebytes
[2011.04.20 11:07:55 | 000,038,224 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.04.20 11:07:55 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.04.20 11:07:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.04.20 11:07:03 | 007,734,208 | -H-- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\San\Desktop\mbam-setup.exe
[2011.04.19 22:22:48 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
[2011.04.19 22:22:08 | 000,000,000 | -H-D | C] -- C:\Programme\QuickTime
[2011.04.19 22:18:03 | 038,147,376 | -H-- | C] (Apple Inc.) -- C:\Dokumente und Einstellungen\San\Desktop\QuickTimeInstaller.exe
[2011.04.19 20:59:31 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Avira
[2011.04.19 20:57:10 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2011.04.19 20:56:10 | 000,028,520 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.04.19 20:55:54 | 000,137,656 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.04.19 20:55:54 | 000,061,960 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.04.19 20:55:54 | 000,045,416 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011.04.19 20:55:54 | 000,022,360 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011.04.19 20:55:51 | 000,000,000 | -H-D | C] -- C:\Programme\Avira
[2011.04.19 20:55:51 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2011.04.19 20:50:58 | 012,420,392 | -H-- | C] (Mozilla) -- C:\Dokumente und Einstellungen\San\Desktop\Firefox Setup 4.0.exe
[2011.04.19 20:05:19 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\San\Eigene Dateien\My eBooks
[2011.04.19 20:02:39 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\San\Eigene Dateien\Eigene Musik
[2011.04.19 20:02:39 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\San\Eigene Dateien\Eigene Bilder
[2011.04.18 21:32:59 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\San\Lokale Einstellungen\Anwendungsdaten\{CA4A6ABB-34A1-4CB4-9665-84E8B5130EAF}
[2011.04.18 21:31:16 | 000,569,344 | -H-- | C] (BitSprx) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PFmPbJoHGuT.exe
[2011.04.18 21:07:10 | 000,627,312 | -H-- | C] (Babylon Ltd.) -- C:\Dokumente und Einstellungen\San\Desktop\Babylon9_setup.exe
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.20 15:07:39 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\San\Desktop\OTL.exe
[2011.04.20 15:01:58 | 000,001,078 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.20 15:01:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.20 14:38:00 | 000,001,082 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.20 11:07:55 | 000,000,635 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.20 11:07:12 | 007,734,208 | -H-- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\San\Desktop\mbam-setup.exe
[2011.04.20 10:31:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\Lbuvunevi.bin
[2011.04.19 22:22:49 | 000,001,597 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2011.04.19 22:18:53 | 038,147,376 | -H-- | M] (Apple Inc.) -- C:\Dokumente und Einstellungen\San\Desktop\QuickTimeInstaller.exe
[2011.04.19 20:57:10 | 000,001,684 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011.04.19 20:54:00 | 051,435,480 | -H-- | M] () -- C:\Dokumente und Einstellungen\San\Desktop\avira_antivir_635personal_de.exe
[2011.04.19 20:51:35 | 000,000,709 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2011.04.19 20:50:58 | 012,420,392 | -H-- | M] (Mozilla) -- C:\Dokumente und Einstellungen\San\Desktop\Firefox Setup 4.0.exe
[2011.04.19 19:54:48 | 000,000,120 | -H-- | M] () -- C:\WINDOWS\Ntokulufuju.dat
[2011.04.19 12:13:45 | 000,000,392 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\16047924
[2011.04.19 12:13:02 | 000,000,184 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~16047924
[2011.04.19 12:13:01 | 000,000,152 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~16047924r
[2011.04.19 12:11:50 | 000,000,836 | -H-- | M] () -- C:\Dokumente und Einstellungen\San\Desktop\Windows Recovery.lnk
[2011.04.18 21:33:16 | 089,693,868 | -H-- | M] () -- C:\Dokumente und Einstellungen\San\Desktop\dfvlrd2h.rar
[2011.04.18 21:31:14 | 000,569,344 | -H-- | M] (BitSprx) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PFmPbJoHGuT.exe
[2011.04.18 21:12:37 | 000,010,028 | -H-- | M] () -- C:\Dokumente und Einstellungen\San\Desktop\[isoHunt] Die Fantastischen Vier - Lauschgift-Remastered-DE-2009-hbZ seeded by www.p2p-crew.to.torrent
[2011.04.18 21:07:11 | 000,627,312 | -H-- | M] (Babylon Ltd.) -- C:\Dokumente und Einstellungen\San\Desktop\Babylon9_setup.exe
[2011.04.18 12:58:54 | 000,000,622 | -H-- | M] () -- C:\Dokumente und Einstellungen\San\Desktop\World of Warcraft.lnk
[2011.04.17 16:00:43 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.03 14:05:42 | 000,458,476 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.04.03 14:05:42 | 000,440,684 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.03 14:05:42 | 000,084,318 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.04.03 14:05:42 | 000,071,002 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.03.22 16:31:26 | 000,002,243 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.20 11:07:55 | 000,000,635 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.19 22:22:49 | 000,001,597 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2011.04.19 20:57:10 | 000,001,684 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011.04.19 20:52:47 | 051,435,480 | -H-- | C] () -- C:\Dokumente und Einstellungen\San\Desktop\avira_antivir_635personal_de.exe
[2011.04.19 20:51:35 | 000,000,709 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2011.04.19 20:51:34 | 000,000,715 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox
[2011.04.19 12:13:01 | 000,000,152 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~16047924r
[2011.04.19 12:13:00 | 000,000,184 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~16047924
[2011.04.19 12:11:50 | 000,000,836 | -H-- | C] () -- C:\Dokumente und Einstellungen\San\Desktop\Windows Recovery.lnk
[2011.04.19 12:11:22 | 000,000,392 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\16047924
[2011.04.18 21:33:01 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\Ntokulufuju.dat
[2011.04.18 21:33:01 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Lbuvunevi.bin
[2011.04.18 21:30:20 | 089,693,868 | -H-- | C] () -- C:\Dokumente und Einstellungen\San\Desktop\dfvlrd2h.rar
[2011.04.18 21:12:30 | 000,010,028 | -H-- | C] () -- C:\Dokumente und Einstellungen\San\Desktop\[isoHunt] Die Fantastischen Vier - Lauschgift-Remastered-DE-2009-hbZ seeded by www.p2p-crew.to.torrent
[2010.04.06 11:51:47 | 000,015,464 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.01.24 20:52:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\iPlayer.INI
[2009.12.01 20:13:55 | 000,001,507 | -H-- | C] () -- C:\WINDOWS\HPOCSS05.INI
[2009.12.01 20:13:55 | 000,000,490 | -H-- | C] () -- C:\WINDOWS\HPOTBX05.INI
[2009.12.01 20:05:32 | 000,000,065 | -H-- | C] () -- C:\WINDOWS\opleinst.ini
[2009.12.01 20:05:31 | 000,125,440 | -H-- | C] () -- C:\WINDOWS\System32\hpocnt05.dll
[2009.12.01 20:05:31 | 000,000,970 | -H-- | C] () -- C:\WINDOWS\hpoio05.ini
[2009.11.06 10:58:04 | 000,178,975 | -H-- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.10.28 19:31:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.10.16 21:25:19 | 000,000,136 | -H-- | C] () -- C:\Dokumente und Einstellungen\San\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.10.11 19:50:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.10.11 19:47:10 | 000,593,920 | -H-- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009.09.25 21:34:45 | 000,022,328 | -H-- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.09.25 21:34:33 | 000,022,328 | -H-- | C] () -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\PnkBstrK.sys
[2009.09.25 21:33:54 | 000,103,736 | -H-- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009.09.25 21:33:42 | 000,669,184 | -H-- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2009.09.25 21:33:42 | 000,075,064 | -H-- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009.08.14 16:38:45 | 000,004,096 | -H-- | C] () -- C:\WINDOWS\d3dx.dat
[2009.08.13 10:43:43 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\Bibi_Tina.ini
[2009.08.07 15:34:43 | 000,000,552 | -H-- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009.07.21 17:17:04 | 003,107,788 | -H-- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009.07.21 17:17:04 | 000,887,724 | -H-- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009.04.23 23:29:16 | 000,189,051 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009.02.05 22:56:49 | 001,970,176 | -H-- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2008.12.09 20:48:00 | 000,000,083 | -H-- | C] () -- C:\WINDOWS\wwp.INI
[2008.01.22 17:10:30 | 000,034,308 | -H-- | C] () -- C:\WINDOWS\System32\Chip.dll
[2008.01.19 16:46:38 | 000,000,640 | -H-- | C] () -- C:\WINDOWS\EFXP.INI
[2008.01.04 23:58:50 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.01.04 23:56:24 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007.12.21 23:12:29 | 000,000,299 | -H-- | C] () -- C:\WINDOWS\game.ini
[2007.12.05 02:41:00 | 000,212,992 | -H-- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007.06.13 20:12:27 | 000,001,743 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2007.01.16 19:28:00 | 000,165,376 | -H-- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007.01.16 19:27:59 | 000,018,048 | -H-- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2006.11.14 17:30:57 | 000,000,169 | -H-- | C] () -- C:\WINDOWS\RtlRack.ini
[2006.10.04 11:29:55 | 000,000,216 | -H-- | C] () -- C:\WINDOWS\MPPAGER.INI
[2006.09.07 17:10:24 | 000,000,604 | -H-- | C] () -- C:\WINDOWS\Thps3.INI
[2006.06.07 16:52:36 | 000,000,192 | -H-- | C] () -- C:\WINDOWS\winamp.ini
[2006.01.31 23:20:22 | 000,000,513 | -H-- | C] () -- C:\WINDOWS\DFC.INI
[2006.01.31 23:16:38 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006.01.31 23:01:20 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2006.01.31 22:57:19 | 000,156,672 | RH-- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006.01.31 22:56:43 | 000,000,164 | -H-- | C] () -- C:\WINDOWS\avrack.ini
[2006.01.31 22:56:16 | 000,040,960 | RH-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006.01.25 21:21:41 | 000,363,520 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006.01.24 20:17:04 | 000,155,648 | RH-- | C] () -- C:\WINDOWS\System32\TVModeLib.dll
[2006.01.24 20:17:04 | 000,034,915 | -H-- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2006.01.24 20:17:04 | 000,016,819 | -H-- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2006.01.24 20:16:47 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2006.01.24 20:16:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\khooker.INI
[2006.01.24 20:16:23 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\sis740.bin
[2006.01.24 20:16:23 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\sis650.bin
[2006.01.24 20:05:28 | 000,139,264 | RH-- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2006.01.12 19:39:09 | 000,056,832 | -H-- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2006.01.06 17:45:07 | 000,000,481 | -H-- | C] () -- C:\WINDOWS\eReg.dat
[2006.01.02 22:06:56 | 000,240,640 | -H-- | C] () -- C:\WINDOWS\System32\NMOCOD.DLL
[2006.01.02 22:06:56 | 000,035,328 | -H-- | C] () -- C:\WINDOWS\System32\INETWH32.DLL
[2005.11.01 20:54:51 | 000,000,050 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2005.11.01 20:37:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2005.11.01 20:37:03 | 000,099,970 | -H-- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005.11.01 20:36:51 | 000,003,503 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2005.10.22 09:01:10 | 000,000,432 | -H-- | C] () -- C:\WINDOWS\VIEWER.INI
[2005.10.22 09:00:53 | 000,000,255 | -H-- | C] () -- C:\WINDOWS\System32\VIEWER.INI
[2005.10.11 18:56:51 | 000,010,240 | -H-- | C] () -- C:\Dokumente und Einstellungen\San\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.10.11 18:48:00 | 000,105,292 | -H-- | C] () -- C:\WINDOWS\restart.exe
[2005.10.10 10:50:36 | 000,001,004 | -H-- | C] () -- C:\WINDOWS\disney.ini
[2005.07.20 15:07:00 | 001,662,976 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005.07.20 15:07:00 | 001,622,016 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005.07.20 15:07:00 | 001,470,464 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll
[2005.07.20 15:07:00 | 001,339,392 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2005.07.20 15:07:00 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005.07.20 15:07:00 | 000,581,632 | -H-- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005.07.20 15:07:00 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005.07.20 15:07:00 | 000,442,368 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005.07.20 15:07:00 | 000,425,984 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005.07.20 15:07:00 | 000,286,720 | -H-- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005.07.09 09:53:08 | 000,000,769 | -H-- | C] () -- C:\WINDOWS\Edofma.INI
[2005.07.08 20:14:18 | 000,000,092 | -H-- | C] () -- C:\WINDOWS\CMISETUP.INI
[2005.07.08 20:14:18 | 000,000,026 | -H-- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2005.07.08 20:07:39 | 000,381,440 | -H-- | C] () -- C:\WINDOWS\System32\Counter.exe
[2005.07.08 20:07:38 | 000,532,480 | -H-- | C] () -- C:\WINDOWS\System32\DeleteFiles.exe
[2005.07.08 20:07:38 | 000,351,232 | -H-- | C] () -- C:\WINDOWS\System32\CheckPath.exe
[2005.07.08 20:07:37 | 000,382,464 | -H-- | C] () -- C:\WINDOWS\System32\Restart.exe
[2005.07.08 20:07:37 | 000,374,784 | -H-- | C] () -- C:\WINDOWS\System32\RunAP.exe
[2005.07.08 20:02:00 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\waitwnd.exe
[2005.07.08 20:01:59 | 000,155,648 | -H-- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2005.07.08 19:46:52 | 000,001,324 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005.07.08 19:13:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005.07.08 19:03:50 | 000,022,908 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005.07.08 08:54:52 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.07.08 08:53:05 | 000,107,808 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004.08.02 15:20:40 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003.07.10 21:45:46 | 000,651,264 | -H-- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003.07.10 21:45:46 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2003.07.10 21:45:46 | 000,102,400 | -H-- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2003.07.10 21:45:46 | 000,081,920 | -H-- | C] () -- C:\WINDOWS\System32\AegisI2.exe
[2003.07.10 21:45:46 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\AegisI4b.exe
[2001.10.22 20:26:16 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\hpomon05.dll
[2001.10.22 20:26:16 | 000,005,361 | -H-- | C] () -- C:\WINDOWS\System32\hpolnk05.ini
[2001.08.23 14:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 14:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.23 14:00:00 | 000,458,476 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001.08.23 14:00:00 | 000,440,684 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.23 14:00:00 | 000,278,528 | -H-- | C] () -- C:\WINDOWS\ofadagak.dll
[2001.08.23 14:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.23 14:00:00 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001.08.23 14:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.23 14:00:00 | 000,084,318 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001.08.23 14:00:00 | 000,071,002 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.23 14:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.23 14:00:00 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001.08.23 14:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.23 14:00:00 | 000,027,440 | -H-- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001.08.23 14:00:00 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.23 14:00:00 | 000,001,788 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001.08.23 14:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2008.07.19 17:52:32 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Armagetron
[2008.12.27 12:10:35 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2009.06.21 21:19:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DriverScanner
[2009.06.23 18:51:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2009.07.18 21:45:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2010.08.25 20:47:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
[2009.06.21 21:18:19 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
[2010.04.04 20:53:11 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.04.18 17:52:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008.06.28 18:12:19 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\ICQ Toolbar
[2008.07.19 17:56:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Armagetron
[2009.10.16 20:44:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\DAEMON Tools
[2008.06.25 21:02:19 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\ICQ
[2008.07.04 12:04:19 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\ICQ Toolbar
[2006.04.11 11:53:36 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Robots
[2009.06.21 21:18:11 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Uniblue
[2007.06.28 12:01:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\WengoPhone
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.04.18 21:31:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Adobe
[2006.11.14 19:54:06 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\AdobeUM
[2010.04.05 13:22:30 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Apple Computer
[2008.07.19 17:56:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Armagetron
[2011.04.19 20:59:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Avira
[2011.03.09 23:35:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\CyberLink
[2009.10.16 20:44:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\DAEMON Tools
[2007.11.24 17:55:20 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\DivX
[2011.04.03 14:32:55 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\dvdcss
[2008.05.22 18:20:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Help
[2008.06.25 21:02:19 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\ICQ
[2008.07.04 12:04:19 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\ICQ Toolbar
[2008.02.09 15:29:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Identities
[2008.06.21 13:30:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\InstallShield
[2008.03.29 14:02:53 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Macromedia
[2011.04.20 11:10:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Malwarebytes
[2009.12.28 20:53:31 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Microsoft
[2008.08.29 17:10:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Mozilla
[2009.10.29 14:39:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\MSN6
[2010.04.10 12:37:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Real
[2006.04.11 11:53:36 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Robots
[2008.12.25 22:34:10 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\SecuROM
[2011.03.22 16:32:30 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Skype
[2011.03.22 16:31:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\skypePM
[2007.11.15 18:42:17 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Sun
[2007.12.21 22:01:19 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\teamspeak2
[2009.10.15 15:25:01 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\U3
[2009.06.21 21:18:11 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Uniblue
[2008.08.29 17:10:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\vlc
[2007.06.28 12:01:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\WengoPhone
[2010.05.18 21:30:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\WinRAR
[2010.05.20 18:26:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Xfire
 
< %APPDATA%\*.exe /s >
[2009.11.27 23:21:46 | 001,924,440 | -H-- | M] (Adobe Systems Incorporated) -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2009.06.23 01:28:02 | 000,010,134 | RH-- | M] () -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2007.10.23 09:27:20 | 000,110,592 | -H-- | M] () -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\U3\temp\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\San\Anwendungsdaten\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 02:10:00 | 018,782,319 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2007.10.31 00:02:04 | 020,041,765 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 02:10:00 | 018,782,319 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2007.10.31 00:02:04 | 020,041,765 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2007.10.30 18:46:46 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=5A3254D456E574B778148E772E3C39A3 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2007.10.30 18:46:46 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=5A3254D456E574B778148E772E3C39A3 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 02:10:00 | 018,782,319 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2007.10.31 00:02:04 | 020,041,765 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 02:10:00 | 018,782,319 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2007.10.31 00:02:04 | 020,041,765 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2007.10.30 18:41:12 | 000,096,384 | -H-- | M] (Microsoft Corporation) MD5=7BACED62B5EC373A60A05C43C6D50ECC -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2007.10.30 18:41:12 | 000,096,384 | -H-- | M] (Microsoft Corporation) MD5=7BACED62B5EC373A60A05C43C6D50ECC -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll
[2007.10.30 23:50:54 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=8AA6AAC91EA8305655C6F8A34F89CD4D -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2007.10.30 23:50:54 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=8AA6AAC91EA8305655C6F8A34F89CD4D -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 01:57:20 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 01:57:54 | 001,035,264 | -H-- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:10:08 | 001,036,288 | -H-- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\explorer.exe
[2007.06.13 15:21:45 | 001,036,288 | -H-- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007.10.30 23:51:22 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=EA1737C741408EF7731CFDB3CC008E8F -- C:\WINDOWS\explorer.exe
[2007.10.30 23:51:22 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=EA1737C741408EF7731CFDB3CC008E8F -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll
[2007.10.30 23:51:02 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=CA0153B289A975BD929E775937985297 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2007.10.30 23:51:02 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=CA0153B289A975BD929E775937985297 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 01:57:32 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2007.10.30 23:51:06 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=12430BE9812C5767FFC135473A02C103 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2007.10.30 23:51:06 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=12430BE9812C5767FFC135473A02C103 -- C:\WINDOWS\system32\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll
[2004.08.04 01:57:34 | 000,186,880 | -H-- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | -H-- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 01:57:38 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | -H-- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\user32.dll
[2007.10.30 23:51:10 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=FD4C4BA5F711A94A3C78F9B686009B93 -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2007.10.30 23:51:10 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=FD4C4BA5F711A94A3C78F9B686009B93 -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2007.10.30 23:51:38 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=3E4E5F43834CDBA04A8870D8F8AB4C93 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2007.10.30 23:51:38 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=3E4E5F43834CDBA04A8870D8F8AB4C93 -- C:\WINDOWS\system32\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe
[2004.08.04 01:58:18 | 000,025,088 | -H-- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2005.04.26 05:22:40 | 000,060,928 | RH-- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\WINDOWS\system32\drivers\viamraid.sys
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 01:58:20 | 000,507,392 | -H-- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2007.10.30 23:51:40 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=AE88EA45B54F40F99A0A5EF7F3EC240C -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2007.10.30 23:51:40 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=AE88EA45B54F40F99A0A5EF7F3EC240C -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.23 14:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.23 14:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.01.22 16:50:42 | 000,715,248 | -H-- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]
 
< %systemroot%\System32\config\*.sav >
[2006.12.01 19:39:43 | 000,270,336 | -H-- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006.12.01 18:34:22 | 000,262,144 | -H-- | M] () -- C:\WINDOWS\system32\config\security.sav
[2006.12.01 19:39:43 | 010,485,760 | -H-- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.12.01 19:39:45 | 003,932,160 | -H-- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >