Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Desktop schwarz, kein Zugriff auf Dateien von Festplatte (https://www.trojaner-board.de/100999-desktop-schwarz-kein-zugriff-dateien-festplatte.html)

germany25 03.07.2011 17:53
Desktop schwarz, kein Zugriff auf Dateien von Festplatte
 
Hallo alle zusammen,

ich habe das Problem, wovon viele User bereits berichtet haben. Mein Desktop ist komplett schwarz und ich habe keinen Zugriff mehr auf meine Dateien.
Ich habe euren Anweisungen nach einen Vollscan mit Malwarebytes durchführen lassen und hier ist das Ergebnis.

Ich hoffe, ihr könnt mir weiterhelfen.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6967

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.06.2011 19:23:30
mbam-log-2011-06-28 (19-23-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 340446
Laufzeit: 1 Stunde(n), 47 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 10
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 92

Infizierte Speicherprozesse:
c:\Windows\Temp\uvltqo\setup.exe (Backdoor.Bot) -> 1700 -> Unloaded process successfully.
c:\Windows\System32\jpp3.exe (Trojan.WerTrans) -> 2076 -> Unloaded process successfully.

Infizierte Speichermodule:
c:\Users\rai\AppData\Local\enajarowijehulal.dll (Trojan.Agent.U) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AMService (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svcmsdebug (Trojan.WerTrans) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AMService (Backdoor.Bot) -> Value: AMService -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{8495736E-46E8-F9EA-196F-B03BD29B6BFE} (Trojan.Dropper) -> Value: {8495736E-46E8-F9EA-196F-B03BD29B6BFE} -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{AA9F9655-A3D3-D7E0-196F-B03BD29B6BFE} (Trojan.Dropper) -> Value: {AA9F9655-A3D3-D7E0-196F-B03BD29B6BFE} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{989A9B0D-2FD6-841C-8CFC-BD2A86913978} (Trojan.FakeAlert) -> Value: {989A9B0D-2FD6-841C-8CFC-BD2A86913978} -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{B6907E36-CAED-AA16-8CFC-BD2A86913978} (Trojan.FakeAlert) -> Value: {B6907E36-CAED-AA16-8CFC-BD2A86913978} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4Y3Y0C3AUZZJ4EYWHTBFXNZQMXODFAB (Trojan.Downloader) -> Value: 4Y3Y0C3AUZZJ4EYWHTBFXNZQMXODFAB -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{CE7FB805-E072-5E4E-02AC-A2990AFD8BC9} (Spyware.Passwords.XGen) -> Value: {CE7FB805-E072-5E4E-02AC-A2990AFD8BC9} -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Osacuka (Trojan.Agent.U) -> Value: Osacuka -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4W1W8B7AWZVCYE3GBRAIU (Trojan.SpyEyes) -> Value: 4W1W8B7AWZVCYE3GBRAIU -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Userinit (Trojan.Agent) -> Value: Userinit -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Windows\Temp\uvltqo\setup.exe (Backdoor.Bot) -> Delete on reboot.
c:\Users\rai\AppData\Roaming\Ysymyp\caxoe.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Roaming\Ogtuo\ifab.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\svest\3ed979f3e34.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Roaming\Vodu\fiad.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Recycle.Bin\recycle.bin.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\OUBVS3YD\contacts[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\OUBVS3YD\windows-update-sp2-kb72170-setup[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\RK1F25QS\windows-update-sp3-kb73364-setup[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\SMUQY3NC\windows-update-sp2-kb72906-setup[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\setup1008447532.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\setup1020727048.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\setup1152744780.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\setup1237180152.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\setup1904258508.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\setup352887232.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\setup4053500652.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\setup749304192.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\setup2240559188.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\setup2243471788.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\setup2276230980.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\setup2795684296.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\0.15922482866121335.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\0.18517589546822022.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\0.2504769801470035.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\0.3368059966747582.exe (Trojan.Agent.SZ) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\0.3522637127378212.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\0.5645673212442865.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\AB8C.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\adobe_flash_player.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\ECDF.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\ewacnxrosm.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\F1BE.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\jar_cache4290880000267105886.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\jar_cache630415511970096761.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\jar_cache6357648436762506745.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\jar_cache6517129892316717383.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\Temp\tmpD578.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Roaming\Guwy\ilhav.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Roaming\Pylo\nehy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Roaming\Reeqe\vuuwk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Roaming\Xoofka\atipl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.8980067592258049.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache3238386791498126793.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.052860187623421595.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.07455465554303697.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.09704681782227886.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.1628810541685567.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.1777911629517276.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.19207205017406903.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.24389376577942812.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.2752289388908823.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.29387172081543833.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.39395244160227794.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.4109070587500694.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.4434258496333292.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.4658762270368998.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.5759064824169595.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.6515418031024994.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.7242342735754141.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.7460659086710065.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.8469139751466319.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.8549601486715639.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.8904307322035636.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache4237716315418943234.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache4275951188290372044.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache465038264603885305.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache5189369654252030440.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache5498479796581028483.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache5531312842814268344.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache5723188463717295422.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache6126471028174742749.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache663048289573120938.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache6818879000899940757.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache8727919714605495671.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache8949727319327672710.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache913378390925623342.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache9170446646236397553.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\6096.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache1508689122658508332.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache1644977468665193643.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache2196339311734675599.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache2305135084482957881.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache2484313631776547057.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache2569165611358110562.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\jar_cache3159920195863819109.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Roaming\Adobe\plugs\mmc195.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Local\enajarowijehulal.dll (Trojan.Agent.U) -> Delete on reboot.
c:\Users\rai\AppData\Roaming\appconf32.exe (Trojan.Agent) -> Delete on reboot.
c:\Windows\System32\jpp3.exe (Trojan.WerTrans) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

cosinus 03.07.2011 17:56
Zitat:
28.06.2011 19:23:30
Ist ja schon ne Woche her. Bitte Malwarebytes updaten und einen neuen Vollscan machen.
Alle Logs posten, auch ältere falls vorhanden.

germany25 03.07.2011 19:22
So habe erneut einen Vollscan durchgeführt und hier ist das Ergebnis:

Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 7012

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

03.07.2011 20:13:39
mbam-log-2011-07-03 (20-13-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 341763
Laufzeit: 1 Stunde(n), 6 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5

Infizierte Speicherprozesse:
c:\Windows\System32\config\systemprofile\AppData\Local\nvidia corporation\Update\daemonupd.exe (Trojan.Agent) -> 1908 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nvUpdService (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Osacuka (Trojan.Agent.U) -> Value: Osacuka -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{8495736E-46E8-F9EA-196F-B03BD29B6BFE} (Trojan.ZbotR.Gen) -> Value: {8495736E-46E8-F9EA-196F-B03BD29B6BFE} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{CE7FB805-E072-5E4E-02AC-A2990AFD8BC9} (Trojan.ZbotR.Gen) -> Value: {CE7FB805-E072-5E4E-02AC-A2990AFD8BC9} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{989A9B0D-2FD6-841C-8CFC-BD2A86913978} (Trojan.ZbotR.Gen) -> Value: {989A9B0D-2FD6-841C-8CFC-BD2A86913978} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\rai\documents\myfuncards(1).exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\Users\rai\documents\myfuncards.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\nvidia corporation\Update\daemonupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rai\AppData\Roaming\Gaixe\alcu.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.



Danke für das schnelle antworten.

cosinus 03.07.2011 20:28
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

germany25 03.07.2011 22:31
So hier ist das Protokoll:OTL Logfile:
Code:
OTL logfile created on: 7/3/2011 11:06:30 PM - Run 2
OTL by OldTimer - Version 3.2.25.0    Folder = C:\Users\rai\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.96 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 64.15% Memory free
3.92 Gb Paging File | 2.91 Gb Available in Paging File | 74.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.22 Gb Total Space | 30.04 Gb Free Space | 39.41% Space Free | Partition Type: NTFS
Drive D: | 141.56 Gb Total Space | 33.60 Gb Free Space | 23.73% Space Free | Partition Type: NTFS
 
Computer Name: RAI-PC | User Name: rai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/07/03 23:03:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\rai\Desktop\OTL.exe
PRC - [2011/05/25 23:14:14 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/22 19:04:20 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/30 19:49:44 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/03/30 19:48:00 | 001,523,008 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/03/11 01:13:12 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/09/17 18:55:04 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/04/20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/01/14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/04 06:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/26 13:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/20 11:12:58 | 000,013,312 | ---- | M] (DoctorSoft) -- C:\Program Files\AnyPC Client\APLangApp.exe
PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/07 03:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/09/09 10:20:51 | 000,009,728 | ---- | M] () -- C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe
PRC - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/07/03 23:03:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\rai\Desktop\OTL.exe
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/05/25 23:14:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/22 19:04:20 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/30 19:48:00 | 001,523,008 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/03/30 19:45:32 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/22 19:04:20 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/11 01:13:12 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/02/10 11:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/11/06 22:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/10 15:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/01 15:41:06 | 000,384,896 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CryptOSD.sys -- (CryptOSD)
DRV - [2009/03/31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=1e754307000000000000b482fe6bf288&tlver=1.4.19.19&affID=17159
IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ask.com Deutschland - die andere Suchmaschine
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com/?l=dis&o=15421"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {76aeea42-e04a-4b62-83ab-df4b2be2541e}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {f4e6547e-325b-403c-a3bb-ad29ed37a92f}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {39A08BE0-F3F7-4366-B319-8CCAD7DB14CC}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=toolbar2&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/16 07:35:36 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 09:30:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/19 16:00:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/18 22:47:23 | 000,000,000 | ---D | M]
 
[2011/01/11 01:56:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\rai\AppData\Roaming\mozilla\Extensions
[2011/01/11 01:56:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\rai\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/25 22:01:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions
[2011/06/25 22:01:25 | 000,000,000 | ---D | M] (MessengerPlusLive Germany TB Community Toolbar) -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{76aeea42-e04a-4b62-83ab-df4b2be2541e}
[2011/06/25 22:01:28 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/06/16 07:35:43 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/06/25 22:01:31 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011/06/25 22:01:34 | 000,000,000 | ---D | M] (SearchElf 1.2 Community Toolbar) -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}
[2011/06/16 07:35:43 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\engine@conduit.com
[2011/06/16 07:35:43 | 000,000,000 | -H-D | M] (Nero Toolbar) -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\toolbar@ask.com
[2011/06/16 07:35:43 | 000,000,000 | -H-D | M] (vShare Plugin) -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\vshare@toolbar
[2011/05/26 13:16:46 | 000,002,253 | -H-- | M] () -- C:\Users\rai\AppData\Roaming\Mozilla\Firefox\Profiles\8bhp6291.default\searchplugins\askcom.xml
[2010/12/08 16:47:52 | 000,000,927 | -H-- | M] () -- C:\Users\rai\AppData\Roaming\Mozilla\Firefox\Profiles\8bhp6291.default\searchplugins\conduit.xml
[2010/10/30 13:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/10/30 13:47:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/19 14:54:52 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\RAI\APPDATA\LOCAL\{39A08BE0-F3F7-4366-B319-8CCAD7DB14CC}
[2011/06/16 07:35:41 | 000,000,000 | -H-D | M] (Java String Helper) -- C:\USERS\RAI\APPDATA\ROAMING\5017
() (No name found) -- C:\USERS\RAI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BHP6291.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM.XPI
[2011/06/25 09:30:32 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/30 13:47:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/06/23 13:34:24 | 002,156,280 | ---- | M] (Myriad Software.) -- C:\Program Files\mozilla firefox\plugins\NPMyrMus.dll
[2011/05/11 17:03:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/05/23 17:40:29 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/05/11 17:03:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/11 17:03:10 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/05/11 17:03:10 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/05/11 17:03:10 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/05/11 17:03:10 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [fsi] C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [{989A9B0D-2FD6-841C-8CFC-BD2A86913978}]  File not found
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube Download - C:\Users\rai\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .mu3 - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mus - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mxl - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mya - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .myr - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .myt - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .xmz - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: hotmail.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: live.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: msn.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: passport.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8f591401-766c-11e0-a156-0024542a71d7}\Shell - "" = AutoRun
O33 - MountPoints2\{8f591401-766c-11e0-a156-0024542a71d7}\Shell\AutoRun\command - "" = F:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/07/03 23:03:46 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\rai\Desktop\OTL.exe
[2011/07/03 23:02:56 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\rai\Documents\OTL(2).exe
[2011/06/29 11:50:47 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Tyka
[2011/06/29 11:50:46 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Gaixe
[2011/06/28 17:31:34 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Malwarebytes
[2011/06/28 17:31:28 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/06/28 17:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/28 17:31:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/28 17:31:24 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/06/28 17:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/28 17:30:29 | 009,435,312 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\rai\Documents\mbam-setup-1.51.0.1200.exe
[2011/06/24 00:07:45 | 001,064,960 | ---- | C] (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) -- C:\windows\System32\libeay32.dll
[2011/06/24 00:07:45 | 000,200,704 | ---- | C] (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) -- C:\windows\System32\ssleay32.dll
[2011/06/24 00:07:45 | 000,176,128 | ---- | C] (The cURL library, cURL and libcurl) -- C:\windows\System32\libcurl.dll
[2011/06/23 22:31:52 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Guwy
[2011/06/23 22:31:52 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Akpoo
[2011/06/23 09:18:34 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/06/22 09:58:28 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Vodu
[2011/06/22 09:58:28 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Kofui
[2011/06/20 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Xafape
[2011/06/20 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Pylo
[2011/06/20 11:45:32 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2011/06/19 14:54:52 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Local\{39A08BE0-F3F7-4366-B319-8CCAD7DB14CC}
[2011/06/19 12:00:44 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Reeqe
[2011/06/19 12:00:44 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Futo
[2011/06/18 17:58:25 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\rai\Documents\OTL(1).exe
[2011/06/15 22:18:49 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\rai\Documents\OTL.exe
[2011/06/15 11:58:27 | 000,000,000 | -H-D | C] -- C:\Users\rai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2011/06/15 11:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2011/06/15 10:47:23 | 000,000,000 | -H-D | C] -- C:\Users\rai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Restore
[2011/06/14 22:28:23 | 000,000,000 | -H-D | C] -- C:\Users\rai\Desktop\Handy Uploads
[2011/06/14 22:09:22 | 000,000,000 | -H-D | C] -- C:\Users\rai\AppData\Roaming\Ynwi
[2011/06/14 22:09:22 | 000,000,000 | -H-D | C] -- C:\Users\rai\AppData\Roaming\Xoofka
[2011/06/13 22:55:17 | 000,000,000 | -H-D | C] -- C:\Users\rai\Documents\Neuer Ordner (2)
[2011/06/13 10:50:02 | 000,000,000 | -H-D | C] -- C:\Users\rai\AppData\Roaming\Ogtuo
[2011/06/13 10:50:02 | 000,000,000 | -H-D | C] -- C:\Users\rai\AppData\Roaming\Duebog
[2011/06/10 15:09:19 | 000,000,000 | -H-D | C] -- C:\Users\rai\AppData\Roaming\5017
[2011/06/08 22:36:26 | 000,000,000 | -H-D | C] -- C:\Users\rai\AppData\Roaming\5016
[2011/06/07 12:32:34 | 000,000,000 | -H-D | C] -- C:\Users\rai\Documents\Bewerbungen Agentur
[2011/06/06 19:00:36 | 000,000,000 | -H-D | C] -- C:\Users\rai\Documents\Neuer Ordner
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[4 C:\Users\rai\AppData\Local\*.tmp files -> C:\Users\rai\AppData\Local\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\rai\AppData\Roaming\*.tmp files -> C:\Users\rai\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/07/03 23:07:48 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/03 23:07:48 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/03 23:03:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\rai\Desktop\OTL.exe
[2011/07/03 23:03:00 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/03 23:02:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\rai\Documents\OTL(2).exe
[2011/07/03 22:59:45 | 000,001,088 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/03 22:59:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/07/03 22:59:09 | 1579,630,592 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/02 15:29:40 | 002,285,048 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/07/02 15:29:40 | 001,131,250 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/07/02 15:29:40 | 000,650,156 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/07/02 15:29:40 | 000,576,210 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/06/30 18:34:33 | 000,009,487 | ---- | M] () -- C:\Users\rai\Documents\267566_10150250517364940_7805409939_7109628_7949230_s.jpg
[2011/06/29 12:13:40 | 000,350,312 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/06/28 18:10:25 | 000,000,120 | -H-- | M] () -- C:\Users\rai\AppData\Local\Jyiqobituyi.dat
[2011/06/28 17:31:28 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/28 17:31:01 | 009,435,312 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\rai\Documents\mbam-setup-1.51.0.1200.exe
[2011/06/28 09:17:12 | 000,000,000 | -H-- | M] () -- C:\Users\rai\AppData\Local\Qkoyocigezori.bin
[2011/06/25 10:02:25 | 000,000,000 | ---- | M] () -- C:\Users\rai\AppData\Local\{9E02C3BE-344B-4FFB-9E09-602CD6B087CD}
[2011/06/24 17:40:35 | 000,003,589 | ---- | M] () -- C:\windows\System32\jsaddons.ini
[2011/06/23 19:44:59 | 000,030,393 | ---- | M] () -- C:\Users\rai\Documents\254529_1805511572895_1093067663_31510402_5864814_n.jpg
[2011/06/23 09:18:23 | 237,375,097 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/06/21 22:57:31 | 000,096,187 | ---- | M] () -- C:\Users\rai\Documents\249464_207123672656310_100000760352992_471385_2137741_n.jpg
[2011/06/20 17:06:54 | 000,000,000 | ---- | M] () -- C:\Users\rai\AppData\Local\{CCB2B7B9-5421-43EC-8F04-48CCA8BAD627}
[2011/06/20 17:02:29 | 000,000,000 | ---- | M] () -- C:\Users\rai\AppData\Local\{349E8643-AC12-4668-9AE4-385FE5B30EFA}
[2011/06/18 22:50:18 | 000,000,000 | ---- | M] () -- C:\Users\rai\AppData\Local\{27E7AFC2-2056-4E6C-8A3E-5534EEE94F54}
[2011/06/18 17:58:39 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\rai\Documents\OTL(1).exe
[2011/06/17 22:11:01 | 000,020,311 | -H-- | M] () -- C:\Users\rai\Documents\29444392.jpg
[2011/06/15 22:19:55 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\rai\Documents\OTL.exe
[2011/06/15 12:00:33 | 000,001,284 | -H-- | M] () -- C:\Users\rai\Desktop\PC Inspector File Recovery.lnk
[2011/06/15 11:58:08 | 003,462,033 | -H-- | M] () -- C:\Users\rai\Documents\pci_filerecovery.exe
[2011/06/15 11:47:51 | 000,000,392 | -H-- | M] () -- C:\ProgramData\27057912
[2011/06/15 11:45:25 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~27057912r
[2011/06/15 11:45:25 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~27057912
[2011/06/15 10:47:23 | 000,000,633 | -H-- | M] () -- C:\Users\rai\Desktop\Windows 7 Restore.lnk
[2011/06/14 22:33:25 | 000,178,750 | -H-- | M] () -- C:\Users\rai\Documents\Foto371.jpg
[2011/06/14 13:47:40 | 000,068,276 | -H-- | M] () -- C:\Users\rai\Documents\ostsee.jpg
[2011/06/14 11:56:29 | 000,046,662 | -H-- | M] () -- C:\Users\rai\Documents\deepika061111.pdf
[2011/06/13 18:49:15 | 000,086,014 | -H-- | M] () -- C:\Users\rai\Documents\247028_1805452651422_1093067663_31510173_660445_n.jpg
[2011/06/13 12:51:38 | 000,114,329 | -H-- | M] () -- C:\Users\rai\Documents\Guten Morgen Berlin.jpg
[2011/06/13 12:50:09 | 000,063,243 | -H-- | M] () -- C:\Users\rai\Documents\247241_1805529653347_1093067663_31510421_6177808_n.jpg
[2011/06/13 12:44:57 | 000,057,985 | -H-- | M] () -- C:\Users\rai\Documents\255691_1805487932304_1093067663_31510317_2832650_n.jpg
[2011/06/10 19:48:06 | 000,108,860 | -H-- | M] () -- C:\Users\rai\Documents\das richtige Bild.jpg
[2011/06/10 12:15:03 | 003,090,518 | -H-- | M] () -- C:\Users\rai\Documents\Alexandra_Stan_-_Mr._Saxo_Beat_lyrics.mp3
[2011/06/10 01:31:37 | 000,114,443 | -H-- | M] () -- C:\Users\rai\Documents\Eine Zugfahrt die ist... nun ja anders !.jpg
[2011/06/10 01:27:11 | 000,077,035 | -H-- | M] () -- C:\Users\rai\Documents\249272_10150608301755858_758305857_18923591_5096154_n.jpg
[2011/06/10 01:10:01 | 000,090,121 | -H-- | M] () -- C:\Users\rai\Documents\251702_172001396193189_100001499904249_452483_4061762_n - Kopie (2).jpg
[2011/06/10 00:08:35 | 000,116,373 | -H-- | M] () -- C:\Users\rai\Documents\246663_171998719526790_100001499904249_452418_6352249_n.jpg
[2011/06/10 00:08:07 | 000,150,556 | -H-- | M] () -- C:\Users\rai\Documents\253500_171998642860131_100001499904249_452413_2636837_n.jpg
[2011/06/10 00:07:05 | 000,092,886 | -H-- | M] () -- C:\Users\rai\Documents\248993_171998486193480_100001499904249_452410_4837368_n.jpg
[2011/06/10 00:06:21 | 000,096,233 | -H-- | M] () -- C:\Users\rai\Documents\253822_171998412860154_100001499904249_452408_7346243_n.jpg
[2011/06/09 23:58:40 | 000,101,341 | -H-- | M] () -- C:\Users\rai\Documents\248915_171996939526968_100001499904249_452364_1974396_n.jpg
[2011/06/09 23:58:33 | 000,095,441 | -H-- | M] () -- C:\Users\rai\Documents\253862_171996886193640_100001499904249_452363_7360527_n.jpg
[2011/06/09 23:58:26 | 000,149,923 | -H-- | M] () -- C:\Users\rai\Documents\254551_171996819526980_100001499904249_452362_3463874_n.jpg
[2011/06/09 23:58:19 | 000,135,691 | -H-- | M] () -- C:\Users\rai\Documents\248413_171996786193650_100001499904249_452361_6024836_n.jpg
[2011/06/09 23:58:11 | 000,143,779 | -H-- | M] () -- C:\Users\rai\Documents\251255_171996749526987_100001499904249_452360_3782341_n.jpg
[2011/06/09 23:58:03 | 000,143,814 | -H-- | M] () -- C:\Users\rai\Documents\251675_171996726193656_100001499904249_452359_4176518_n.jpg
[2011/06/09 23:57:52 | 000,081,088 | -H-- | M] () -- C:\Users\rai\Documents\254150_171996676193661_100001499904249_452358_4447810_n.jpg
[2011/06/09 23:57:34 | 000,079,762 | -H-- | M] () -- C:\Users\rai\Documents\247353_171996616193667_100001499904249_452357_4628715_n.jpg
[2011/06/09 23:57:26 | 000,083,753 | -H-- | M] () -- C:\Users\rai\Documents\249543_171996589527003_100001499904249_452356_6543620_n.jpg
[2011/06/09 23:57:17 | 000,076,384 | -H-- | M] () -- C:\Users\rai\Documents\246922_171996566193672_100001499904249_452355_8238187_n.jpg
[2011/06/09 23:57:16 | 000,098,462 | -H-- | M] () -- C:\Users\rai\Documents\246643_171996532860342_100001499904249_452353_3318879_n.jpg
[2011/06/09 23:56:56 | 000,097,657 | -H-- | M] () -- C:\Users\rai\Documents\247073_171996479527014_100001499904249_452352_7212322_n.jpg
[2011/06/09 23:56:45 | 000,097,691 | -H-- | M] () -- C:\Users\rai\Documents\247036_171996362860359_100001499904249_452346_5911126_n.jpg
[2011/06/09 22:02:34 | 000,000,000 | -H-- | M] () -- C:\Users\rai\AppData\Local\{200A499A-232A-4DF1-8944-5C2B6A118F1A}
[2011/06/06 23:30:00 | 000,021,925 | -H-- | M] () -- C:\Users\rai\Documents\61489_1427274997217_1093067663_30952567_416746_n.jpg
[2011/06/06 21:21:01 | 000,118,185 | -H-- | M] () -- C:\Users\rai\Documents\Szene-Kurs.pdf
[2011/06/05 23:53:15 | 000,017,817 | -H-- | M] () -- C:\Users\rai\Documents\Deepika - Kopie - Kopie (2) - Kopie - Kopie - Kopie.jpg
[2011/06/05 20:55:58 | 003,615,892 | -H-- | M] () -- C:\Users\rai\Documents\OST_Hanna_-_Container_Park_Chemical_Bros__.mp3
[2011/06/05 15:32:28 | 000,022,663 | -H-- | M] () -- C:\Users\rai\Documents\68205_1526538678747_1093067663_31117010_8271306_n.jpg
[2011/06/05 15:29:43 | 000,010,965 | -H-- | M] () -- C:\Users\rai\Documents\165762_1526534278637_1093067663_31116999_6904840_n.jpg
[2011/06/05 15:29:02 | 000,055,928 | -H-- | M] () -- C:\Users\rai\Documents\7034_133327803817_554748817_2397083_2833397_n.jpg
[2011/06/05 15:25:32 | 000,075,685 | -H-- | M] () -- C:\Users\rai\Documents\68205_1526538678747_1093067663_31117010_8271306_n - Kopie.jpg
[2011/06/05 15:23:54 | 000,014,164 | -H-- | M] () -- C:\Users\rai\Documents\181995_33411753817_554748817_929269_7884239_n.jpg
[2011/06/05 14:21:04 | 000,039,869 | -H-- | M] () -- C:\Users\rai\Documents\168454_1549005760410_1093067663_31168755_5488634_n.jpg
[2011/06/05 14:19:31 | 000,064,885 | -H-- | M] () -- C:\Users\rai\Documents\164352_1549000080268_1093067663_31168721_2091760_n.jpg
[2011/06/05 14:18:23 | 000,040,514 | -H-- | M] () -- C:\Users\rai\Documents\65486_1526526238436_1093067663_31116966_5286005_n.jpg
[2011/06/05 14:13:21 | 000,086,479 | -H-- | M] () -- C:\Users\rai\Documents\26297_1237541133989_1093067663_30543810_7979447_n.jpg
[2011/06/05 11:08:44 | 000,000,000 | -H-- | M] () -- C:\Users\rai\AppData\Local\{8E9E6EE2-D327-42BA-86FA-6F07DCEAAA08}
[4 C:\Users\rai\AppData\Local\*.tmp files -> C:\Users\rai\AppData\Local\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\rai\AppData\Roaming\*.tmp files -> C:\Users\rai\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/06/30 18:34:28 | 000,009,487 | ---- | C] () -- C:\Users\rai\Documents\267566_10150250517364940_7805409939_7109628_7949230_s.jpg
[2011/06/28 17:31:28 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/25 10:02:07 | 000,000,000 | ---- | C] () -- C:\Users\rai\AppData\Local\{9E02C3BE-344B-4FFB-9E09-602CD6B087CD}
[2011/06/24 14:27:15 | 000,003,589 | ---- | C] () -- C:\windows\System32\jsaddons.ini
[2011/06/24 00:07:45 | 000,073,728 | ---- | C] () -- C:\windows\System32\zlib1.dll
[2011/06/23 19:44:55 | 000,030,393 | ---- | C] () -- C:\Users\rai\Documents\254529_1805511572895_1093067663_31510402_5864814_n.jpg
[2011/06/23 09:18:23 | 237,375,097 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/06/21 22:56:13 | 000,096,187 | ---- | C] () -- C:\Users\rai\Documents\249464_207123672656310_100000760352992_471385_2137741_n.jpg
[2011/06/20 17:06:54 | 000,000,000 | ---- | C] () -- C:\Users\rai\AppData\Local\{CCB2B7B9-5421-43EC-8F04-48CCA8BAD627}
[2011/06/20 17:02:29 | 000,000,000 | ---- | C] () -- C:\Users\rai\AppData\Local\{349E8643-AC12-4668-9AE4-385FE5B30EFA}
[2011/06/18 22:50:18 | 000,000,000 | ---- | C] () -- C:\Users\rai\AppData\Local\{27E7AFC2-2056-4E6C-8A3E-5534EEE94F54}
[2011/06/17 22:10:58 | 000,020,311 | -H-- | C] () -- C:\Users\rai\Documents\29444392.jpg
[2011/06/15 11:58:28 | 000,001,284 | -H-- | C] () -- C:\Users\rai\Desktop\PC Inspector File Recovery.lnk
[2011/06/15 11:58:04 | 003,462,033 | -H-- | C] () -- C:\Users\rai\Documents\pci_filerecovery.exe
[2011/06/15 10:47:24 | 000,000,152 | -H-- | C] () -- C:\ProgramData\~27057912r
[2011/06/15 10:47:24 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~27057912
[2011/06/15 10:47:23 | 000,000,633 | -H-- | C] () -- C:\Users\rai\Desktop\Windows 7 Restore.lnk
[2011/06/15 10:47:20 | 000,000,392 | -H-- | C] () -- C:\ProgramData\27057912
[2011/06/14 22:36:19 | 000,178,750 | -H-- | C] () -- C:\Users\rai\Documents\Foto371.jpg
[2011/06/14 13:46:20 | 000,068,276 | -H-- | C] () -- C:\Users\rai\Documents\ostsee.jpg
[2011/06/14 11:56:29 | 000,046,662 | -H-- | C] () -- C:\Users\rai\Documents\deepika061111.pdf
[2011/06/13 18:47:28 | 000,086,014 | -H-- | C] () -- C:\Users\rai\Documents\247028_1805452651422_1093067663_31510173_660445_n.jpg
[2011/06/13 12:48:58 | 000,063,243 | -H-- | C] () -- C:\Users\rai\Documents\247241_1805529653347_1093067663_31510421_6177808_n.jpg
[2011/06/13 12:44:56 | 000,057,985 | -H-- | C] () -- C:\Users\rai\Documents\255691_1805487932304_1093067663_31510317_2832650_n.jpg
[2011/06/13 12:42:10 | 000,114,329 | -H-- | C] () -- C:\Users\rai\Documents\Guten Morgen Berlin.jpg
[2011/06/10 12:14:43 | 003,090,518 | -H-- | C] () -- C:\Users\rai\Documents\Alexandra_Stan_-_Mr._Saxo_Beat_lyrics.mp3
[2011/06/10 01:42:29 | 000,108,860 | -H-- | C] () -- C:\Users\rai\Documents\das richtige Bild.jpg
[2011/06/10 01:31:36 | 000,114,443 | -H-- | C] () -- C:\Users\rai\Documents\Eine Zugfahrt die ist... nun ja anders !.jpg
[2011/06/10 01:26:54 | 000,077,035 | -H-- | C] () -- C:\Users\rai\Documents\249272_10150608301755858_758305857_18923591_5096154_n.jpg
[2011/06/10 01:22:24 | 000,090,121 | -H-- | C] () -- C:\Users\rai\Documents\251702_172001396193189_100001499904249_452483_4061762_n - Kopie (2).jpg
[2011/06/10 00:08:14 | 000,116,373 | -H-- | C] () -- C:\Users\rai\Documents\246663_171998719526790_100001499904249_452418_6352249_n.jpg
[2011/06/10 00:07:18 | 000,150,556 | -H-- | C] () -- C:\Users\rai\Documents\253500_171998642860131_100001499904249_452413_2636837_n.jpg
[2011/06/10 00:07:02 | 000,092,886 | -H-- | C] () -- C:\Users\rai\Documents\248993_171998486193480_100001499904249_452410_4837368_n.jpg
[2011/06/10 00:06:13 | 000,096,233 | -H-- | C] () -- C:\Users\rai\Documents\253822_171998412860154_100001499904249_452408_7346243_n.jpg
[2011/06/09 23:58:38 | 000,101,341 | -H-- | C] () -- C:\Users\rai\Documents\248915_171996939526968_100001499904249_452364_1974396_n.jpg
[2011/06/09 23:58:32 | 000,095,441 | -H-- | C] () -- C:\Users\rai\Documents\253862_171996886193640_100001499904249_452363_7360527_n.jpg
[2011/06/09 23:58:25 | 000,149,923 | -H-- | C] () -- C:\Users\rai\Documents\254551_171996819526980_100001499904249_452362_3463874_n.jpg
[2011/06/09 23:58:18 | 000,135,691 | -H-- | C] () -- C:\Users\rai\Documents\248413_171996786193650_100001499904249_452361_6024836_n.jpg
[2011/06/09 23:58:10 | 000,143,779 | -H-- | C] () -- C:\Users\rai\Documents\251255_171996749526987_100001499904249_452360_3782341_n.jpg
[2011/06/09 23:58:02 | 000,143,814 | -H-- | C] () -- C:\Users\rai\Documents\251675_171996726193656_100001499904249_452359_4176518_n.jpg
[2011/06/09 23:57:51 | 000,081,088 | -H-- | C] () -- C:\Users\rai\Documents\254150_171996676193661_100001499904249_452358_4447810_n.jpg
[2011/06/09 23:57:32 | 000,079,762 | -H-- | C] () -- C:\Users\rai\Documents\247353_171996616193667_100001499904249_452357_4628715_n.jpg
[2011/06/09 23:57:24 | 000,083,753 | -H-- | C] () -- C:\Users\rai\Documents\249543_171996589527003_100001499904249_452356_6543620_n.jpg
[2011/06/09 23:57:15 | 000,076,384 | -H-- | C] () -- C:\Users\rai\Documents\246922_171996566193672_100001499904249_452355_8238187_n.jpg
[2011/06/09 23:57:06 | 000,098,462 | -H-- | C] () -- C:\Users\rai\Documents\246643_171996532860342_100001499904249_452353_3318879_n.jpg
[2011/06/09 23:56:51 | 000,097,657 | -H-- | C] () -- C:\Users\rai\Documents\247073_171996479527014_100001499904249_452352_7212322_n.jpg
[2011/06/09 23:56:36 | 000,097,691 | -H-- | C] () -- C:\Users\rai\Documents\247036_171996362860359_100001499904249_452346_5911126_n.jpg
[2011/06/09 22:02:19 | 000,000,000 | -H-- | C] () -- C:\Users\rai\AppData\Local\{200A499A-232A-4DF1-8944-5C2B6A118F1A}
[2011/06/06 23:32:13 | 000,017,817 | -H-- | C] () -- C:\Users\rai\Documents\Deepika - Kopie - Kopie (2) - Kopie - Kopie - Kopie.jpg
[2011/06/06 21:21:01 | 000,118,185 | -H-- | C] () -- C:\Users\rai\Documents\Szene-Kurs.pdf
[2011/06/06 20:05:55 | 005,992,658 | -H-- | C] () -- C:\Users\rai\Documents\SAM_1353.JPG
[2011/06/05 20:55:08 | 003,615,892 | -H-- | C] () -- C:\Users\rai\Documents\OST_Hanna_-_Container_Park_Chemical_Bros__.mp3
[2011/06/05 15:29:02 | 000,055,928 | -H-- | C] () -- C:\Users\rai\Documents\7034_133327803817_554748817_2397083_2833397_n.jpg
[2011/06/05 15:28:40 | 000,010,965 | -H-- | C] () -- C:\Users\rai\Documents\165762_1526534278637_1093067663_31116999_6904840_n.jpg
[2011/06/05 15:26:10 | 000,075,685 | -H-- | C] () -- C:\Users\rai\Documents\68205_1526538678747_1093067663_31117010_8271306_n - Kopie.jpg
[2011/06/05 15:25:30 | 000,022,663 | -H-- | C] () -- C:\Users\rai\Documents\68205_1526538678747_1093067663_31117010_8271306_n.jpg
[2011/06/05 15:21:34 | 000,014,164 | -H-- | C] () -- C:\Users\rai\Documents\181995_33411753817_554748817_929269_7884239_n.jpg
[2011/06/05 14:21:03 | 000,039,869 | -H-- | C] () -- C:\Users\rai\Documents\168454_1549005760410_1093067663_31168755_5488634_n.jpg
[2011/06/05 14:19:28 | 000,064,885 | -H-- | C] () -- C:\Users\rai\Documents\164352_1549000080268_1093067663_31168721_2091760_n.jpg
[2011/06/05 14:15:29 | 000,040,514 | -H-- | C] () -- C:\Users\rai\Documents\65486_1526526238436_1093067663_31116966_5286005_n.jpg
[2011/06/05 14:12:30 | 000,086,479 | -H-- | C] () -- C:\Users\rai\Documents\26297_1237541133989_1093067663_30543810_7979447_n.jpg
[2011/06/05 11:06:44 | 000,000,000 | -H-- | C] () -- C:\Users\rai\AppData\Local\{8E9E6EE2-D327-42BA-86FA-6F07DCEAAA08}
[2011/05/31 15:23:11 | 000,000,000 | -H-- | C] () -- C:\Users\rai\AppData\Local\{4914D555-91E9-4333-81B6-E4C858D598C4}
[2011/05/29 12:44:29 | 000,000,011 | -H-- | C] () -- C:\Users\rai\AppData\Roaming\urhtps.dat
[2011/05/26 13:15:27 | 000,000,000 | -H-- | C] () -- C:\Users\rai\AppData\Roaming\.NANotifyHere
[2011/05/19 16:00:17 | 000,000,724 | ---- | C] () -- C:\windows\wacam.ini
[2011/05/19 16:00:16 | 000,169,720 | ---- | C] () -- C:\windows\System32\MMPlugHostCtrl.dll
[2011/05/05 15:29:12 | 000,000,000 | -H-- | C] () -- C:\Users\rai\AppData\Local\{63A774A9-58AA-419B-BF0C-971ABC1EA064}
[2011/05/01 16:33:24 | 000,000,000 | -H-- | C] () -- C:\Users\rai\AppData\Local\{A8380BC7-4C4D-4AEB-9A1C-C49BE66755BC}
[2011/03/30 21:42:07 | 000,000,120 | -H-- | C] () -- C:\Users\rai\AppData\Local\Jyiqobituyi.dat
[2011/03/30 21:42:07 | 000,000,000 | -H-- | C] () -- C:\Users\rai\AppData\Local\Qkoyocigezori.bin
[2010/12/14 00:06:48 | 000,000,235 | -H-- | C] () -- C:\Users\rai\AppData\Roaming\devices.xml
[2010/12/14 00:06:48 | 000,000,012 | -H-- | C] () -- C:\Users\rai\AppData\Roaming\settings.xml
[2010/12/13 23:51:38 | 000,020,458 | ---- | C] () -- C:\windows\hpoins01.dat.temp
[2010/12/13 23:51:38 | 000,016,622 | ---- | C] () -- C:\windows\hpomdl01.dat.temp
[2010/10/13 10:09:40 | 000,000,812 | ---- | C] () -- C:\windows\System32\drivers\scdskr01.dat
[2010/10/13 10:09:40 | 000,000,541 | ---- | C] () -- C:\windows\System32\drivers\scdhkr01.dat
[2010/10/13 10:09:40 | 000,000,500 | ---- | C] () -- C:\windows\System32\drivers\RSTable.dat
[2010/10/13 10:09:40 | 000,000,036 | ---- | C] () -- C:\windows\System32\drivers\scdstr01.dat
[2010/09/17 18:37:50 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll
[2010/09/17 18:37:50 | 000,036,608 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys
[2010/09/17 18:37:42 | 000,002,528 | -H-- | C] () -- C:\Users\rai\AppData\Roaming\$_hpcst$.hpc
[2010/09/15 14:19:07 | 000,016,622 | ---- | C] () -- C:\windows\hpomdl01.dat
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
[2010/08/18 17:53:31 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/08/18 17:38:22 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/12/05 22:22:03 | 002,285,048 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/12/05 22:22:03 | 000,650,156 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/12/05 22:22:03 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/12/05 22:22:03 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/12/05 22:01:49 | 000,004,608 | ---- | C] () -- C:\windows\System32\HdmiCoin.dll
[2009/12/05 22:01:47 | 000,134,592 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/12/05 05:17:31 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,350,312 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 001,131,250 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,576,210 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/05/01 16:24:14 | 000,000,184 | ---- | C] () -- C:\windows\System32\drivers\osdauth.dat
[2009/05/01 15:41:06 | 000,000,020 | ---- | C] () -- C:\windows\System32\drivers\OSDSig.dat
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\windows\System32\drivers\StarOpen.sys
[2003/04/06 06:33:26 | 000,020,458 | ---- | C] () -- C:\windows\hpoins01.dat
 
========== LOP Check ==========
 
[2011/05/31 08:34:07 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\5015
[2011/06/16 07:35:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\5016
[2011/06/16 07:35:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\5017
[2011/06/23 22:31:52 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Akpoo
[2011/06/16 07:35:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Audacity
[2011/06/27 22:59:13 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Duebog
[2011/01/31 17:02:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/19 12:00:44 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Futo
[2011/07/03 20:13:39 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Gaixe
[2011/06/28 19:23:29 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Guwy
[2011/05/28 20:07:22 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\kock
[2011/06/28 18:39:17 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Kofui
[2011/06/28 19:23:29 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Ogtuo
[2010/09/17 18:59:43 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\PC Suite
[2011/06/28 19:23:29 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Pylo
[2011/06/28 19:23:29 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Reeqe
[2011/06/16 07:33:59 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Samsung
[2011/06/16 07:35:44 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Thunderbird
[2011/05/26 14:34:14 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\TuneUp Software
[2011/07/03 18:48:27 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Tyka
[2011/06/28 19:23:29 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Vodu
[2011/06/22 14:36:00 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Wuyco
[2011/06/20 19:00:55 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Xafape
[2011/05/28 20:07:23 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\xmldm
[2011/06/28 19:23:30 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Xoofka
[2011/06/14 22:09:22 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Ynwi
[2011/06/28 19:23:29 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Ysymyp
[2011/06/23 14:15:11 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/05/31 08:34:07 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\5015
[2011/06/16 07:35:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\5016
[2011/06/16 07:35:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\5017
[2011/06/16 07:35:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Adobe
[2011/06/23 22:31:52 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Akpoo
[2010/12/26 13:23:33 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Apple Computer
[2011/06/16 07:35:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Audacity
[2010/09/17 20:00:38 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Avira
[2011/05/19 00:34:42 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\CyberLink
[2011/05/06 01:19:26 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\DivX
[2011/06/27 22:59:13 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Duebog
[2011/01/31 17:02:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/19 12:00:44 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Futo
[2011/07/03 20:13:39 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Gaixe
[2010/09/12 14:07:05 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Google
[2011/06/28 19:23:29 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Guwy
[2010/12/14 00:23:17 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Hewlett-Packard
[2010/12/23 15:41:14 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\HpUpdate
[2010/08/18 17:55:13 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Identities
[2011/05/28 20:07:22 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\kock
[2011/06/28 18:39:17 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Kofui
[2010/09/12 14:08:04 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Macromedia
[2011/06/28 17:31:34 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Malwarebytes
[2009/12/05 22:11:14 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Media Center Programs
[2011/06/16 07:35:41 | 000,000,000 | --SD | M] -- C:\Users\rai\AppData\Roaming\Microsoft
[2011/06/16 07:33:56 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Mozilla
[2011/05/26 13:16:17 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Nero
[2011/06/28 19:23:29 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Ogtuo
[2010/09/17 18:59:43 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\PC Suite
[2011/06/28 19:23:29 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Pylo
[2011/06/16 07:35:44 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Real
[2011/06/28 19:23:29 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Reeqe
[2011/06/16 07:33:59 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Samsung
[2011/06/16 07:35:44 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Thunderbird
[2011/05/26 14:34:14 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\TuneUp Software
[2011/07/03 18:48:27 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Tyka
[2011/06/28 19:23:29 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Vodu
[2011/06/22 14:36:00 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Wuyco
[2011/06/20 19:00:55 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Xafape
[2011/05/28 20:07:23 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\xmldm
[2011/06/28 19:23:30 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Xoofka
[2011/06/14 22:09:22 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Ynwi
[2011/06/28 19:23:29 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Ysymyp
 
< %APPDATA%\*.exe /s >
[2010/09/17 18:54:12 | 089,280,248 | -H-- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\rai\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
[2010/11/19 15:03:57 | 142,480,808 | -H-- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\rai\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_Full_Update_NPS2_10064_2.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007/05/17 14:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2009/10/13 04:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/10/13 04:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\drivers\iaStor.sys
[2009/10/13 04:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_3f3653f13a033ed4\iaStor.sys
[2009/10/13 04:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:E1F04E8D

< End of report >
--- --- ---

cosinus 04.07.2011 09:00
Zitat:
(Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
Überleg dir gut, ob du in Zukunft weiterhin bei AntiVir bleiben willst. Die haben eine sehr fragwürdige Entscheidung getroffen, was nicht gerade seriös wirkt => http://www.trojaner-board.de/100374-...e-und-ask.html


Zitat:
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
Hm, was willst du mit diesen komischen Toolbars auf dem Rechner? Am besten alles entfernen wo Toolbar steht, was in der Systemsteuerung unter Software bzw. Programme und Funktionen zu sehen ist und bei zukünftigen Programminstallation immer die benutzerdefinierte Methode anklicken, damit man bei der Installation mögliche Toolbars abwählen kann.
Deinstalliere bei der Gelegenheit auch alle anderen unnötigen Programme über die Systemsteuerung.

germany25 04.07.2011 11:32
Ich habe nun die Toolbars alle deinstalliert. Absichtlich habe ich die nicht installiert. Nächstes Mal werde ich die benutzerdefinierte Installationsmethode wählen.
Ich habe auch die unnötigen Programme deinstalliert.

Ich wusste nichts von der Zusammenarbeit von AntiVir und Ask. Eigentlich dachte ich, dass dieses Antivirenprogramm recht zuverlässig ist.
Welches Antivirusprogramm würdet ihr mir empfehlen?

cosinus 04.07.2011 12:35
Zitat:
Welches Antivirusprogramm würdet ihr mir empfehlen?
Wird im verlinkten Diskussionstrang auch behandelt, da ist die Rede von MSE oder Avast.
Mach bitte ein neues CustomLog mit OTL.

germany25 04.07.2011 12:42
Soll ich das CustomLog mit genau demselben Textinhalt machen wie du bereits beschrieben hast?

cosinus 04.07.2011 12:46
Ja einfach ein neues genau wie vorher machen.

germany25 04.07.2011 13:07
Das ist das Ergebnis:OTL Logfile:
Code:
OTL logfile created on: 7/4/2011 1:50:54 PM - Run 3
OTL by OldTimer - Version 3.2.25.0    Folder = C:\Users\rai\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.96 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 71.43% Memory free
3.92 Gb Paging File | 3.00 Gb Available in Paging File | 76.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.22 Gb Total Space | 30.91 Gb Free Space | 40.55% Space Free | Partition Type: NTFS
Drive D: | 141.56 Gb Total Space | 33.60 Gb Free Space | 23.73% Space Free | Partition Type: NTFS
 
Computer Name: RAI-PC | User Name: rai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/07/03 23:03:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\rai\Desktop\OTL.exe
PRC - [2011/05/25 23:14:14 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/22 19:04:20 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/30 19:49:44 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/03/30 19:48:00 | 001,523,008 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/03/11 01:13:12 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/09/17 18:55:04 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/04/20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/01/14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/04 06:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/26 13:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/20 11:12:58 | 000,013,312 | ---- | M] (DoctorSoft) -- C:\Program Files\AnyPC Client\APLangApp.exe
PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/07 03:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/09/09 10:20:51 | 000,009,728 | ---- | M] () -- C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/07/03 23:03:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\rai\Desktop\OTL.exe
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/05/25 23:14:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/22 19:04:20 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/30 19:48:00 | 001,523,008 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/03/30 19:45:32 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/22 19:04:20 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/11 01:13:12 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/02/10 11:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/11/06 22:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/10 15:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/01 15:41:06 | 000,384,896 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CryptOSD.sys -- (CryptOSD)
DRV - [2009/03/31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=1e754307000000000000b482fe6bf288&tlver=1.4.19.19&affID=17159
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ask.com Deutschland - die andere Suchmaschine
IE - HKCU\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {76aeea42-e04a-4b62-83ab-df4b2be2541e}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {f4e6547e-325b-403c-a3bb-ad29ed37a92f}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {39A08BE0-F3F7-4366-B319-8CCAD7DB14CC}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=toolbar2&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/16 07:35:36 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 09:30:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/19 16:00:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/18 22:47:23 | 000,000,000 | ---D | M]
 
[2011/01/11 01:56:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\rai\AppData\Roaming\mozilla\Extensions
[2011/01/11 01:56:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\rai\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/04 11:53:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions
[2011/06/25 22:01:25 | 000,000,000 | ---D | M] (MessengerPlusLive Germany TB Community Toolbar) -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{76aeea42-e04a-4b62-83ab-df4b2be2541e}
[2011/06/25 22:01:28 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/06/16 07:35:43 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/06/25 22:01:31 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011/06/25 22:01:34 | 000,000,000 | ---D | M] (SearchElf 1.2 Community Toolbar) -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}
[2011/06/16 07:35:43 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\engine@conduit.com
[2011/06/16 07:35:43 | 000,000,000 | -H-D | M] (vShare Plugin) -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\vshare@toolbar
[2011/05/26 13:16:46 | 000,002,253 | -H-- | M] () -- C:\Users\rai\AppData\Roaming\Mozilla\Firefox\Profiles\8bhp6291.default\searchplugins\askcom.xml
[2010/12/08 16:47:52 | 000,000,927 | -H-- | M] () -- C:\Users\rai\AppData\Roaming\Mozilla\Firefox\Profiles\8bhp6291.default\searchplugins\conduit.xml
[2010/10/30 13:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/10/30 13:47:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/19 14:54:52 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\RAI\APPDATA\LOCAL\{39A08BE0-F3F7-4366-B319-8CCAD7DB14CC}
[2011/06/16 07:35:41 | 000,000,000 | -H-D | M] (Java String Helper) -- C:\USERS\RAI\APPDATA\ROAMING\5017
() (No name found) -- C:\USERS\RAI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BHP6291.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM.XPI
[2011/06/25 09:30:32 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/30 13:47:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/06/23 13:34:24 | 002,156,280 | ---- | M] (Myriad Software.) -- C:\Program Files\mozilla firefox\plugins\NPMyrMus.dll
[2011/05/11 17:03:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/05/23 17:40:29 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/05/11 17:03:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/11 17:03:10 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/05/11 17:03:10 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/05/11 17:03:10 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/05/11 17:03:10 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [fsi] C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [{989A9B0D-2FD6-841C-8CFC-BD2A86913978}]  File not found
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube Download - C:\Users\rai\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O12 - Plugin for: .mu3 - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mus - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mxl - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mya - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .myr - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .myt - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .xmz - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: hotmail.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: live.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: msn.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: passport.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8f591401-766c-11e0-a156-0024542a71d7}\Shell - "" = AutoRun
O33 - MountPoints2\{8f591401-766c-11e0-a156-0024542a71d7}\Shell\AutoRun\command - "" = F:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/07/04 11:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/07/04 11:51:30 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Local\Conduit
[2011/07/03 23:03:46 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\rai\Desktop\OTL.exe
[2011/07/03 23:02:56 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\rai\Documents\OTL(2).exe
[2011/06/29 11:50:47 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Tyka
[2011/06/29 11:50:46 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Gaixe
[2011/06/28 17:31:34 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Malwarebytes
[2011/06/28 17:31:28 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/06/28 17:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/28 17:31:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/28 17:31:24 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/06/28 17:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/28 17:30:29 | 009,435,312 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\rai\Documents\mbam-setup-1.51.0.1200.exe
[2011/06/24 00:07:45 | 001,064,960 | ---- | C] (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) -- C:\windows\System32\libeay32.dll
[2011/06/24 00:07:45 | 000,200,704 | ---- | C] (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) -- C:\windows\System32\ssleay32.dll
[2011/06/24 00:07:45 | 000,176,128 | ---- | C] (The cURL library, cURL and libcurl) -- C:\windows\System32\libcurl.dll
[2011/06/23 22:31:52 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Guwy
[2011/06/23 22:31:52 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Akpoo
[2011/06/23 09:18:34 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/06/22 09:58:28 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Vodu
[2011/06/22 09:58:28 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Kofui
[2011/06/20 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Xafape
[2011/06/20 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Pylo
[2011/06/20 11:45:32 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2011/06/19 14:54:52 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Local\{39A08BE0-F3F7-4366-B319-8CCAD7DB14CC}
[2011/06/19 12:00:44 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Reeqe
[2011/06/19 12:00:44 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Futo
[2011/06/18 17:58:25 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\rai\Documents\OTL(1).exe
[2011/06/15 22:18:49 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\rai\Documents\OTL.exe
[2011/06/15 11:58:27 | 000,000,000 | -H-D | C] -- C:\Users\rai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2011/06/15 11:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2011/06/15 10:47:23 | 000,000,000 | -H-D | C] -- C:\Users\rai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Restore
[2011/06/14 22:28:23 | 000,000,000 | -H-D | C] -- C:\Users\rai\Desktop\Handy Uploads
[2011/06/14 22:09:22 | 000,000,000 | -H-D | C] -- C:\Users\rai\AppData\Roaming\Ynwi
[2011/06/14 22:09:22 | 000,000,000 | -H-D | C] -- C:\Users\rai\AppData\Roaming\Xoofka
[2011/06/13 22:55:17 | 000,000,000 | -H-D | C] -- C:\Users\rai\Documents\Neuer Ordner (2)
[2011/06/13 10:50:02 | 000,000,000 | -H-D | C] -- C:\Users\rai\AppData\Roaming\Ogtuo
[2011/06/13 10:50:02 | 000,000,000 | -H-D | C] -- C:\Users\rai\AppData\Roaming\Duebog
[2011/06/10 15:09:19 | 000,000,000 | -H-D | C] -- C:\Users\rai\AppData\Roaming\5017
[2011/06/08 22:36:26 | 000,000,000 | -H-D | C] -- C:\Users\rai\AppData\Roaming\5016
[2011/06/07 12:32:34 | 000,000,000 | -H-D | C] -- C:\Users\rai\Documents\Bewerbungen Agentur
[2011/06/06 19:00:36 | 000,000,000 | -H-D | C] -- C:\Users\rai\Documents\Neuer Ordner
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[4 C:\Users\rai\AppData\Local\*.tmp files -> C:\Users\rai\AppData\Local\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\rai\AppData\Roaming\*.tmp files -> C:\Users\rai\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/07/04 13:45:27 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/04 13:45:27 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/04 13:38:15 | 000,001,088 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/04 13:37:48 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/07/04 13:37:42 | 1579,630,592 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/04 12:03:04 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/03 23:03:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\rai\Desktop\OTL.exe
[2011/07/03 23:02:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\rai\Documents\OTL(2).exe
[2011/07/02 15:29:40 | 002,285,048 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/07/02 15:29:40 | 001,131,250 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/07/02 15:29:40 | 000,650,156 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/07/02 15:29:40 | 000,576,210 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/06/30 18:34:33 | 000,009,487 | ---- | M] () -- C:\Users\rai\Documents\267566_10150250517364940_7805409939_7109628_7949230_s.jpg
[2011/06/29 12:13:40 | 000,350,312 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/06/28 18:10:25 | 000,000,120 | -H-- | M] () -- C:\Users\rai\AppData\Local\Jyiqobituyi.dat
[2011/06/28 17:31:28 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/28 17:31:01 | 009,435,312 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\rai\Documents\mbam-setup-1.51.0.1200.exe
[2011/06/28 09:17:12 | 000,000,000 | -H-- | M] () -- C:\Users\rai\AppData\Local\Qkoyocigezori.bin
[2011/06/25 10:02:25 | 000,000,000 | ---- | M] () -- C:\Users\rai\AppData\Local\{9E02C3BE-344B-4FFB-9E09-602CD6B087CD}
[2011/06/24 17:40:35 | 000,003,589 | ---- | M] () -- C:\windows\System32\jsaddons.ini
[2011/06/23 19:44:59 | 000,030,393 | ---- | M] () -- C:\Users\rai\Documents\254529_1805511572895_1093067663_31510402_5864814_n.jpg
[2011/06/23 09:18:23 | 237,375,097 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/06/21 22:57:31 | 000,096,187 | ---- | M] () -- C:\Users\rai\Documents\249464_207123672656310_100000760352992_471385_2137741_n.jpg
[2011/06/20 17:06:54 | 000,000,000 | ---- | M] () -- C:\Users\rai\AppData\Local\{CCB2B7B9-5421-43EC-8F04-48CCA8BAD627}
[2011/06/20 17:02:29 | 000,000,000 | ---- | M] () -- C:\Users\rai\AppData\Local\{349E8643-AC12-4668-9AE4-385FE5B30EFA}
[2011/06/18 22:50:18 | 000,000,000 | ---- | M] () -- C:\Users\rai\AppData\Local\{27E7AFC2-2056-4E6C-8A3E-5534EEE94F54}
[2011/06/18 17:58:39 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\rai\Documents\OTL(1).exe
[2011/06/17 22:11:01 | 000,020,311 | -H-- | M] () -- C:\Users\rai\Documents\29444392.jpg
[2011/06/15 22:19:55 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\rai\Documents\OTL.exe
[2011/06/15 12:00:33 | 000,001,284 | -H-- | M] () -- C:\Users\rai\Desktop\PC Inspector File Recovery.lnk
[2011/06/15 11:58:08 | 003,462,033 | -H-- | M] () -- C:\Users\rai\Documents\pci_filerecovery.exe
[2011/06/15 11:47:51 | 000,000,392 | -H-- | M] () -- C:\ProgramData\27057912
[2011/06/15 11:45:25 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~27057912r
[2011/06/15 11:45:25 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~27057912
[2011/06/15 10:47:23 | 000,000,633 | -H-- | M] () -- C:\Users\rai\Desktop\Windows 7 Restore.lnk
[2011/06/14 22:33:25 | 000,178,750 | -H-- | M] () -- C:\Users\rai\Documents\Foto371.jpg
[2011/06/14 13:47:40 | 000,068,276 | -H-- | M] () -- C:\Users\rai\Documents\ostsee.jpg
[2011/06/14 11:56:29 | 000,046,662 | -H-- | M] () -- C:\Users\rai\Documents\deepika061111.pdf
[2011/06/13 18:49:15 | 000,086,014 | -H-- | M] () -- C:\Users\rai\Documents\247028_1805452651422_1093067663_31510173_660445_n.jpg
[2011/06/13 12:51:38 | 000,114,329 | -H-- | M] () -- C:\Users\rai\Documents\Guten Morgen Berlin.jpg
[2011/06/13 12:50:09 | 000,063,243 | -H-- | M] () -- C:\Users\rai\Documents\247241_1805529653347_1093067663_31510421_6177808_n.jpg
[2011/06/13 12:44:57 | 000,057,985 | -H-- | M] () -- C:\Users\rai\Documents\255691_1805487932304_1093067663_31510317_2832650_n.jpg
[2011/06/10 19:48:06 | 000,108,860 | -H-- | M] () -- C:\Users\rai\Documents\das richtige Bild.jpg
[2011/06/10 12:15:03 | 003,090,518 | -H-- | M] () -- C:\Users\rai\Documents\Alexandra_Stan_-_Mr._Saxo_Beat_lyrics.mp3
[2011/06/10 01:31:37 | 000,114,443 | -H-- | M] () -- C:\Users\rai\Documents\Eine Zugfahrt die ist... nun ja anders !.jpg
[2011/06/10 01:27:11 | 000,077,035 | -H-- | M] () -- C:\Users\rai\Documents\249272_10150608301755858_758305857_18923591_5096154_n.jpg
[2011/06/10 01:10:01 | 000,090,121 | -H-- | M] () -- C:\Users\rai\Documents\251702_172001396193189_100001499904249_452483_4061762_n - Kopie (2).jpg
[2011/06/10 00:08:35 | 000,116,373 | -H-- | M] () -- C:\Users\rai\Documents\246663_171998719526790_100001499904249_452418_6352249_n.jpg
[2011/06/10 00:08:07 | 000,150,556 | -H-- | M] () -- C:\Users\rai\Documents\253500_171998642860131_100001499904249_452413_2636837_n.jpg
[2011/06/10 00:07:05 | 000,092,886 | -H-- | M] () -- C:\Users\rai\Documents\248993_171998486193480_100001499904249_452410_4837368_n.jpg
[2011/06/10 00:06:21 | 000,096,233 | -H-- | M] () -- C:\Users\rai\Documents\253822_171998412860154_100001499904249_452408_7346243_n.jpg
[2011/06/09 23:58:40 | 000,101,341 | -H-- | M] () -- C:\Users\rai\Documents\248915_171996939526968_100001499904249_452364_1974396_n.jpg
[2011/06/09 23:58:33 | 000,095,441 | -H-- | M] () -- C:\Users\rai\Documents\253862_171996886193640_100001499904249_452363_7360527_n.jpg
[2011/06/09 23:58:26 | 000,149,923 | -H-- | M] () -- C:\Users\rai\Documents\254551_171996819526980_100001499904249_452362_3463874_n.jpg
[2011/06/09 23:58:19 | 000,135,691 | -H-- | M] () -- C:\Users\rai\Documents\248413_171996786193650_100001499904249_452361_6024836_n.jpg
[2011/06/09 23:58:11 | 000,143,779 | -H-- | M] () -- C:\Users\rai\Documents\251255_171996749526987_100001499904249_452360_3782341_n.jpg
[2011/06/09 23:58:03 | 000,143,814 | -H-- | M] () -- C:\Users\rai\Documents\251675_171996726193656_100001499904249_452359_4176518_n.jpg
[2011/06/09 23:57:52 | 000,081,088 | -H-- | M] () -- C:\Users\rai\Documents\254150_171996676193661_100001499904249_452358_4447810_n.jpg
[2011/06/09 23:57:34 | 000,079,762 | -H-- | M] () -- C:\Users\rai\Documents\247353_171996616193667_100001499904249_452357_4628715_n.jpg
[2011/06/09 23:57:26 | 000,083,753 | -H-- | M] () -- C:\Users\rai\Documents\249543_171996589527003_100001499904249_452356_6543620_n.jpg
[2011/06/09 23:57:17 | 000,076,384 | -H-- | M] () -- C:\Users\rai\Documents\246922_171996566193672_100001499904249_452355_8238187_n.jpg
[2011/06/09 23:57:16 | 000,098,462 | -H-- | M] () -- C:\Users\rai\Documents\246643_171996532860342_100001499904249_452353_3318879_n.jpg
[2011/06/09 23:56:56 | 000,097,657 | -H-- | M] () -- C:\Users\rai\Documents\247073_171996479527014_100001499904249_452352_7212322_n.jpg
[2011/06/09 23:56:45 | 000,097,691 | -H-- | M] () -- C:\Users\rai\Documents\247036_171996362860359_100001499904249_452346_5911126_n.jpg
[2011/06/09 22:02:34 | 000,000,000 | -H-- | M] () -- C:\Users\rai\AppData\Local\{200A499A-232A-4DF1-8944-5C2B6A118F1A}
[2011/06/06 23:30:00 | 000,021,925 | -H-- | M] () -- C:\Users\rai\Documents\61489_1427274997217_1093067663_30952567_416746_n.jpg
[2011/06/06 21:21:01 | 000,118,185 | -H-- | M] () -- C:\Users\rai\Documents\Szene-Kurs.pdf
[2011/06/05 23:53:15 | 000,017,817 | -H-- | M] () -- C:\Users\rai\Documents\Deepika - Kopie - Kopie (2) - Kopie - Kopie - Kopie.jpg
[2011/06/05 20:55:58 | 003,615,892 | -H-- | M] () -- C:\Users\rai\Documents\OST_Hanna_-_Container_Park_Chemical_Bros__.mp3
[2011/06/05 15:32:28 | 000,022,663 | -H-- | M] () -- C:\Users\rai\Documents\68205_1526538678747_1093067663_31117010_8271306_n.jpg
[2011/06/05 15:29:43 | 000,010,965 | -H-- | M] () -- C:\Users\rai\Documents\165762_1526534278637_1093067663_31116999_6904840_n.jpg
[2011/06/05 15:29:02 | 000,055,928 | -H-- | M] () -- C:\Users\rai\Documents\7034_133327803817_554748817_2397083_2833397_n.jpg
[2011/06/05 15:25:32 | 000,075,685 | -H-- | M] () -- C:\Users\rai\Documents\68205_1526538678747_1093067663_31117010_8271306_n - Kopie.jpg
[2011/06/05 15:23:54 | 000,014,164 | -H-- | M] () -- C:\Users\rai\Documents\181995_33411753817_554748817_929269_7884239_n.jpg
[2011/06/05 14:21:04 | 000,039,869 | -H-- | M] () -- C:\Users\rai\Documents\168454_1549005760410_1093067663_31168755_5488634_n.jpg
[2011/06/05 14:19:31 | 000,064,885 | -H-- | M] () -- C:\Users\rai\Documents\164352_1549000080268_1093067663_31168721_2091760_n.jpg
[2011/06/05 14:18:23 | 000,040,514 | -H-- | M] () -- C:\Users\rai\Documents\65486_1526526238436_1093067663_31116966_5286005_n.jpg
[2011/06/05 14:13:21 | 000,086,479 | -H-- | M] () -- C:\Users\rai\Documents\26297_1237541133989_1093067663_30543810_7979447_n.jpg
[2011/06/05 11:08:44 | 000,000,000 | -H-- | M] () -- C:\Users\rai\AppData\Local\{8E9E6EE2-D327-42BA-86FA-6F07DCEAAA08}
[4 C:\Users\rai\AppData\Local\*.tmp files -> C:\Users\rai\AppData\Local\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\rai\AppData\Roaming\*.tmp files -> C:\Users\rai\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/06/30 18:34:28 | 000,009,487 | ---- | C] () -- C:\Users\rai\Documents\267566_10150250517364940_7805409939_7109628_7949230_s.jpg
[2011/06/28 17:31:28 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/25 10:02:07 | 000,000,000 | ---- | C] () -- C:\Users\rai\AppData\Local\{9E02C3BE-344B-4FFB-9E09-602CD6B087CD}
[2011/06/24 14:27:15 | 000,003,589 | ---- | C] () -- C:\windows\System32\jsaddons.ini
[2011/06/24 00:07:45 | 000,073,728 | ---- | C] () -- C:\windows\System32\zlib1.dll
[2011/06/23 19:44:55 | 000,030,393 | ---- | C] () -- C:\Users\rai\Documents\254529_1805511572895_1093067663_31510402_5864814_n.jpg
[2011/06/23 09:18:23 | 237,375,097 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/06/21 22:56:13 | 000,096,187 | ---- | C] () -- C:\Users\rai\Documents\249464_207123672656310_100000760352992_471385_2137741_n.jpg
[2011/06/20 17:06:54 | 000,000,000 | ---- | C] () -- C:\Users\rai\AppData\Local\{CCB2B7B9-5421-43EC-8F04-48CCA8BAD627}
[2011/06/20 17:02:29 | 000,000,000 | ---- | C] () -- C:\Users\rai\AppData\Local\{349E8643-AC12-4668-9AE4-385FE5B30EFA}
[2011/06/18 22:50:18 | 000,000,000 | ---- | C] () -- C:\Users\rai\AppData\Local\{27E7AFC2-2056-4E6C-8A3E-5534EEE94F54}
[2011/06/17 22:10:58 | 000,020,311 | -H-- | C] () -- C:\Users\rai\Documents\29444392.jpg
[2011/06/15 11:58:28 | 000,001,284 | -H-- | C] () -- C:\Users\rai\Desktop\PC Inspector File Recovery.lnk
[2011/06/15 11:58:04 | 003,462,033 | -H-- | C] () -- C:\Users\rai\Documents\pci_filerecovery.exe
[2011/06/15 10:47:24 | 000,000,152 | -H-- | C] () -- C:\ProgramData\~27057912r
[2011/06/15 10:47:24 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~27057912
[2011/06/15 10:47:23 | 000,000,633 | -H-- | C] () -- C:\Users\rai\Desktop\Windows 7 Restore.lnk
[2011/06/15 10:47:20 | 000,000,392 | -H-- | C] () -- C:\ProgramData\27057912
[2011/06/14 22:36:19 | 000,178,750 | -H-- | C] () -- C:\Users\rai\Documents\Foto371.jpg
[2011/06/14 13:46:20 | 000,068,276 | -H-- | C] () -- C:\Users\rai\Documents\ostsee.jpg
[2011/06/14 11:56:29 | 000,046,662 | -H-- | C] () -- C:\Users\rai\Documents\deepika061111.pdf
[2011/06/13 18:47:28 | 000,086,014 | -H-- | C] () -- C:\Users\rai\Documents\247028_1805452651422_1093067663_31510173_660445_n.jpg
[2011/06/13 12:48:58 | 000,063,243 | -H-- | C] () -- C:\Users\rai\Documents\247241_1805529653347_1093067663_31510421_6177808_n.jpg
[2011/06/13 12:44:56 | 000,057,985 | -H-- | C] () -- C:\Users\rai\Documents\255691_1805487932304_1093067663_31510317_2832650_n.jpg
[2011/06/13 12:42:10 | 000,114,329 | -H-- | C] () -- C:\Users\rai\Documents\Guten Morgen Berlin.jpg
[2011/06/10 12:14:43 | 003,090,518 | -H-- | C] () -- C:\Users\rai\Documents\Alexandra_Stan_-_Mr._Saxo_Beat_lyrics.mp3
[2011/06/10 01:42:29 | 000,108,860 | -H-- | C] () -- C:\Users\rai\Documents\das richtige Bild.jpg
[2011/06/10 01:31:36 | 000,114,443 | -H-- | C] () -- C:\Users\rai\Documents\Eine Zugfahrt die ist... nun ja anders !.jpg
[2011/06/10 01:26:54 | 000,077,035 | -H-- | C] () -- C:\Users\rai\Documents\249272_10150608301755858_758305857_18923591_5096154_n.jpg
[2011/06/10 01:22:24 | 000,090,121 | -H-- | C] () -- C:\Users\rai\Documents\251702_172001396193189_100001499904249_452483_4061762_n - Kopie (2).jpg
[2011/06/10 00:08:14 | 000,116,373 | -H-- | C] () -- C:\Users\rai\Documents\246663_171998719526790_100001499904249_452418_6352249_n.jpg
[2011/06/10 00:07:18 | 000,150,556 | -H-- | C] () -- C:\Users\rai\Documents\253500_171998642860131_100001499904249_452413_2636837_n.jpg
[2011/06/10 00:07:02 | 000,092,886 | -H-- | C] () -- C:\Users\rai\Documents\248993_171998486193480_100001499904249_452410_4837368_n.jpg
[2011/06/10 00:06:13 | 000,096,233 | -H-- | C] () -- C:\Users\rai\Documents\253822_171998412860154_100001499904249_452408_7346243_n.jpg
[2011/06/09 23:58:38 | 000,101,341 | -H-- | C] () -- C:\Users\rai\Documents\248915_171996939526968_100001499904249_452364_1974396_n.jpg
[2011/06/09 23:58:32 | 000,095,441 | -H-- | C] () -- C:\Users\rai\Documents\253862_171996886193640_100001499904249_452363_7360527_n.jpg
[2011/06/09 23:58:25 | 000,149,923 | -H-- | C] () -- C:\Users\rai\Documents\254551_171996819526980_100001499904249_452362_3463874_n.jpg
[2011/06/09 23:58:18 | 000,135,691 | -H-- | C] () -- C:\Users\rai\Documents\248413_171996786193650_100001499904249_452361_6024836_n.jpg
[2011/06/09 23:58:10 | 000,143,779 | -H-- | C] () -- C:\Users\rai\Documents\251255_171996749526987_100001499904249_452360_3782341_n.jpg
[2011/06/09 23:58:02 | 000,143,814 | -H-- | C] () -- C:\Users\rai\Documents\251675_171996726193656_100001499904249_452359_4176518_n.jpg
[2011/06/09 23:57:51 | 000,081,088 | -H-- | C] () -- C:\Users\rai\Documents\254150_171996676193661_100001499904249_452358_4447810_n.jpg
[2011/06/09 23:57:32 | 000,079,762 | -H-- | C] () -- C:\Users\rai\Documents\247353_171996616193667_100001499904249_452357_4628715_n.jpg
[2011/06/09 23:57:24 | 000,083,753 | -H-- | C] () -- C:\Users\rai\Documents\249543_171996589527003_100001499904249_452356_6543620_n.jpg
[2011/06/09 23:57:15 | 000,076,384 | -H-- | C] () -- C:\Users\rai\Documents\246922_171996566193672_100001499904249_452355_8238187_n.jpg
[2011/06/09 23:57:06 | 000,098,462 | -H-- | C] () -- C:\Users\rai\Documents\246643_171996532860342_100001499904249_452353_3318879_n.jpg
[2011/06/09 23:56:51 | 000,097,657 | -H-- | C] () -- C:\Users\rai\Documents\247073_171996479527014_100001499904249_452352_7212322_n.jpg
[2011/06/09 23:56:36 | 000,097,691 | -H-- | C] () -- C:\Users\rai\Documents\247036_171996362860359_100001499904249_452346_5911126_n.jpg
[2011/06/09 22:02:19 | 000,000,000 | -H-- | C] () -- C:\Users\rai\AppData\Local\{200A499A-232A-4DF1-8944-5C2B6A118F1A}
[2011/06/06 23:32:13 | 000,017,817 | -H-- | C] () -- C:\Users\rai\Documents\Deepika - Kopie - Kopie (2) - Kopie - Kopie - Kopie.jpg
[2011/06/06 21:21:01 | 000,118,185 | -H-- | C] () -- C:\Users\rai\Documents\Szene-Kurs.pdf
[2011/06/06 20:05:55 | 005,992,658 | -H-- | C] () -- C:\Users\rai\Documents\SAM_1353.JPG
[2011/06/05 20:55:08 | 003,615,892 | -H-- | C] () -- C:\Users\rai\Documents\OST_Hanna_-_Container_Park_Chemical_Bros__.mp3
[2011/06/05 15:29:02 | 000,055,928 | -H-- | C] () -- C:\Users\rai\Documents\7034_133327803817_554748817_2397083_2833397_n.jpg
[2011/06/05 15:28:40 | 000,010,965 | -H-- | C] () -- C:\Users\rai\Documents\165762_1526534278637_1093067663_31116999_6904840_n.jpg
[2011/06/05 15:26:10 | 000,075,685 | -H-- | C] () -- C:\Users\rai\Documents\68205_1526538678747_1093067663_31117010_8271306_n - Kopie.jpg
[2011/06/05 15:25:30 | 000,022,663 | -H-- | C] () -- C:\Users\rai\Documents\68205_1526538678747_1093067663_31117010_8271306_n.jpg
[2011/06/05 15:21:34 | 000,014,164 | -H-- | C] () -- C:\Users\rai\Documents\181995_33411753817_554748817_929269_7884239_n.jpg
[2011/06/05 14:21:03 | 000,039,869 | -H-- | C] () -- C:\Users\rai\Documents\168454_1549005760410_1093067663_31168755_5488634_n.jpg
[2011/06/05 14:19:28 | 000,064,885 | -H-- | C] () -- C:\Users\rai\Documents\164352_1549000080268_1093067663_31168721_2091760_n.jpg
[2011/06/05 14:15:29 | 000,040,514 | -H-- | C] () -- C:\Users\rai\Documents\65486_1526526238436_1093067663_31116966_5286005_n.jpg
[2011/06/05 14:12:30 | 000,086,479 | -H-- | C] () -- C:\Users\rai\Documents\26297_1237541133989_1093067663_30543810_7979447_n.jpg
[2011/06/05 11:06:44 | 000,000,000 | -H-- | C] () -- C:\Users\rai\AppData\Local\{8E9E6EE2-D327-42BA-86FA-6F07DCEAAA08}
[2011/05/31 15:23:11 | 000,000,000 | -H-- | C] () -- C:\Users\rai\AppData\Local\{4914D555-91E9-4333-81B6-E4C858D598C4}
[2011/05/29 12:44:29 | 000,000,011 | -H-- | C] () -- C:\Users\rai\AppData\Roaming\urhtps.dat
[2011/05/26 13:15:27 | 000,000,000 | -H-- | C] () -- C:\Users\rai\AppData\Roaming\.NANotifyHere
[2011/05/19 16:00:17 | 000,000,724 | ---- | C] () -- C:\windows\wacam.ini
[2011/05/19 16:00:16 | 000,169,720 | ---- | C] () -- C:\windows\System32\MMPlugHostCtrl.dll
[2011/05/05 15:29:12 | 000,000,000 | -H-- | C] () -- C:\Users\rai\AppData\Local\{63A774A9-58AA-419B-BF0C-971ABC1EA064}
[2011/05/01 16:33:24 | 000,000,000 | -H-- | C] () -- C:\Users\rai\AppData\Local\{A8380BC7-4C4D-4AEB-9A1C-C49BE66755BC}
[2011/03/30 21:42:07 | 000,000,120 | -H-- | C] () -- C:\Users\rai\AppData\Local\Jyiqobituyi.dat
[2011/03/30 21:42:07 | 000,000,000 | -H-- | C] () -- C:\Users\rai\AppData\Local\Qkoyocigezori.bin
[2010/12/14 00:06:48 | 000,000,235 | -H-- | C] () -- C:\Users\rai\AppData\Roaming\devices.xml
[2010/12/14 00:06:48 | 000,000,012 | -H-- | C] () -- C:\Users\rai\AppData\Roaming\settings.xml
[2010/12/13 23:51:38 | 000,020,458 | ---- | C] () -- C:\windows\hpoins01.dat.temp
[2010/12/13 23:51:38 | 000,016,622 | ---- | C] () -- C:\windows\hpomdl01.dat.temp
[2010/10/13 10:09:40 | 000,000,812 | ---- | C] () -- C:\windows\System32\drivers\scdskr01.dat
[2010/10/13 10:09:40 | 000,000,541 | ---- | C] () -- C:\windows\System32\drivers\scdhkr01.dat
[2010/10/13 10:09:40 | 000,000,500 | ---- | C] () -- C:\windows\System32\drivers\RSTable.dat
[2010/10/13 10:09:40 | 000,000,036 | ---- | C] () -- C:\windows\System32\drivers\scdstr01.dat
[2010/09/17 18:37:50 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll
[2010/09/17 18:37:50 | 000,036,608 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys
[2010/09/17 18:37:42 | 000,002,528 | -H-- | C] () -- C:\Users\rai\AppData\Roaming\$_hpcst$.hpc
[2010/09/15 14:19:07 | 000,016,622 | ---- | C] () -- C:\windows\hpomdl01.dat
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
[2010/08/18 17:53:31 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/08/18 17:38:22 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/12/05 22:22:03 | 002,285,048 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/12/05 22:22:03 | 000,650,156 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/12/05 22:22:03 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/12/05 22:22:03 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/12/05 22:01:49 | 000,004,608 | ---- | C] () -- C:\windows\System32\HdmiCoin.dll
[2009/12/05 22:01:47 | 000,134,592 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/12/05 05:17:31 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,350,312 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 001,131,250 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,576,210 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/05/01 16:24:14 | 000,000,184 | ---- | C] () -- C:\windows\System32\drivers\osdauth.dat
[2009/05/01 15:41:06 | 000,000,020 | ---- | C] () -- C:\windows\System32\drivers\OSDSig.dat
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\windows\System32\drivers\StarOpen.sys
[2003/04/06 06:33:26 | 000,020,458 | ---- | C] () -- C:\windows\hpoins01.dat
 
========== LOP Check ==========
 
[2011/05/31 08:34:07 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\5015
[2011/06/16 07:35:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\5016
[2011/06/16 07:35:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\5017
[2011/06/23 22:31:52 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Akpoo
[2011/06/16 07:35:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Audacity
[2011/06/27 22:59:13 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Duebog
[2011/01/31 17:02:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/19 12:00:44 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Futo
[2011/07/03 20:13:39 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Gaixe
[2011/06/28 19:23:29 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Guwy
[2011/05/28 20:07:22 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\kock
[2011/06/28 18:39:17 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Kofui
[2011/06/28 19:23:29 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Ogtuo
[2010/09/17 18:59:43 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\PC Suite
[2011/06/28 19:23:29 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Pylo
[2011/06/28 19:23:29 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Reeqe
[2011/06/16 07:33:59 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Samsung
[2011/06/16 07:35:44 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Thunderbird
[2011/05/26 14:34:14 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\TuneUp Software
[2011/07/03 18:48:27 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Tyka
[2011/06/28 19:23:29 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Vodu
[2011/06/22 14:36:00 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Wuyco
[2011/06/20 19:00:55 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Xafape
[2011/05/28 20:07:23 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\xmldm
[2011/06/28 19:23:30 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Xoofka
[2011/06/14 22:09:22 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Ynwi
[2011/06/28 19:23:29 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Ysymyp
[2011/06/23 14:15:11 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/05/31 08:34:07 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\5015
[2011/06/16 07:35:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\5016
[2011/06/16 07:35:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\5017
[2011/06/16 07:35:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Adobe
[2011/06/23 22:31:52 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Akpoo
[2010/12/26 13:23:33 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Apple Computer
[2011/06/16 07:35:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Audacity
[2010/09/17 20:00:38 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Avira
[2011/05/19 00:34:42 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\CyberLink
[2011/05/06 01:19:26 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\DivX
[2011/06/27 22:59:13 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Duebog
[2011/01/31 17:02:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/19 12:00:44 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Futo
[2011/07/03 20:13:39 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Gaixe
[2010/09/12 14:07:05 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Google
[2011/06/28 19:23:29 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Guwy
[2010/12/14 00:23:17 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Hewlett-Packard
[2010/12/23 15:41:14 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\HpUpdate
[2010/08/18 17:55:13 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Identities
[2011/05/28 20:07:22 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\kock
[2011/06/28 18:39:17 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Kofui
[2010/09/12 14:08:04 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Macromedia
[2011/06/28 17:31:34 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Malwarebytes
[2009/12/05 22:11:14 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Media Center Programs
[2011/06/16 07:35:41 | 000,000,000 | --SD | M] -- C:\Users\rai\AppData\Roaming\Microsoft
[2011/06/16 07:33:56 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Mozilla
[2011/05/26 13:16:17 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Nero
[2011/06/28 19:23:29 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Ogtuo
[2010/09/17 18:59:43 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\PC Suite
[2011/06/28 19:23:29 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Pylo
[2011/06/16 07:35:44 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Real
[2011/06/28 19:23:29 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Reeqe
[2011/06/16 07:33:59 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Samsung
[2011/06/16 07:35:44 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Thunderbird
[2011/05/26 14:34:14 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\TuneUp Software
[2011/07/03 18:48:27 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Tyka
[2011/06/28 19:23:29 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Vodu
[2011/06/22 14:36:00 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Wuyco
[2011/06/20 19:00:55 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Xafape
[2011/05/28 20:07:23 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\xmldm
[2011/06/28 19:23:30 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Xoofka
[2011/06/14 22:09:22 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Ynwi
[2011/06/28 19:23:29 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Ysymyp
 
< %APPDATA%\*.exe /s >
[2010/09/17 18:54:12 | 089,280,248 | -H-- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\rai\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
[2010/11/19 15:03:57 | 142,480,808 | -H-- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\rai\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_Full_Update_NPS2_10064_2.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007/05/17 14:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2009/10/13 04:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/10/13 04:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\drivers\iaStor.sys
[2009/10/13 04:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_3f3653f13a033ed4\iaStor.sys
[2009/10/13 04:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:E1F04E8D

< End of report >
--- --- ---

cosinus 04.07.2011 13:48
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=toolbar2&q="
[2011/06/25 22:01:28 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/06/16 07:35:43 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/06/25 22:01:31 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011/06/25 22:01:34 | 000,000,000 | ---D | M] (SearchElf 1.2 Community Toolbar) -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}
[2011/06/16 07:35:43 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\engine@conduit.com
[2011/06/16 07:35:43 | 000,000,000 | -H-D | M] (vShare Plugin) -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\vshare@toolbar
[2011/05/26 13:16:46 | 000,002,253 | -H-- | M] () -- C:\Users\rai\AppData\Roaming\Mozilla\Firefox\Profiles\8bhp6291.default\searchplugins\askcom.xml
[2010/12/08 16:47:52 | 000,000,927 | -H-- | M] () -- C:\Users\rai\AppData\Roaming\Mozilla\Firefox\Profiles\8bhp6291.default\searchplugins\conduit.xml
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKCU..\Run: [{989A9B0D-2FD6-841C-8CFC-BD2A86913978}]  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8f591401-766c-11e0-a156-0024542a71d7}\Shell - "" = AutoRun
O33 - MountPoints2\{8f591401-766c-11e0-a156-0024542a71d7}\Shell\AutoRun\command - "" = F:\iStudio.exe
[2011/07/04 11:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/07/04 11:51:30 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Local\Conduit
[2011/06/29 11:50:47 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Tyka
[2011/06/29 11:50:46 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Gaixe
[2011/06/23 22:31:52 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Guwy
[2011/06/23 22:31:52 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Akpoo
[2011/06/22 09:58:28 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Vodu
[2011/06/22 09:58:28 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Kofui
[2011/06/20 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Xafape
[2011/06/20 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Pylo
[2011/06/19 12:00:44 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Reeqe
[2011/06/19 12:00:44 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Futo
[2011/06/15 11:58:27 | 000,000,000 | -H-D | C] -- C:\Users\rai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2011/06/15 11:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2011/06/15 10:47:23 | 000,000,000 | -H-D | C] -- C:\Users\rai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Restore
[2011/06/14 22:09:22 | 000,000,000 | -H-D | C] -- C:\Users\rai\AppData\Roaming\Ynwi
[2011/06/14 22:09:22 | 000,000,000 | -H-D | C] -- C:\Users\rai\AppData\Roaming\Xoofka
[2011/06/13 10:50:02 | 000,000,000 | -H-D | C] -- C:\Users\rai\AppData\Roaming\Ogtuo
[2011/06/13 10:50:02 | 000,000,000 | -H-D | C] -- C:\Users\rai\AppData\Roaming\Duebog
[2011/05/31 08:34:07 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\5015
[2011/06/16 07:35:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\5016
[2011/06/16 07:35:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\5017
[2011/06/28 18:10:25 | 000,000,120 | -H-- | M] () -- C:\Users\rai\AppData\Local\Jyiqobituyi.dat
[2011/06/28 09:17:12 | 000,000,000 | -H-- | M] () -- C:\Users\rai\AppData\Local\Qkoyocigezori.bin
[2011/06/25 10:02:25 | 000,000,000 | ---- | M] () -- C:\Users\rai\AppData\Local\{9E02C3BE-344B-4FFB-9E09-602CD6B087CD}
[2011/06/15 11:47:51 | 000,000,392 | -H-- | M] () -- C:\ProgramData\27057912
[2011/06/15 11:45:25 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~27057912r
[2011/06/15 11:45:25 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~27057912
[2011/06/15 10:47:23 | 000,000,633 | -H-- | M] () -- C:\Users\rai\Desktop\Windows 7 Restore.lnk
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:E1F04E8D
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

germany25 04.07.2011 13:57
Ich habe es wie beschrieben durchgeführt und hier ist das Logfile:

========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "softonic-de3 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: "hxxp://search.babylon.com/?babsrc=toolbar2&q=" removed from keyword.URL
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\searchplugin folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\modules folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\META-INF folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\defaults folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\chrome folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}\searchplugin folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}\modules folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}\META-INF folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}\defaults folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}\components folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}\chrome folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f} folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\vshare@toolbar\META-INF folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\vshare@toolbar\chrome folder moved successfully.
C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\vshare@toolbar folder moved successfully.
C:\Users\rai\AppData\Roaming\Mozilla\Firefox\Profiles\8bhp6291.default\searchplugins\askcom.xml moved successfully.
C:\Users\rai\AppData\Roaming\Mozilla\Firefox\Profiles\8bhp6291.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{989A9B0D-2FD6-841C-8CFC-BD2A86913978} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{989A9B0D-2FD6-841C-8CFC-BD2A86913978}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f591401-766c-11e0-a156-0024542a71d7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f591401-766c-11e0-a156-0024542a71d7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f591401-766c-11e0-a156-0024542a71d7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f591401-766c-11e0-a156-0024542a71d7}\ not found.
File F:\iStudio.exe not found.
C:\Program Files\ConduitEngine folder moved successfully.
C:\Users\rai\AppData\Local\Conduit folder moved successfully.
C:\Users\rai\AppData\Roaming\Tyka folder moved successfully.
C:\Users\rai\AppData\Roaming\Gaixe folder moved successfully.
C:\Users\rai\AppData\Roaming\Guwy folder moved successfully.
C:\Users\rai\AppData\Roaming\Akpoo folder moved successfully.
C:\Users\rai\AppData\Roaming\Vodu folder moved successfully.
C:\Users\rai\AppData\Roaming\Kofui folder moved successfully.
C:\Users\rai\AppData\Roaming\Xafape folder moved successfully.
C:\Users\rai\AppData\Roaming\Pylo folder moved successfully.
C:\Users\rai\AppData\Roaming\Reeqe folder moved successfully.
C:\Users\rai\AppData\Roaming\Futo folder moved successfully.
C:\Users\rai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar\PC Inspector File Recovery folder moved successfully.
C:\Users\rai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar folder moved successfully.
C:\Program Files\Convar\PC Inspector File Recovery folder moved successfully.
C:\Program Files\Convar folder moved successfully.
C:\Users\rai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Restore folder moved successfully.
C:\Users\rai\AppData\Roaming\Ynwi folder moved successfully.
C:\Users\rai\AppData\Roaming\Xoofka folder moved successfully.
C:\Users\rai\AppData\Roaming\Ogtuo folder moved successfully.
C:\Users\rai\AppData\Roaming\Duebog folder moved successfully.
C:\Users\rai\AppData\Roaming\5015\components folder moved successfully.
C:\Users\rai\AppData\Roaming\5015 folder moved successfully.
C:\Users\rai\AppData\Roaming\5016\components folder moved successfully.
C:\Users\rai\AppData\Roaming\5016 folder moved successfully.
C:\Users\rai\AppData\Roaming\5017\components folder moved successfully.
C:\Users\rai\AppData\Roaming\5017 folder moved successfully.
C:\Users\rai\AppData\Local\Jyiqobituyi.dat moved successfully.
C:\Users\rai\AppData\Local\Qkoyocigezori.bin moved successfully.
C:\Users\rai\AppData\Local\{9E02C3BE-344B-4FFB-9E09-602CD6B087CD} moved successfully.
C:\ProgramData\27057912 moved successfully.
C:\ProgramData\~27057912r moved successfully.
C:\ProgramData\~27057912 moved successfully.
C:\Users\rai\Desktop\Windows 7 Restore.lnk moved successfully.
ADS C:\ProgramData\Temp:A42A9F39 deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.25.0 log created on 07042011_145415

cosinus 04.07.2011 14:03
Ok. Zur Kontrolle bitte wieder ein neues CustomLog mit OTL erstellen und posten.

germany25 04.07.2011 14:42
Ok, ich habe das CustomLog mit OTL erstellt, aber hat erst beim zweiten Versuch geklappt. Der Laptop hatte sich während OTL scannte von allein ausgeschaltet. Beim Einschalten waren alle Dateien wieder sichtbar, aber transparent.
Ich habe den Scan dann erneut durchgeführt und hier ist das Protokoll:OTL Logfile:
Code:
OTL logfile created on: 7/4/2011 3:25:10 PM - Run 4
OTL by OldTimer - Version 3.2.25.0    Folder = C:\Users\rai\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.96 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 60.73% Memory free
3.92 Gb Paging File | 2.97 Gb Available in Paging File | 75.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.22 Gb Total Space | 30.74 Gb Free Space | 40.33% Space Free | Partition Type: NTFS
Drive D: | 141.56 Gb Total Space | 33.60 Gb Free Space | 23.73% Space Free | Partition Type: NTFS
 
Computer Name: RAI-PC | User Name: rai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/07/03 23:03:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\rai\Desktop\OTL.exe
PRC - [2011/05/25 23:14:14 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/22 19:04:20 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/30 19:49:44 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/03/30 19:48:00 | 001,523,008 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/03/11 01:13:12 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/09/17 18:55:04 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/04/20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/01/14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/04 06:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/26 13:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/07 03:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/09/09 10:20:51 | 000,009,728 | ---- | M] () -- C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/07/03 23:03:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\rai\Desktop\OTL.exe
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/05/25 23:14:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/22 19:04:20 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/30 19:48:00 | 001,523,008 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/03/30 19:45:32 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/22 19:04:20 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/11 01:13:12 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/02/10 11:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/11/06 22:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/10 15:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/01 15:41:06 | 000,384,896 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CryptOSD.sys -- (CryptOSD)
DRV - [2009/03/31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=1e754307000000000000b482fe6bf288&tlver=1.4.19.19&affID=17159
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ask.com Deutschland - die andere Suchmaschine
IE - HKCU\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=toolbar2&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/16 07:35:36 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 09:30:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/19 16:00:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/18 22:47:23 | 000,000,000 | ---D | M]
 
[2011/01/11 01:56:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\rai\AppData\Roaming\mozilla\Extensions
[2011/01/11 01:56:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\rai\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/04 14:54:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions
[2011/06/25 22:01:25 | 000,000,000 | ---D | M] (MessengerPlusLive Germany TB Community Toolbar) -- C:\Users\rai\AppData\Roaming\mozilla\Firefox\Profiles\8bhp6291.default\extensions\{76aeea42-e04a-4b62-83ab-df4b2be2541e}
[2010/10/30 13:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/10/30 13:47:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/19 14:54:52 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\RAI\APPDATA\LOCAL\{39A08BE0-F3F7-4366-B319-8CCAD7DB14CC}
() (No name found) -- C:\USERS\RAI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BHP6291.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM.XPI
[2011/06/25 09:30:32 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/30 13:47:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/06/23 13:34:24 | 002,156,280 | ---- | M] (Myriad Software.) -- C:\Program Files\mozilla firefox\plugins\NPMyrMus.dll
[2011/05/11 17:03:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/05/23 17:40:29 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/05/11 17:03:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/11 17:03:10 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/05/11 17:03:10 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/05/11 17:03:10 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/05/11 17:03:10 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/07/04 14:54:20 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [fsi] C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube Download - C:\Users\rai\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O12 - Plugin for: .mu3 - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mus - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mxl - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mya - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .myr - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .myt - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .xmz - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: hotmail.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: live.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: msn.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: passport.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/07/04 14:54:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/03 23:03:46 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\rai\Desktop\OTL.exe
[2011/07/03 23:02:56 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\rai\Documents\OTL(2).exe
[2011/06/28 17:31:34 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Roaming\Malwarebytes
[2011/06/28 17:31:28 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/06/28 17:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/28 17:31:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/28 17:31:24 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/06/28 17:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/28 17:30:29 | 009,435,312 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\rai\Documents\mbam-setup-1.51.0.1200.exe
[2011/06/24 00:07:45 | 001,064,960 | ---- | C] (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) -- C:\windows\System32\libeay32.dll
[2011/06/24 00:07:45 | 000,200,704 | ---- | C] (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) -- C:\windows\System32\ssleay32.dll
[2011/06/24 00:07:45 | 000,176,128 | ---- | C] (The cURL library, cURL and libcurl) -- C:\windows\System32\libcurl.dll
[2011/06/23 09:18:34 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/06/20 11:45:32 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2011/06/19 14:54:52 | 000,000,000 | ---D | C] -- C:\Users\rai\AppData\Local\{39A08BE0-F3F7-4366-B319-8CCAD7DB14CC}
[2011/06/18 17:58:25 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\rai\Documents\OTL(1).exe
[2011/06/15 22:18:49 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\rai\Documents\OTL.exe
[2011/06/14 22:28:23 | 000,000,000 | -H-D | C] -- C:\Users\rai\Desktop\Handy Uploads
[2011/06/13 22:55:17 | 000,000,000 | -H-D | C] -- C:\Users\rai\Documents\Neuer Ordner (2)
[2011/06/07 12:32:34 | 000,000,000 | -H-D | C] -- C:\Users\rai\Documents\Bewerbungen Agentur
[2011/06/06 19:00:36 | 000,000,000 | -H-D | C] -- C:\Users\rai\Documents\Neuer Ordner
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[4 C:\Users\rai\AppData\Local\*.tmp files -> C:\Users\rai\AppData\Local\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\rai\AppData\Roaming\*.tmp files -> C:\Users\rai\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/07/04 15:28:33 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/04 15:28:33 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/04 15:20:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/07/04 15:20:47 | 1579,630,592 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/04 14:54:20 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2011/07/03 23:03:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\rai\Desktop\OTL.exe
[2011/07/03 23:02:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\rai\Documents\OTL(2).exe
[2011/07/02 15:29:40 | 002,285,048 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/07/02 15:29:40 | 001,131,250 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/07/02 15:29:40 | 000,650,156 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/07/02 15:29:40 | 000,576,210 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/06/30 18:34:33 | 000,009,487 | ---- | M] () -- C:\Users\rai\Documents\267566_10150250517364940_7805409939_7109628_7949230_s.jpg
[2011/06/29 12:13:40 | 000,350,312 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/06/28 17:31:28 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/28 17:31:01 | 009,435,312 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\rai\Documents\mbam-setup-1.51.0.1200.exe
[2011/06/24 17:40:35 | 000,003,589 | ---- | M] () -- C:\windows\System32\jsaddons.ini
[2011/06/23 19:44:59 | 000,030,393 | ---- | M] () -- C:\Users\rai\Documents\254529_1805511572895_1093067663_31510402_5864814_n.jpg
[2011/06/23 09:18:23 | 237,375,097 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/06/21 22:57:31 | 000,096,187 | ---- | M] () -- C:\Users\rai\Documents\249464_207123672656310_100000760352992_471385_2137741_n.jpg
[2011/06/20 17:06:54 | 000,000,000 | ---- | M] () -- C:\Users\rai\AppData\Local\{CCB2B7B9-5421-43EC-8F04-48CCA8BAD627}
[2011/06/20 17:02:29 | 000,000,000 | ---- | M] () -- C:\Users\rai\AppData\Local\{349E8643-AC12-4668-9AE4-385FE5B30EFA}
[2011/06/18 22:50:18 | 000,000,000 | ---- | M] () -- C:\Users\rai\AppData\Local\{27E7AFC2-2056-4E6C-8A3E-5534EEE94F54}
[2011/06/18 17:58:39 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\rai\Documents\OTL(1).exe
[2011/06/17 22:11:01 | 000,020,311 | -H-- | M] () -- C:\Users\rai\Documents\29444392.jpg
[2011/06/15 22:19:55 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\rai\Documents\OTL.exe
[2011/06/15 12:00:33 | 000,001,284 | -H-- | M] () -- C:\Users\rai\Desktop\PC Inspector File Recovery.lnk
[2011/06/15 11:58:08 | 003,462,033 | -H-- | M] () -- C:\Users\rai\Documents\pci_filerecovery.exe
[2011/06/14 22:33:25 | 000,178,750 | -H-- | M] () -- C:\Users\rai\Documents\Foto371.jpg
[2011/06/14 13:47:40 | 000,068,276 | -H-- | M] () -- C:\Users\rai\Documents\ostsee.jpg
[2011/06/14 11:56:29 | 000,046,662 | -H-- | M] () -- C:\Users\rai\Documents\deepika061111.pdf
[2011/06/13 18:49:15 | 000,086,014 | -H-- | M] () -- C:\Users\rai\Documents\247028_1805452651422_1093067663_31510173_660445_n.jpg
[2011/06/13 12:51:38 | 000,114,329 | -H-- | M] () -- C:\Users\rai\Documents\Guten Morgen Berlin.jpg
[2011/06/13 12:50:09 | 000,063,243 | -H-- | M] () -- C:\Users\rai\Documents\247241_1805529653347_1093067663_31510421_6177808_n.jpg
[2011/06/13 12:44:57 | 000,057,985 | -H-- | M] () -- C:\Users\rai\Documents\255691_1805487932304_1093067663_31510317_2832650_n.jpg
[2011/06/10 19:48:06 | 000,108,860 | -H-- | M] () -- C:\Users\rai\Documents\das richtige Bild.jpg
[2011/06/10 12:15:03 | 003,090,518 | -H-- | M] () -- C:\Users\rai\Documents\Alexandra_Stan_-_Mr._Saxo_Beat_lyrics.mp3
[2011/06/10 01:31:37 | 000,114,443 | -H-- | M] () -- C:\Users\rai\Documents\Eine Zugfahrt die ist... nun ja anders !.jpg
[2011/06/10 01:27:11 | 000,077,035 | -H-- | M] () -- C:\Users\rai\Documents\249272_10150608301755858_758305857_18923591_5096154_n.jpg
[2011/06/10 01:10:01 | 000,090,121 | -H-- | M] () -- C:\Users\rai\Documents\251702_172001396193189_100001499904249_452483_4061762_n - Kopie (2).jpg
[2011/06/10 00:08:35 | 000,116,373 | -H-- | M] () -- C:\Users\rai\Documents\246663_171998719526790_100001499904249_452418_6352249_n.jpg
[2011/06/10 00:08:07 | 000,150,556 | -H-- | M] () -- C:\Users\rai\Documents\253500_171998642860131_100001499904249_452413_2636837_n.jpg
[2011/06/10 00:07:05 | 000,092,886 | -H-- | M] () -- C:\Users\rai\Documents\248993_171998486193480_100001499904249_452410_4837368_n.jpg
[2011/06/10 00:06:21 | 000,096,233 | -H-- | M] () -- C:\Users\rai\Documents\253822_171998412860154_100001499904249_452408_7346243_n.jpg
[2011/06/09 23:58:40 | 000,101,341 | -H-- | M] () -- C:\Users\rai\Documents\248915_171996939526968_100001499904249_452364_1974396_n.jpg
[2011/06/09 23:58:33 | 000,095,441 | -H-- | M] () -- C:\Users\rai\Documents\253862_171996886193640_100001499904249_452363_7360527_n.jpg
[2011/06/09 23:58:26 | 000,149,923 | -H-- | M] () -- C:\Users\rai\Documents\254551_171996819526980_100001499904249_452362_3463874_n.jpg
[2011/06/09 23:58:19 | 000,135,691 | -H-- | M] () -- C:\Users\rai\Documents\248413_171996786193650_100001499904249_452361_6024836_n.jpg
[2011/06/09 23:58:11 | 000,143,779 | -H-- | M] () -- C:\Users\rai\Documents\251255_171996749526987_100001499904249_452360_3782341_n.jpg
[2011/06/09 23:58:03 | 000,143,814 | -H-- | M] () -- C:\Users\rai\Documents\251675_171996726193656_100001499904249_452359_4176518_n.jpg
[2011/06/09 23:57:52 | 000,081,088 | -H-- | M] () -- C:\Users\rai\Documents\254150_171996676193661_100001499904249_452358_4447810_n.jpg
[2011/06/09 23:57:34 | 000,079,762 | -H-- | M] () -- C:\Users\rai\Documents\247353_171996616193667_100001499904249_452357_4628715_n.jpg
[2011/06/09 23:57:26 | 000,083,753 | -H-- | M] () -- C:\Users\rai\Documents\249543_171996589527003_100001499904249_452356_6543620_n.jpg
[2011/06/09 23:57:17 | 000,076,384 | -H-- | M] () -- C:\Users\rai\Documents\246922_171996566193672_100001499904249_452355_8238187_n.jpg
[2011/06/09 23:57:16 | 000,098,462 | -H-- | M] () -- C:\Users\rai\Documents\246643_171996532860342_100001499904249_452353_3318879_n.jpg
[2011/06/09 23:56:56 | 000,097,657 | -H-- | M] () -- C:\Users\rai\Documents\247073_171996479527014_100001499904249_452352_7212322_n.jpg
[2011/06/09 23:56:45 | 000,097,691 | -H-- | M] () -- C:\Users\rai\Documents\247036_171996362860359_100001499904249_452346_5911126_n.jpg
[2011/06/09 22:02:34 | 000,000,000 | -H-- | M] () -- C:\Users\rai\AppData\Local\{200A499A-232A-4DF1-8944-5C2B6A118F1A}
[2011/06/06 23:30:00 | 000,021,925 | -H-- | M] () -- C:\Users\rai\Documents\61489_1427274997217_1093067663_30952567_416746_n.jpg
[2011/06/06 21:21:01 | 000,118,185 | -H-- | M] () -- C:\Users\rai\Documents\Szene-Kurs.pdf
[2011/06/05 23:53:15 | 000,017,817 | -H-- | M] () -- C:\Users\rai\Documents\Deepika - Kopie - Kopie (2) - Kopie - Kopie - Kopie.jpg
[2011/06/05 20:55:58 | 003,615,892 | -H-- | M] () -- C:\Users\rai\Documents\OST_Hanna_-_Container_Park_Chemical_Bros__.mp3
[2011/06/05 15:32:28 | 000,022,663 | -H-- | M] () -- C:\Users\rai\Documents\68205_1526538678747_1093067663_31117010_8271306_n.jpg
[2011/06/05 15:29:43 | 000,010,965 | -H-- | M] () -- C:\Users\rai\Documents\165762_1526534278637_1093067663_31116999_6904840_n.jpg
[2011/06/05 15:29:02 | 000,055,928 | -H-- | M] () -- C:\Users\rai\Documents\7034_133327803817_554748817_2397083_2833397_n.jpg
[2011/06/05 15:25:32 | 000,075,685 | -H-- | M] () -- C:\Users\rai\Documents\68205_1526538678747_1093067663_31117010_8271306_n - Kopie.jpg
[2011/06/05 15:23:54 | 000,014,164 | -H-- | M] () -- C:\Users\rai\Documents\181995_33411753817_554748817_929269_7884239_n.jpg
[2011/06/05 14:21:04 | 000,039,869 | -H-- | M] () -- C:\Users\rai\Documents\168454_1549005760410_1093067663_31168755_5488634_n.jpg
[2011/06/05 14:19:31 | 000,064,885 | -H-- | M] () -- C:\Users\rai\Documents\164352_1549000080268_1093067663_31168721_2091760_n.jpg
[2011/06/05 14:18:23 | 000,040,514 | -H-- | M] () -- C:\Users\rai\Documents\65486_1526526238436_1093067663_31116966_5286005_n.jpg
[2011/06/05 14:13:21 | 000,086,479 | -H-- | M] () -- C:\Users\rai\Documents\26297_1237541133989_1093067663_30543810_7979447_n.jpg
[2011/06/05 11:08:44 | 000,000,000 | -H-- | M] () -- C:\Users\rai\AppData\Local\{8E9E6EE2-D327-42BA-86FA-6F07DCEAAA08}
[4 C:\Users\rai\AppData\Local\*.tmp files -> C:\Users\rai\AppData\Local\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\rai\AppData\Roaming\*.tmp files -> C:\Users\rai\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/06/30 18:34:28 | 000,009,487 | ---- | C] () -- C:\Users\rai\Documents\267566_10150250517364940_7805409939_7109628_7949230_s.jpg
[2011/06/28 17:31:28 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/24 14:27:15 | 000,003,589 | ---- | C] () -- C:\windows\System32\jsaddons.ini
[2011/06/24 00:07:45 | 000,073,728 | ---- | C] () -- C:\windows\System32\zlib1.dll
[2011/06/23 19:44:55 | 000,030,393 | ---- | C] () -- C:\Users\rai\Documents\254529_1805511572895_1093067663_31510402_5864814_n.jpg
[2011/06/23 09:18:23 | 237,375,097 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/06/21 22:56:13 | 000,096,187 | ---- | C] () -- C:\Users\rai\Documents\249464_207123672656310_100000760352992_471385_2137741_n.jpg
[2011/06/20 17:06:54 | 000,000,000 | ---- | C] () -- C:\Users\rai\AppData\Local\{CCB2B7B9-5421-43EC-8F04-48CCA8BAD627}
[2011/06/20 17:02:29 | 000,000,000 | ---- | C] () -- C:\Users\rai\AppData\Local\{349E8643-AC12-4668-9AE4-385FE5B30EFA}
[2011/06/18 22:50:18 | 000,000,000 | ---- | C] () -- C:\Users\rai\AppData\Local\{27E7AFC2-2056-4E6C-8A3E-5534EEE94F54}
[2011/06/17 22:10:58 | 000,020,311 | -H-- | C] () -- C:\Users\rai\Documents\29444392.jpg
[2011/06/15 11:58:28 | 000,001,284 | -H-- | C] () -- C:\Users\rai\Desktop\PC Inspector File Recovery.lnk
[2011/06/15 11:58:04 | 003,462,033 | -H-- | C] () -- C:\Users\rai\Documents\pci_filerecovery.exe
[2011/06/14 22:36:19 | 000,178,750 | -H-- | C] () -- C:\Users\rai\Documents\Foto371.jpg
[2011/06/14 13:46:20 | 000,068,276 | -H-- | C] () -- C:\Users\rai\Documents\ostsee.jpg
[2011/06/14 11:56:29 | 000,046,662 | -H-- | C] () -- C:\Users\rai\Documents\deepika061111.pdf
[2011/06/13 18:47:28 | 000,086,014 | -H-- | C] () -- C:\Users\rai\Documents\247028_1805452651422_1093067663_31510173_660445_n.jpg
[2011/06/13 12:48:58 | 000,063,243 | -H-- | C] () -- C:\Users\rai\Documents\247241_1805529653347_1093067663_31510421_6177808_n.jpg
[2011/06/13 12:44:56 | 000,057,985 | -H-- | C] () -- C:\Users\rai\Documents\255691_1805487932304_1093067663_31510317_2832650_n.jpg
[2011/06/13 12:42:10 | 000,114,329 | -H-- | C] () -- C:\Users\rai\Documents\Guten Morgen Berlin.jpg
[2011/06/10 12:14:43 | 003,090,518 | -H-- | C] () -- C:\Users\rai\Documents\Alexandra_Stan_-_Mr._Saxo_Beat_lyrics.mp3
[2011/06/10 01:42:29 | 000,108,860 | -H-- | C] () -- C:\Users\rai\Documents\das richtige Bild.jpg
[2011/06/10 01:31:36 | 000,114,443 | -H-- | C] () -- C:\Users\rai\Documents\Eine Zugfahrt die ist... nun ja anders !.jpg
[2011/06/10 01:26:54 | 000,077,035 | -H-- | C] () -- C:\Users\rai\Documents\249272_10150608301755858_758305857_18923591_5096154_n.jpg
[2011/06/10 01:22:24 | 000,090,121 | -H-- | C] () -- C:\Users\rai\Documents\251702_172001396193189_100001499904249_452483_4061762_n - Kopie (2).jpg
[2011/06/10 00:08:14 | 000,116,373 | -H-- | C] () -- C:\Users\rai\Documents\246663_171998719526790_100001499904249_452418_6352249_n.jpg
[2011/06/10 00:07:18 | 000,150,556 | -H-- | C] () -- C:\Users\rai\Documents\253500_171998642860131_100001499904249_452413_2636837_n.jpg
[2011/06/10 00:07:02 | 000,092,886 | -H-- | C] () -- C:\Users\rai\Documents\248993_171998486193480_100001499904249_452410_4837368_n.jpg
[2011/06/10 00:06:13 | 000,096,233 | -H-- | C] () -- C:\Users\rai\Documents\253822_171998412860154_100001499904249_452408_7346243_n.jpg
[2011/06/09 23:58:38 | 000,101,341 | -H-- | C] () -- C:\Users\rai\Documents\248915_171996939526968_100001499904249_452364_1974396_n.jpg
[2011/06/09 23:58:32 | 000,095,441 | -H-- | C] () -- C:\Users\rai\Documents\253862_171996886193640_100001499904249_452363_7360527_n.jpg
[2011/06/09 23:58:25 | 000,149,923 | -H-- | C] () -- C:\Users\rai\Documents\254551_171996819526980_100001499904249_452362_3463874_n.jpg
[2011/06/09 23:58:18 | 000,135,691 | -H-- | C] () -- C:\Users\rai\Documents\248413_171996786193650_100001499904249_452361_6024836_n.jpg
[2011/06/09 23:58:10 | 000,143,779 | -H-- | C] () -- C:\Users\rai\Documents\251255_171996749526987_100001499904249_452360_3782341_n.jpg
[2011/06/09 23:58:02 | 000,143,814 | -H-- | C] () -- C:\Users\rai\Documents\251675_171996726193656_100001499904249_452359_4176518_n.jpg
[2011/06/09 23:57:51 | 000,081,088 | -H-- | C] () -- C:\Users\rai\Documents\254150_171996676193661_100001499904249_452358_4447810_n.jpg
[2011/06/09 23:57:32 | 000,079,762 | -H-- | C] () -- C:\Users\rai\Documents\247353_171996616193667_100001499904249_452357_4628715_n.jpg
[2011/06/09 23:57:24 | 000,083,753 | -H-- | C] () -- C:\Users\rai\Documents\249543_171996589527003_100001499904249_452356_6543620_n.jpg
[2011/06/09 23:57:15 | 000,076,384 | -H-- | C] () -- C:\Users\rai\Documents\246922_171996566193672_100001499904249_452355_8238187_n.jpg
[2011/06/09 23:57:06 | 000,098,462 | -H-- | C] () -- C:\Users\rai\Documents\246643_171996532860342_100001499904249_452353_3318879_n.jpg
[2011/06/09 23:56:51 | 000,097,657 | -H-- | C] () -- C:\Users\rai\Documents\247073_171996479527014_100001499904249_452352_7212322_n.jpg
[2011/06/09 23:56:36 | 000,097,691 | -H-- | C] () -- C:\Users\rai\Documents\247036_171996362860359_100001499904249_452346_5911126_n.jpg
[2011/06/09 22:02:19 | 000,000,000 | -H-- | C] () -- C:\Users\rai\AppData\Local\{200A499A-232A-4DF1-8944-5C2B6A118F1A}
[2011/06/06 23:32:13 | 000,017,817 | -H-- | C] () -- C:\Users\rai\Documents\Deepika - Kopie - Kopie (2) - Kopie - Kopie - Kopie.jpg
[2011/06/06 21:21:01 | 000,118,185 | -H-- | C] () -- C:\Users\rai\Documents\Szene-Kurs.pdf
[2011/06/06 20:05:55 | 005,992,658 | -H-- | C] () -- C:\Users\rai\Documents\SAM_1353.JPG
[2011/06/05 20:55:08 | 003,615,892 | -H-- | C] () -- C:\Users\rai\Documents\OST_Hanna_-_Container_Park_Chemical_Bros__.mp3
[2011/06/05 15:29:02 | 000,055,928 | -H-- | C] () -- C:\Users\rai\Documents\7034_133327803817_554748817_2397083_2833397_n.jpg
[2011/06/05 15:28:40 | 000,010,965 | -H-- | C] () -- C:\Users\rai\Documents\165762_1526534278637_1093067663_31116999_6904840_n.jpg
[2011/06/05 15:26:10 | 000,075,685 | -H-- | C] () -- C:\Users\rai\Documents\68205_1526538678747_1093067663_31117010_8271306_n - Kopie.jpg
[2011/06/05 15:25:30 | 000,022,663 | -H-- | C] () -- C:\Users\rai\Documents\68205_1526538678747_1093067663_31117010_8271306_n.jpg
[2011/06/05 15:21:34 | 000,014,164 | -H-- | C] () -- C:\Users\rai\Documents\181995_33411753817_554748817_929269_7884239_n.jpg
[2011/06/05 14:21:03 | 000,039,869 | -H-- | C] () -- C:\Users\rai\Documents\168454_1549005760410_1093067663_31168755_5488634_n.jpg
[2011/06/05 14:19:28 | 000,064,885 | -H-- | C] () -- C:\Users\rai\Documents\164352_1549000080268_1093067663_31168721_2091760_n.jpg
[2011/06/05 14:15:29 | 000,040,514 | -H-- | C] () -- C:\Users\rai\Documents\65486_1526526238436_1093067663_31116966_5286005_n.jpg
[2011/06/05 14:12:30 | 000,086,479 | -H-- | C] () -- C:\Users\rai\Documents\26297_1237541133989_1093067663_30543810_7979447_n.jpg
[2011/06/05 11:06:44 | 000,000,000 | -H-- | C] () -- C:\Users\rai\AppData\Local\{8E9E6EE2-D327-42BA-86FA-6F07DCEAAA08}
[2011/05/31 15:23:11 | 000,000,000 | -H-- | C] () -- C:\Users\rai\AppData\Local\{4914D555-91E9-4333-81B6-E4C858D598C4}
[2011/05/29 12:44:29 | 000,000,011 | -H-- | C] () -- C:\Users\rai\AppData\Roaming\urhtps.dat
[2011/05/26 13:15:27 | 000,000,000 | -H-- | C] () -- C:\Users\rai\AppData\Roaming\.NANotifyHere
[2011/05/19 16:00:17 | 000,000,724 | ---- | C] () -- C:\windows\wacam.ini
[2011/05/19 16:00:16 | 000,169,720 | ---- | C] () -- C:\windows\System32\MMPlugHostCtrl.dll
[2011/05/05 15:29:12 | 000,000,000 | -H-- | C] () -- C:\Users\rai\AppData\Local\{63A774A9-58AA-419B-BF0C-971ABC1EA064}
[2011/05/01 16:33:24 | 000,000,000 | -H-- | C] () -- C:\Users\rai\AppData\Local\{A8380BC7-4C4D-4AEB-9A1C-C49BE66755BC}
[2010/12/14 00:06:48 | 000,000,235 | -H-- | C] () -- C:\Users\rai\AppData\Roaming\devices.xml
[2010/12/14 00:06:48 | 000,000,012 | -H-- | C] () -- C:\Users\rai\AppData\Roaming\settings.xml
[2010/12/13 23:51:38 | 000,020,458 | ---- | C] () -- C:\windows\hpoins01.dat.temp
[2010/12/13 23:51:38 | 000,016,622 | ---- | C] () -- C:\windows\hpomdl01.dat.temp
[2010/10/13 10:09:40 | 000,000,812 | ---- | C] () -- C:\windows\System32\drivers\scdskr01.dat
[2010/10/13 10:09:40 | 000,000,541 | ---- | C] () -- C:\windows\System32\drivers\scdhkr01.dat
[2010/10/13 10:09:40 | 000,000,500 | ---- | C] () -- C:\windows\System32\drivers\RSTable.dat
[2010/10/13 10:09:40 | 000,000,036 | ---- | C] () -- C:\windows\System32\drivers\scdstr01.dat
[2010/09/17 18:37:50 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll
[2010/09/17 18:37:50 | 000,036,608 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys
[2010/09/17 18:37:42 | 000,002,528 | -H-- | C] () -- C:\Users\rai\AppData\Roaming\$_hpcst$.hpc
[2010/09/15 14:19:07 | 000,016,622 | ---- | C] () -- C:\windows\hpomdl01.dat
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
[2010/08/18 17:53:31 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/08/18 17:38:22 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/12/05 22:22:03 | 002,285,048 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/12/05 22:22:03 | 000,650,156 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/12/05 22:22:03 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/12/05 22:22:03 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/12/05 22:01:49 | 000,004,608 | ---- | C] () -- C:\windows\System32\HdmiCoin.dll
[2009/12/05 22:01:47 | 000,134,592 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/12/05 05:17:31 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,350,312 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 001,131,250 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,576,210 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/05/01 16:24:14 | 000,000,184 | ---- | C] () -- C:\windows\System32\drivers\osdauth.dat
[2009/05/01 15:41:06 | 000,000,020 | ---- | C] () -- C:\windows\System32\drivers\OSDSig.dat
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\windows\System32\drivers\StarOpen.sys
[2003/04/06 06:33:26 | 000,020,458 | ---- | C] () -- C:\windows\hpoins01.dat
 
========== LOP Check ==========
 
[2011/06/16 07:35:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Audacity
[2011/01/31 17:02:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/05/28 20:07:22 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\kock
[2010/09/17 18:59:43 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\PC Suite
[2011/06/16 07:33:59 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Samsung
[2011/06/16 07:35:44 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Thunderbird
[2011/05/26 14:34:14 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\TuneUp Software
[2011/06/22 14:36:00 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Wuyco
[2011/05/28 20:07:23 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\xmldm
[2011/06/28 19:23:29 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Ysymyp
[2011/07/04 15:20:59 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/06/16 07:35:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Adobe
[2010/12/26 13:23:33 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Apple Computer
[2011/06/16 07:35:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Audacity
[2010/09/17 20:00:38 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Avira
[2011/05/19 00:34:42 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\CyberLink
[2011/05/06 01:19:26 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\DivX
[2011/01/31 17:02:41 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/09/12 14:07:05 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Google
[2010/12/14 00:23:17 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Hewlett-Packard
[2010/12/23 15:41:14 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\HpUpdate
[2010/08/18 17:55:13 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Identities
[2011/05/28 20:07:22 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\kock
[2010/09/12 14:08:04 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Macromedia
[2011/06/28 17:31:34 | 000,000,000 | ---D | M] -- C:\Users\rai\AppData\Roaming\Malwarebytes
[2009/12/05 22:11:14 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Media Center Programs
[2011/06/16 07:35:41 | 000,000,000 | --SD | M] -- C:\Users\rai\AppData\Roaming\Microsoft
[2011/06/16 07:33:56 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Mozilla
[2011/05/26 13:16:17 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Nero
[2010/09/17 18:59:43 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\PC Suite
[2011/06/16 07:35:44 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Real
[2011/06/16 07:33:59 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Samsung
[2011/06/16 07:35:44 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Thunderbird
[2011/05/26 14:34:14 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\TuneUp Software
[2011/06/22 14:36:00 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Wuyco
[2011/05/28 20:07:23 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\xmldm
[2011/06/28 19:23:29 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Ysymyp
 
< %APPDATA%\*.exe /s >
[2010/09/17 18:54:12 | 089,280,248 | -H-- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\rai\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
[2010/11/19 15:03:57 | 142,480,808 | -H-- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\rai\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_Full_Update_NPS2_10064_2.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007/05/17 14:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2009/10/13 04:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/10/13 04:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\drivers\iaStor.sys
[2009/10/13 04:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_3f3653f13a033ed4\iaStor.sys
[2009/10/13 04:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< End of report >
--- --- ---

cosinus 04.07.2011 15:33
Mach nochmal einen OTL-Fix, ein paar Elemente hab ich bei der Vielzahl übersehen, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
[2011/05/28 20:07:22 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\kock
[2011/06/22 14:36:00 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Wuyco
[2011/05/28 20:07:23 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\xmldm
[2011/06/28 19:23:29 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Ysymyp
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

germany25 04.07.2011 16:28
Hier ist das Log:

========== OTL ==========
C:\Users\rai\AppData\Roaming\kock folder moved successfully.
C:\Users\rai\AppData\Roaming\Wuyco folder moved successfully.
C:\Users\rai\AppData\Roaming\xmldm folder moved successfully.
C:\Users\rai\AppData\Roaming\Ysymyp folder moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.25.0 log created on 07042011_172534

cosinus 04.07.2011 19:34
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

germany25 04.07.2011 19:56
Ich habe diesen Tool ausgeführt. Hier ist der Report:

2011/07/04 20:49:50.0023 1872 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/04 20:49:50.0275 1872 ================================================================================
2011/07/04 20:49:50.0275 1872 SystemInfo:
2011/07/04 20:49:50.0275 1872
2011/07/04 20:49:50.0275 1872 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/04 20:49:50.0275 1872 Product type: Workstation
2011/07/04 20:49:50.0275 1872 ComputerName: RAI-PC
2011/07/04 20:49:50.0275 1872 UserName: rai
2011/07/04 20:49:50.0276 1872 Windows directory: C:\windows
2011/07/04 20:49:50.0276 1872 System windows directory: C:\windows
2011/07/04 20:49:50.0276 1872 Processor architecture: Intel x86
2011/07/04 20:49:50.0276 1872 Number of processors: 2
2011/07/04 20:49:50.0276 1872 Page size: 0x1000
2011/07/04 20:49:50.0276 1872 Boot type: Normal boot
2011/07/04 20:49:50.0276 1872 ================================================================================
2011/07/04 20:49:50.0868 1872 Initialize success
2011/07/04 20:49:53.0244 2912 ================================================================================
2011/07/04 20:49:53.0245 2912 Scan started
2011/07/04 20:49:53.0245 2912 Mode: Manual;
2011/07/04 20:49:53.0245 2912 ================================================================================
2011/07/04 20:49:54.0368 2912 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/07/04 20:49:54.0457 2912 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/07/04 20:49:54.0520 2912 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/07/04 20:49:54.0593 2912 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/07/04 20:49:54.0655 2912 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/07/04 20:49:54.0686 2912 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/07/04 20:49:54.0814 2912 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
2011/07/04 20:49:54.0856 2912 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/07/04 20:49:54.0929 2912 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/07/04 20:49:54.0978 2912 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/07/04 20:49:55.0013 2912 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/07/04 20:49:55.0058 2912 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/07/04 20:49:55.0129 2912 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/07/04 20:49:55.0179 2912 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/07/04 20:49:55.0234 2912 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
2011/07/04 20:49:55.0277 2912 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/07/04 20:49:55.0334 2912 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
2011/07/04 20:49:55.0441 2912 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/07/04 20:49:55.0512 2912 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/07/04 20:49:55.0544 2912 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/07/04 20:49:55.0597 2912 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/07/04 20:49:55.0641 2912 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/07/04 20:49:55.0718 2912 athr (0f4b6b99d6cdc1d93df1fa690796b2f7) C:\windows\system32\DRIVERS\athr.sys
2011/07/04 20:49:55.0791 2912 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\windows\system32\DRIVERS\avgntflt.sys
2011/07/04 20:49:55.0846 2912 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\windows\system32\DRIVERS\avipbb.sys
2011/07/04 20:49:55.0930 2912 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/07/04 20:49:55.0992 2912 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/07/04 20:49:56.0047 2912 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/07/04 20:49:56.0097 2912 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/07/04 20:49:56.0152 2912 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
2011/07/04 20:49:56.0184 2912 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/07/04 20:49:56.0234 2912 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/07/04 20:49:56.0272 2912 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/07/04 20:49:56.0301 2912 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/07/04 20:49:56.0329 2912 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/07/04 20:49:56.0355 2912 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/07/04 20:49:56.0382 2912 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/07/04 20:49:56.0433 2912 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/07/04 20:49:56.0509 2912 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/07/04 20:49:56.0559 2912 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/07/04 20:49:56.0602 2912 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/07/04 20:49:56.0655 2912 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/07/04 20:49:56.0681 2912 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/07/04 20:49:56.0727 2912 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/07/04 20:49:56.0777 2912 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/07/04 20:49:56.0840 2912 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/07/04 20:49:56.0887 2912 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/07/04 20:49:56.0950 2912 CryptOSD (c914d18ab66b132e9c73f19f8f805f1f) C:\windows\system32\DRIVERS\CryptOSD.sys
2011/07/04 20:49:57.0024 2912 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
2011/07/04 20:49:57.0064 2912 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/07/04 20:49:57.0103 2912 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/07/04 20:49:57.0168 2912 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/07/04 20:49:57.0222 2912 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
2011/07/04 20:49:57.0355 2912 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/07/04 20:49:57.0538 2912 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/07/04 20:49:57.0584 2912 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/07/04 20:49:57.0645 2912 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/07/04 20:49:57.0688 2912 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/07/04 20:49:57.0733 2912 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/07/04 20:49:57.0862 2912 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/07/04 20:49:57.0891 2912 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/07/04 20:49:57.0917 2912 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/07/04 20:49:57.0958 2912 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/07/04 20:49:58.0030 2912 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/07/04 20:49:58.0102 2912 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
2011/07/04 20:49:58.0158 2912 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\windows\system32\FsUsbExDisk.SYS
2011/07/04 20:49:58.0203 2912 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/07/04 20:49:58.0265 2912 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2011/07/04 20:49:58.0328 2912 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/07/04 20:49:58.0402 2912 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/04 20:49:58.0443 2912 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/07/04 20:49:58.0496 2912 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/07/04 20:49:58.0550 2912 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/07/04 20:49:58.0589 2912 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/07/04 20:49:58.0619 2912 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/07/04 20:49:58.0684 2912 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/07/04 20:49:58.0731 2912 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/07/04 20:49:58.0772 2912 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/07/04 20:49:58.0825 2912 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\windows\system32\DRIVERS\HPZid412.sys
2011/07/04 20:49:58.0877 2912 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\windows\system32\DRIVERS\HPZipr12.sys
2011/07/04 20:49:58.0916 2912 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\windows\system32\DRIVERS\HPZius12.sys
2011/07/04 20:49:58.0972 2912 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/07/04 20:49:59.0005 2912 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/07/04 20:49:59.0047 2912 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/07/04 20:49:59.0119 2912 iaStor (0baa4115dfffd6a6d809a89d65e1281a) C:\windows\system32\DRIVERS\iaStor.sys
2011/07/04 20:49:59.0189 2912 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
2011/07/04 20:49:59.0426 2912 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/07/04 20:49:59.0703 2912 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/07/04 20:49:59.0847 2912 IntcAzAudAddService (3202e26501e5e18c35dc2cc74709a704) C:\windows\system32\drivers\RTKVHDA.sys
2011/07/04 20:50:00.0007 2912 IntcHdmiAddService (264632ade8127b7baa2190cf6fad435b) C:\windows\system32\drivers\IntcHdmi.sys
2011/07/04 20:50:00.0067 2912 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/07/04 20:50:00.0119 2912 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/07/04 20:50:00.0186 2912 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/07/04 20:50:00.0238 2912 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/07/04 20:50:00.0289 2912 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/07/04 20:50:00.0377 2912 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/07/04 20:50:00.0414 2912 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/07/04 20:50:00.0451 2912 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/07/04 20:50:00.0503 2912 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/07/04 20:50:00.0563 2912 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/07/04 20:50:00.0603 2912 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/07/04 20:50:00.0652 2912 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/07/04 20:50:00.0728 2912 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/07/04 20:50:00.0799 2912 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/07/04 20:50:00.0848 2912 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/07/04 20:50:00.0882 2912 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/07/04 20:50:00.0917 2912 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/07/04 20:50:00.0963 2912 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/07/04 20:50:01.0080 2912 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\windows\system32\drivers\mbamswissarmy.sys
2011/07/04 20:50:01.0159 2912 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/07/04 20:50:01.0207 2912 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/07/04 20:50:01.0250 2912 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/07/04 20:50:01.0297 2912 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/07/04 20:50:01.0352 2912 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/07/04 20:50:01.0398 2912 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/07/04 20:50:01.0429 2912 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/07/04 20:50:01.0448 2912 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/07/04 20:50:01.0499 2912 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/07/04 20:50:01.0544 2912 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/07/04 20:50:01.0606 2912 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/07/04 20:50:01.0653 2912 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/07/04 20:50:01.0695 2912 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/07/04 20:50:01.0740 2912 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/07/04 20:50:01.0774 2912 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/07/04 20:50:01.0831 2912 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/07/04 20:50:01.0865 2912 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/07/04 20:50:01.0894 2912 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/07/04 20:50:01.0954 2912 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/07/04 20:50:01.0989 2912 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/07/04 20:50:02.0020 2912 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/07/04 20:50:02.0061 2912 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/07/04 20:50:02.0098 2912 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/07/04 20:50:02.0137 2912 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/07/04 20:50:02.0164 2912 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/07/04 20:50:02.0205 2912 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/07/04 20:50:02.0292 2912 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/07/04 20:50:02.0394 2912 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/07/04 20:50:02.0428 2912 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/07/04 20:50:02.0490 2912 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/07/04 20:50:02.0534 2912 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/07/04 20:50:02.0562 2912 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/07/04 20:50:02.0601 2912 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/07/04 20:50:02.0630 2912 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/07/04 20:50:02.0666 2912 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/07/04 20:50:02.0740 2912 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/07/04 20:50:02.0784 2912 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/07/04 20:50:02.0817 2912 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/07/04 20:50:02.0886 2912 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
2011/07/04 20:50:02.0950 2912 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/07/04 20:50:02.0994 2912 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
2011/07/04 20:50:03.0047 2912 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
2011/07/04 20:50:03.0086 2912 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/07/04 20:50:03.0132 2912 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/07/04 20:50:03.0192 2912 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/07/04 20:50:03.0222 2912 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/07/04 20:50:03.0259 2912 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/07/04 20:50:03.0348 2912 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/07/04 20:50:03.0386 2912 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/07/04 20:50:03.0417 2912 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/07/04 20:50:03.0458 2912 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/07/04 20:50:03.0520 2912 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/07/04 20:50:03.0656 2912 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/07/04 20:50:03.0677 2912 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/07/04 20:50:03.0722 2912 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/07/04 20:50:03.0773 2912 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/07/04 20:50:03.0817 2912 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/07/04 20:50:03.0857 2912 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/07/04 20:50:03.0889 2912 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/07/04 20:50:03.0952 2912 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/07/04 20:50:03.0989 2912 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/07/04 20:50:04.0040 2912 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/07/04 20:50:04.0092 2912 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/07/04 20:50:04.0143 2912 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/07/04 20:50:04.0185 2912 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/07/04 20:50:04.0218 2912 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/07/04 20:50:04.0260 2912 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/07/04 20:50:04.0283 2912 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/07/04 20:50:04.0324 2912 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/07/04 20:50:04.0383 2912 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/07/04 20:50:04.0471 2912 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/07/04 20:50:04.0507 2912 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/07/04 20:50:04.0565 2912 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
2011/07/04 20:50:04.0612 2912 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/07/04 20:50:04.0654 2912 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/07/04 20:50:04.0721 2912 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/07/04 20:50:04.0792 2912 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/07/04 20:50:04.0844 2912 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/07/04 20:50:04.0888 2912 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/07/04 20:50:04.0953 2912 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2011/07/04 20:50:04.0990 2912 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/07/04 20:50:05.0009 2912 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/07/04 20:50:05.0042 2912 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/07/04 20:50:05.0084 2912 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/07/04 20:50:05.0141 2912 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/07/04 20:50:05.0174 2912 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/07/04 20:50:05.0209 2912 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/07/04 20:50:05.0266 2912 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/07/04 20:50:05.0353 2912 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
2011/07/04 20:50:05.0409 2912 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
2011/07/04 20:50:05.0449 2912 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
2011/07/04 20:50:05.0499 2912 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\windows\system32\DRIVERS\sscdbus.sys
2011/07/04 20:50:05.0550 2912 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\windows\system32\DRIVERS\sscdmdfl.sys
2011/07/04 20:50:05.0574 2912 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\windows\system32\DRIVERS\sscdmdm.sys
2011/07/04 20:50:05.0634 2912 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
2011/07/04 20:50:05.0678 2912 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\windows\system32\DRIVERS\ss_bbus.sys
2011/07/04 20:50:05.0713 2912 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\windows\system32\DRIVERS\ss_bmdfl.sys
2011/07/04 20:50:05.0752 2912 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\windows\system32\DRIVERS\ss_bmdm.sys
2011/07/04 20:50:05.0811 2912 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/07/04 20:50:05.0862 2912 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/07/04 20:50:05.0935 2912 SynTP (215a45246c6e2d0a9c263ce1786c8d8a) C:\windows\system32\DRIVERS\SynTP.sys
2011/07/04 20:50:06.0038 2912 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\windows\system32\drivers\tcpip.sys
2011/07/04 20:50:06.0109 2912 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\windows\system32\DRIVERS\tcpip.sys
2011/07/04 20:50:06.0172 2912 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/07/04 20:50:06.0217 2912 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/07/04 20:50:06.0252 2912 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/07/04 20:50:06.0280 2912 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/07/04 20:50:06.0308 2912 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/07/04 20:50:06.0386 2912 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/07/04 20:50:06.0515 2912 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
2011/07/04 20:50:06.0564 2912 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/07/04 20:50:06.0604 2912 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/07/04 20:50:06.0662 2912 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\windows\system32\DRIVERS\udfs.sys
2011/07/04 20:50:06.0721 2912 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/07/04 20:50:06.0764 2912 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/07/04 20:50:06.0802 2912 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/07/04 20:50:06.0876 2912 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\windows\system32\Drivers\usbaapl.sys
2011/07/04 20:50:06.0936 2912 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\windows\system32\drivers\usbaudio.sys
2011/07/04 20:50:06.0984 2912 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\DRIVERS\usbccgp.sys
2011/07/04 20:50:07.0027 2912 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/07/04 20:50:07.0071 2912 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\DRIVERS\usbehci.sys
2011/07/04 20:50:07.0137 2912 usbhub (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
2011/07/04 20:50:07.0190 2912 usbohci (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys
2011/07/04 20:50:07.0240 2912 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/07/04 20:50:07.0290 2912 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
2011/07/04 20:50:07.0324 2912 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/07/04 20:50:07.0373 2912 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\DRIVERS\usbuhci.sys
2011/07/04 20:50:07.0452 2912 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
2011/07/04 20:50:07.0572 2912 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/07/04 20:50:07.0611 2912 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/07/04 20:50:07.0646 2912 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/07/04 20:50:07.0680 2912 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/07/04 20:50:07.0714 2912 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/07/04 20:50:07.0739 2912 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/07/04 20:50:07.0762 2912 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/07/04 20:50:07.0802 2912 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/07/04 20:50:07.0836 2912 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/07/04 20:50:07.0864 2912 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2011/07/04 20:50:07.0916 2912 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/07/04 20:50:07.0962 2912 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/07/04 20:50:08.0006 2912 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/07/04 20:50:08.0051 2912 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/07/04 20:50:08.0098 2912 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/07/04 20:50:08.0119 2912 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/07/04 20:50:08.0199 2912 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/07/04 20:50:08.0240 2912 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/07/04 20:50:08.0330 2912 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/07/04 20:50:08.0382 2912 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/07/04 20:50:08.0481 2912 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
2011/07/04 20:50:08.0538 2912 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/07/04 20:50:08.0608 2912 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/07/04 20:50:08.0673 2912 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/07/04 20:50:08.0717 2912 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/07/04 20:50:08.0808 2912 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
2011/07/04 20:50:08.0870 2912 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
2011/07/04 20:50:09.0100 2912 Boot (0x1200) (637be9c1deaf06a8e9c2e5089d1fc835) \Device\Harddisk0\DR0\Partition0
2011/07/04 20:50:09.0129 2912 Boot (0x1200) (63f2e75680beb7f9a897a49a82b0b510) \Device\Harddisk0\DR0\Partition1
2011/07/04 20:50:09.0163 2912 Boot (0x1200) (1fe05ceacc35091abb6084baefc9ed97) \Device\Harddisk0\DR0\Partition2
2011/07/04 20:50:09.0170 2912 ================================================================================
2011/07/04 20:50:09.0170 2912 Scan finished
2011/07/04 20:50:09.0170 2912 ================================================================================
2011/07/04 20:50:09.0187 2100 Detected object count: 0
2011/07/04 20:50:09.0187 2100 Actual detected object count: 0



Ich kann zwar auf meine Dokumente zugreifen, allerdings sind sie transparent (also versteckt). Sollte ich dann das Programm unhide anwenden?

cosinus 04.07.2011 20:04
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

germany25 04.07.2011 20:57
Ich habe nach Anweisung combofix benutzt und hier ist das Log:
Combofix Logfile:
Code:
ComboFix 11-07-03.04 - rai 04.07.2011  21:23:28.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.2009.1356 [GMT 2:00]
ausgeführt von:: c:\users\rai\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\judhfkashfi
c:\judhfkashfi\config.bin
c:\programdata\FullRemove.exe
c:\users\rai\AppData\Local\{39A08BE0-F3F7-4366-B319-8CCAD7DB14CC}
c:\users\rai\AppData\Local\{39A08BE0-F3F7-4366-B319-8CCAD7DB14CC}\chrome.manifest
c:\users\rai\AppData\Local\{39A08BE0-F3F7-4366-B319-8CCAD7DB14CC}\chrome\content\_cfg.js
c:\users\rai\AppData\Local\{39A08BE0-F3F7-4366-B319-8CCAD7DB14CC}\chrome\content\overlay.xul
c:\users\rai\AppData\Local\{39A08BE0-F3F7-4366-B319-8CCAD7DB14CC}\install.rdf
c:\users\rai\AppData\Local\{3D0C7973-41D2-464F-85E6-FF11CBDF5673}
c:\users\rai\AppData\Local\{3D0C7973-41D2-464F-85E6-FF11CBDF5673}\chrome\content\overlay.xul
c:\users\rai\AppData\Local\{3D0C7973-41D2-464F-85E6-FF11CBDF5673}\install.rdf
c:\users\rai\AppData\Roaming\Adobe\plugs
c:\users\rai\AppData\Roaming\Adobe\shed
C:\Washer2.rar
c:\washer2.rar\951A317ADAC0DC6
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-06-04 bis 2011-07-04  ))))))))))))))))))))))))))))))
.
.
2011-07-04 19:30 . 2011-07-04 19:31        --------        d-----w-        c:\users\rai\AppData\Local\temp
2011-07-04 19:30 . 2011-07-04 19:30        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-07-04 12:54 . 2011-07-04 12:54        --------        d-----w-        C:\_OTL
2011-07-04 09:51 . 2011-07-04 09:51        0        ----a-w-        c:\windows\system32\ConduitEngine.tmp
2011-07-01 09:08 . 2011-06-20 06:57        7074640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{17AB8BC6-7F8E-4508-82D3-5340FC5E79BA}\mpengine.dll
2011-06-29 09:15 . 2011-05-24 10:35        294912        ----a-w-        c:\windows\system32\umpnpmgr.dll
2011-06-29 09:15 . 2011-05-04 04:53        1553920        ----a-w-        c:\windows\system32\tquery.dll
2011-06-29 09:15 . 2011-05-04 04:52        1401856        ----a-w-        c:\windows\system32\mssrch.dll
2011-06-29 09:15 . 2011-05-04 04:52        666624        ----a-w-        c:\windows\system32\mssvp.dll
2011-06-29 09:15 . 2011-05-04 04:52        59392        ----a-w-        c:\windows\system32\msscntrs.dll
2011-06-29 09:15 . 2011-05-04 04:52        337408        ----a-w-        c:\windows\system32\mssph.dll
2011-06-29 09:15 . 2011-05-04 04:52        197120        ----a-w-        c:\windows\system32\mssphtb.dll
2011-06-29 09:15 . 2011-05-04 04:52        86528        ----a-w-        c:\windows\system32\SearchFilterHost.exe
2011-06-29 09:15 . 2011-05-04 04:52        428032        ----a-w-        c:\windows\system32\SearchIndexer.exe
2011-06-29 09:15 . 2011-05-04 04:52        164352        ----a-w-        c:\windows\system32\SearchProtocolHost.exe
2011-06-28 15:31 . 2011-06-28 15:31        --------        d-----w-        c:\users\rai\AppData\Roaming\Malwarebytes
2011-06-28 15:31 . 2011-05-29 07:11        39984        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-28 15:31 . 2011-06-28 15:31        --------        d-----w-        c:\programdata\Malwarebytes
2011-06-28 15:31 . 2011-06-28 15:31        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-06-28 15:31 . 2011-05-29 07:11        22712        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-06-25 08:02 . 2011-06-25 08:02        0        ---ha-w-        c:\users\rai\AppData\Local\BIT3727.tmp
2011-06-25 07:30 . 2011-06-25 07:30        2106216        ----a-w-        c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-25 07:30 . 2011-06-25 07:30        1998168        ----a-w-        c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-23 22:07 . 2006-02-26 07:10        176128        ----a-w-        c:\windows\system32\libcurl.dll
2011-06-23 22:07 . 2006-02-26 05:53        200704        ----a-w-        c:\windows\system32\ssleay32.dll
2011-06-23 22:07 . 2006-02-26 05:52        1064960        ----a-w-        c:\windows\system32\libeay32.dll
2011-06-23 22:07 . 2006-02-26 04:46        73728        ----a-w-        c:\windows\system32\zlib1.dll
2011-06-20 17:18 . 2011-06-20 17:18        172032        ----a-w-        c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\nixut.exe
2011-06-20 09:45 . 2011-06-20 09:45        --------        d-----w-        c:\windows\Sun
2011-06-15 12:22 . 2011-04-29 02:57        311296        ----a-w-        c:\windows\system32\drivers\srv.sys
2011-06-15 12:22 . 2011-04-29 02:57        309760        ----a-w-        c:\windows\system32\drivers\srv2.sys
2011-06-15 12:22 . 2011-04-29 02:57        114176        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2011-06-15 12:22 . 2011-04-25 04:56        1286016        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2011-06-15 12:22 . 2011-04-25 02:35        338944        ----a-w-        c:\windows\system32\drivers\afd.sys
2011-06-15 12:22 . 2010-12-18 05:31        571904        ----a-w-        c:\windows\system32\oleaut32.dll
2011-06-15 12:20 . 2011-05-03 04:50        740864        ----a-w-        c:\windows\system32\inetcomm.dll
2011-06-15 12:20 . 2011-04-27 02:33        78336        ----a-w-        c:\windows\system32\drivers\dfsc.sys
2011-06-15 10:00 . 2011-04-29 05:08        759296        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-15 09:59 . 2011-01-17 05:38        161792        ----a-w-        c:\windows\system32\d3d10_1.dll
2011-06-15 09:59 . 2011-05-04 02:43        222720        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 09:59 . 2011-05-04 02:43        96256        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 09:59 . 2011-05-04 02:43        123392        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-06-09 20:02 . 2011-06-09 20:02        0        ---ha-w-        c:\users\rai\AppData\Local\BIT88E2.tmp
2011-06-05 09:08 . 2011-06-05 09:08        0        ---ha-w-        c:\users\rai\AppData\Local\BIT2F4A.tmp
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-28 18:07 . 2011-05-28 18:07        112        ---ha-w-        c:\users\rai\AppData\Roaming\srvblck2.tmp
2011-05-24 17:14 . 2010-09-17 17:59        222080        ------w-        c:\windows\system32\MpSigStub.exe
2011-05-19 14:00 . 2011-05-19 14:00        724        ----a-w-        c:\windows\wacam.TMP
2011-05-19 14:00 . 2011-05-19 14:00        1409        ----a-w-        c:\windows\Fonts\SToccata.fot
2011-05-05 13:29 . 2011-05-05 13:29        0        ---ha-w-        c:\users\rai\AppData\Local\BIT9B58.tmp
2011-04-22 19:36 . 2011-05-25 20:14        26496        ----a-w-        c:\windows\system32\drivers\Diskdump.sys
2011-04-22 17:04 . 2010-09-12 12:46        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-04-09 06:13 . 2011-05-11 10:01        3957632        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 10:01        3901824        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-26 09:59        123904        ----a-w-        c:\windows\system32\poqexec.exe
2011-06-25 07:30 . 2011-05-11 15:03        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-09-17 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-21 8092192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"APLangApp"="c:\program files\AnyPC Client\APLangApp.exe" [2009-10-20 13312]
"fsi"="c:\program files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe" [2009-09-09 9728]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-10 281768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
c:\users\rai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
nixut.exe [2011-6-20 172032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" -osboot
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-25 136360]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-05-01 384896]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=15421
IE: Free YouTube Download - c:\users\rai\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: hotmail.com
Trusted Zone: live.com
Trusted Zone: msn.com
Trusted Zone: passport.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\rai\AppData\Roaming\Mozilla\Firefox\Profiles\8bhp6291.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{76aeea42-e04a-4b62-83ab-df4b2be2541e} - (no file)
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fe0af0a0]
"imagepath"="\??\c:\windows\TEMP\272F.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-07-04  21:37:12
ComboFix-quarantined-files.txt  2011-07-04 19:37
.
Vor Suchlauf: 6 Verzeichnis(se), 32.963.964.928 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 33.324.097.536 Bytes frei
.
- - End Of File - - EB82136E3B0D859B946CD9BE34C0A8EA
--- --- ---

cosinus 04.07.2011 21:10
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
File::
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nixut.exe
c:\windows\system32\ConduitEngine.tmp
c:\users\rai\AppData\Roaming\srvblck2.tmp
c:\users\rai\AppData\Local\BIT9B58.tmp
c:\users\rai\AppData\Local\BIT3727.tmp
c:\windows\TEMP\272F.tmp

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\services\fe0af0a0]
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

germany25 05.07.2011 17:08
Ich habe versucht das so durchzuführen, wie oben beschrieben. Allerdings ist der Laptop dabei abgestürzt.
Bevor ich es nochmals durchführe, wollte ich sichergehen, ob ich es nochmal machen sollte oder nicht.

cosinus 06.07.2011 08:42
Ja bitte nochmal probieren. Genau die Anleitung umsetzen.

germany25 06.07.2011 11:09
Dieses Mal hats geklappt.
Hier ist die Log-Datei:
Combofix Logfile:
Code:
ComboFix 11-07-06.01 - rai 06.07.2011  11:56:31.3.2 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.2009.1251 [GMT 2:00]
ausgeführt von:: c:\users\rai\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\rai\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nixut.exe"
"c:\users\rai\AppData\Local\BIT3727.tmp"
"c:\users\rai\AppData\Local\BIT9B58.tmp"
"c:\users\rai\AppData\Roaming\srvblck2.tmp"
"c:\windows\system32\ConduitEngine.tmp"
"c:\windows\TEMP\272F.tmp"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\users\rai\AppData\Local\BIT3727.tmp
c:\users\rai\AppData\Local\BIT9B58.tmp
c:\users\rai\AppData\Roaming\srvblck2.tmp
c:\windows\system32\ConduitEngine.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-06-06 bis 2011-07-06  ))))))))))))))))))))))))))))))
.
.
2011-07-06 10:03 . 2011-07-06 10:03        --------        d-----w-        c:\users\rai\AppData\Local\temp
2011-07-06 10:03 . 2011-07-06 10:03        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-07-05 16:09 . 2011-06-20 06:57        7074640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0D1D95B-38DA-4997-9C67-34DA2AFF4E7E}\mpengine.dll
2011-07-04 12:54 . 2011-07-04 12:54        --------        d-----w-        C:\_OTL
2011-06-29 09:15 . 2011-05-24 10:35        294912        ----a-w-        c:\windows\system32\umpnpmgr.dll
2011-06-29 09:15 . 2011-05-04 04:53        1553920        ----a-w-        c:\windows\system32\tquery.dll
2011-06-29 09:15 . 2011-05-04 04:52        1401856        ----a-w-        c:\windows\system32\mssrch.dll
2011-06-29 09:15 . 2011-05-04 04:52        666624        ----a-w-        c:\windows\system32\mssvp.dll
2011-06-29 09:15 . 2011-05-04 04:52        59392        ----a-w-        c:\windows\system32\msscntrs.dll
2011-06-29 09:15 . 2011-05-04 04:52        337408        ----a-w-        c:\windows\system32\mssph.dll
2011-06-29 09:15 . 2011-05-04 04:52        197120        ----a-w-        c:\windows\system32\mssphtb.dll
2011-06-29 09:15 . 2011-05-04 04:52        86528        ----a-w-        c:\windows\system32\SearchFilterHost.exe
2011-06-29 09:15 . 2011-05-04 04:52        428032        ----a-w-        c:\windows\system32\SearchIndexer.exe
2011-06-29 09:15 . 2011-05-04 04:52        164352        ----a-w-        c:\windows\system32\SearchProtocolHost.exe
2011-06-28 15:31 . 2011-06-28 15:31        --------        d-----w-        c:\users\rai\AppData\Roaming\Malwarebytes
2011-06-28 15:31 . 2011-05-29 07:11        39984        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-28 15:31 . 2011-06-28 15:31        --------        d-----w-        c:\programdata\Malwarebytes
2011-06-28 15:31 . 2011-06-28 15:31        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-06-28 15:31 . 2011-05-29 07:11        22712        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-06-25 07:30 . 2011-06-25 07:30        2106216        ----a-w-        c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-25 07:30 . 2011-06-25 07:30        1998168        ----a-w-        c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-23 22:07 . 2006-02-26 07:10        176128        ----a-w-        c:\windows\system32\libcurl.dll
2011-06-23 22:07 . 2006-02-26 05:53        200704        ----a-w-        c:\windows\system32\ssleay32.dll
2011-06-23 22:07 . 2006-02-26 05:52        1064960        ----a-w-        c:\windows\system32\libeay32.dll
2011-06-23 22:07 . 2006-02-26 04:46        73728        ----a-w-        c:\windows\system32\zlib1.dll
2011-06-20 17:18 . 2011-06-20 17:18        172032        ----a-w-        c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\nixut.exe
2011-06-20 09:45 . 2011-06-20 09:45        --------        d-----w-        c:\windows\Sun
2011-06-15 12:22 . 2011-04-29 02:57        311296        ----a-w-        c:\windows\system32\drivers\srv.sys
2011-06-15 12:22 . 2011-04-29 02:57        309760        ----a-w-        c:\windows\system32\drivers\srv2.sys
2011-06-15 12:22 . 2011-04-29 02:57        114176        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2011-06-15 12:22 . 2011-04-25 04:56        1286016        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2011-06-15 12:22 . 2011-04-25 02:35        338944        ----a-w-        c:\windows\system32\drivers\afd.sys
2011-06-15 12:22 . 2010-12-18 05:31        571904        ----a-w-        c:\windows\system32\oleaut32.dll
2011-06-15 12:20 . 2011-05-03 04:50        740864        ----a-w-        c:\windows\system32\inetcomm.dll
2011-06-15 12:20 . 2011-04-27 02:33        78336        ----a-w-        c:\windows\system32\drivers\dfsc.sys
2011-06-15 10:00 . 2011-04-29 05:08        759296        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-15 09:59 . 2011-01-17 05:38        161792        ----a-w-        c:\windows\system32\d3d10_1.dll
2011-06-15 09:59 . 2011-05-04 02:43        222720        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 09:59 . 2011-05-04 02:43        96256        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 09:59 . 2011-05-04 02:43        123392        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-06-09 20:02 . 2011-06-09 20:02        0        ----a-w-        c:\users\rai\AppData\Local\BIT88E2.tmp
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-05 09:08 . 2011-06-05 09:08        0        ----a-w-        c:\users\rai\AppData\Local\BIT2F4A.tmp
2011-05-24 17:14 . 2010-09-17 17:59        222080        ------w-        c:\windows\system32\MpSigStub.exe
2011-05-19 14:00 . 2011-05-19 14:00        724        ----a-w-        c:\windows\wacam.TMP
2011-05-19 14:00 . 2011-05-19 14:00        1409        ----a-w-        c:\windows\Fonts\SToccata.fot
2011-04-22 19:36 . 2011-05-25 20:14        26496        ----a-w-        c:\windows\system32\drivers\Diskdump.sys
2011-04-22 17:04 . 2010-09-12 12:46        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-04-09 06:13 . 2011-05-11 10:01        3957632        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 10:01        3901824        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-26 09:59        123904        ----a-w-        c:\windows\system32\poqexec.exe
2011-06-25 07:30 . 2011-05-11 15:03        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-09-17 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-21 8092192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"APLangApp"="c:\program files\AnyPC Client\APLangApp.exe" [2009-10-20 13312]
"fsi"="c:\program files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe" [2009-09-09 9728]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-10 281768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
c:\users\rai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
nixut.exe [2011-6-20 172032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" -osboot
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-25 136360]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-05-01 384896]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=15421
IE: Free YouTube Download - c:\users\rai\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: hotmail.com
Trusted Zone: live.com
Trusted Zone: msn.com
Trusted Zone: passport.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\rai\AppData\Roaming\Mozilla\Firefox\Profiles\8bhp6291.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-07-06  12:05:26
ComboFix-quarantined-files.txt  2011-07-06 10:05
ComboFix2.txt  2011-07-04 19:37
.
Vor Suchlauf: 11 Verzeichnis(se), 34.121.138.176 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 33.927.884.800 Bytes frei
.
- - End Of File - - ABC2FACE9761917BDE1E34D187A0EDEB
--- --- ---

cosinus 06.07.2011 12:30
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

germany25 06.07.2011 18:53
Hier ist zunächst das Log von GMER, die anderen werde ich noch durchführen und anschließend hier posten.
GMER Logfile:
Code:
GMER 1.0.15.15640 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-06 19:49:32
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1
Running: wgbwy0yn.exe; Driver: C:\Users\rai\AppData\Local\Temp\uwldrpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntoskrnl.exe!ZwSaveKeyEx + 13B1                                                                                                                830868A9 1 Byte  [06]
.text          ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                                          830A62F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                                                                            91369000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                                                                            91369123 629 Bytes  [45, 36, 91, FE, 05, 34, 45, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                                                                            91369399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 538F                                                                                                            913693FF 51 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 53C3                                                                                                            91369433 96 Bytes  [35, 91, 85, C9, 7C, 18, 8D, ...]
PAGE            ...                                                                                                                                           

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe[3392] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [752E5E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe[3392] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]    [752E5E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe[3392] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]  [752E5E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe[3392] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [752E5E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                        Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                        Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004f                                                                                                              halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44842864-796E-4255-8ECB-B14C4A961331}                             
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44842864-796E-4255-8ECB-B14C4A961331}                             
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44842864-796E-4255-8ECB-B14C4A961331}@Path                          \Microsoft\Windows Defender\MP Scheduled Scan
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44842864-796E-4255-8ECB-B14C4A961331}@Hash                          0xE8 0x55 0xF8 0xB8 ...
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44842864-796E-4255-8ECB-B14C4A961331}@Triggers                      0x15 0x00 0x00 0x00 ...
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44842864-796E-4255-8ECB-B14C4A961331}@DynamicInfo                  0x03 0x00 0x00 0x00 ...
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id                      {44842864-796E-4255-8ECB-B14C4A961331}

---- EOF - GMER 1.0.15 ----
--- --- ---

germany25 06.07.2011 19:18
Log von OSAM:
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 20:16:36 on 06.07.2011

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 5.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\windows\system32\DivXControlPanelApplet.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\rai\AppData\Local\Temp\catchme.sys  (File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\fssfltr.sys
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\windows\system32\drivers\mbamswissarmy.sys
"PCCS Mode Change Filter Driver" (pccsmcfd) - ? - C:\windows\System32\DRIVERS\pccsmcfd.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - ? -  (File not found | COM-object registry key not found)
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\windows\System32\uxtuneup.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension )-----
"application/x-myriad-music" - "Myriad Software." - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
"application/x-myriad-music" - "Myriad Software." - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
"application/x-myriad-music" - "Myriad Software." - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
"application/x-myriad-music" - "Myriad Software." - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
"application/x-myriad-music" - "Myriad Software." - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
"application/x-myriad-music" - "Myriad Software." - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
"application/x-myriad-music" - "Myriad Software." - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corporation" - C:\windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\rai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AutoStartNPSAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"APLangApp" - "DoctorSoft" - "C:\Program Files\AnyPC Client\APLangApp.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
"fsi" - ? - C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"PDVD8LanguageShortcut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
"RemoteControl8" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
"UpdateLBPShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"UpdateP2GoShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"UpdatePDRShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
"UpdatePPShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
"UpdatePSTShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP 8911 Status Monitor" - "Hewlett-Packard Co." - C:\windows\system32\hpinksts8911LM.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\windows\System32\uxtuneup.dll
"@C:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files\Nero\Update\NASvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\windows\system32\FsUsbExService.Exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

germany25 06.07.2011 19:21
MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: R530/R730
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 185):
0x8303B000 \SystemRoot\system32\ntoskrnl.exe
0x83004000 \SystemRoot\system32\halmacpi.dll
0x80BB3000 \SystemRoot\system32\kdcom.dll
0x89403000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8947B000 \SystemRoot\system32\PSHED.dll
0x8948C000 \SystemRoot\system32\BOOTVID.dll
0x89494000 \SystemRoot\system32\CLFS.SYS
0x894D6000 \SystemRoot\system32\CI.dll
0x89581000 \SystemRoot\system32\drivers\Wdf01000.sys
0x895F2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x89600000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x89648000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x89651000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x89659000 \SystemRoot\system32\DRIVERS\pci.sys
0x89683000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8968E000 \SystemRoot\System32\drivers\partmgr.sys
0x8969F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x896A7000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x896B2000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x896C2000 \SystemRoot\System32\drivers\volmgrx.sys
0x8970D000 \SystemRoot\System32\drivers\mountmgr.sys
0x89723000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8980A000 \SystemRoot\system32\DRIVERS\atapi.sys
0x89813000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x89836000 \SystemRoot\system32\DRIVERS\msahci.sys
0x89840000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8984E000 \SystemRoot\system32\drivers\amdxata.sys
0x89857000 \SystemRoot\system32\drivers\fltmgr.sys
0x8988B000 \SystemRoot\system32\drivers\fileinfo.sys
0x8989C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x899CB000 \SystemRoot\System32\Drivers\msrpc.sys
0x899F6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89A09000 \SystemRoot\System32\Drivers\cng.sys
0x89A66000 \SystemRoot\System32\drivers\pcw.sys
0x89A74000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x89A7D000 \SystemRoot\system32\drivers\ndis.sys
0x89B34000 \SystemRoot\system32\drivers\NETIO.SYS
0x89B72000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x89B97000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x89BD6000 \SystemRoot\System32\Drivers\spldr.sys
0x89C29000 \SystemRoot\System32\drivers\rdyboost.sys
0x89C56000 \SystemRoot\System32\Drivers\mup.sys
0x89C66000 \SystemRoot\System32\drivers\hwpolicy.sys
0x89C6E000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x89CA0000 \SystemRoot\system32\DRIVERS\disk.sys
0x89CB1000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x89DCE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x89DED000 \SystemRoot\System32\Drivers\Null.SYS
0x89DF4000 \SystemRoot\System32\Drivers\Beep.SYS
0x89DFB000 \SystemRoot\System32\drivers\vga.sys
0x89E07000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x89E28000 \SystemRoot\System32\drivers\watchdog.sys
0x89E35000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x89E3D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x89E45000 \SystemRoot\system32\drivers\rdprefmp.sys
0x89E4D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x89E58000 \SystemRoot\System32\Drivers\Npfs.SYS
0x89E66000 \SystemRoot\System32\drivers\tcpip.sys
0x89FAF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89FE0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x89C00000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9380C000 \SystemRoot\system32\drivers\afd.sys
0x93866000 \SystemRoot\System32\DRIVERS\netbt.sys
0x93898000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x9389F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x938BE000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x938CF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x938DD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x938F0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x93900000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x93906000 \??\C:\windows\system32\Drivers\SABI.sys
0x9390E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9394F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x93959000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x93963000 \SystemRoot\System32\drivers\discache.sys
0x9396F000 \SystemRoot\System32\Drivers\dfsc.sys
0x93987000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x93995000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x939BB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x93C2E000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x9454B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x94602000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9463B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x94646000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x94691000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x946A0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x946BF000 \SystemRoot\system32\DRIVERS\athr.sys
0x947EE000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x939DC000 \SystemRoot\system32\DRIVERS\yk62x86.sys
0x947F8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x93C00000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x93C18000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x93A2D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x93C25000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x93A64000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x93C27000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x93A71000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x93A83000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x93A90000 \SystemRoot\system32\DRIVERS\CryptOSD.sys
0x93AEE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x93B00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x93B18000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x93B23000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x93B45000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x93B5D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x93B74000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x947FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x93B8B000 \SystemRoot\system32\DRIVERS\ks.sys
0x93BBF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9902F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x99073000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x99084000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x99331000 \SystemRoot\system32\drivers\portcls.sys
0x99360000 \SystemRoot\system32\drivers\drmk.sys
0x99379000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x96C20000 \SystemRoot\System32\win32k.sys
0x9939C000 \SystemRoot\System32\drivers\Dxapi.sys
0x993A6000 \SystemRoot\System32\Drivers\crashdmp.sys
0x89CD6000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x993B3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x993C4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x993CF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x99000000 \SystemRoot\System32\Drivers\usbvideo.sys
0x96E80000 \SystemRoot\System32\TSDDD.dll
0x96EB0000 \SystemRoot\System32\cdd.dll
0x93BCD000 \SystemRoot\system32\drivers\luafv.sys
0x993E6000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x89DB0000 \SystemRoot\system32\drivers\WudfPf.sys
0x93BE8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x97037000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9707D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9708D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x970A0000 \SystemRoot\system32\drivers\HTTP.sys
0x97125000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9713E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x97150000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x97173000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x971AE000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x971E1000 \SystemRoot\system32\drivers\peauth.sys
0x97278000 \SystemRoot\System32\Drivers\secdrv.SYS
0x97282000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x972A3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x972B0000 \SystemRoot\System32\DRIVERS\srv2.sys
0x972FF000 \SystemRoot\System32\DRIVERS\srv.sys
0x97351000 \??\C:\windows\system32\FsUsbExDisk.SYS
0x9735A000 \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
0x76F60000 \Windows\System32\ntdll.dll
0x47940000 \Windows\System32\smss.exe
0x771A0000 \Windows\System32\apisetschema.dll
0x00970000 \Windows\System32\autochk.exe
0x770E0000 \Windows\System32\rpcrt4.dll
0x76EB0000 \Windows\System32\msvcrt.dll
0x76E20000 \Windows\System32\oleaut32.dll
0x770C0000 \Windows\System32\sechost.dll
0x76DC0000 \Windows\System32\difxapi.dll
0x76C20000 \Windows\System32\setupapi.dll
0x76BA0000 \Windows\System32\comdlg32.dll
0x76B00000 \Windows\System32\advapi32.dll
0x76A30000 \Windows\System32\user32.dll
0x769E0000 \Windows\System32\Wldap32.dll
0x769A0000 \Windows\System32\ws2_32.dll
0x76860000 \Windows\System32\urlmon.dll
0x770B0000 \Windows\System32\psapi.dll
0x75C10000 \Windows\System32\shell32.dll
0x75B40000 \Windows\System32\msctf.dll
0x770A0000 \Windows\System32\lpk.dll
0x75B20000 \Windows\System32\imm32.dll
0x75B10000 \Windows\System32\normaliz.dll
0x75AE0000 \Windows\System32\imagehlp.dll
0x75A40000 \Windows\System32\usp10.dll
0x759F0000 \Windows\System32\gdi32.dll
0x759E0000 \Windows\System32\nsi.dll
0x75980000 \Windows\System32\shlwapi.dll
0x758F0000 \Windows\System32\clbcatq.dll
0x757F0000 \Windows\System32\wininet.dll
0x75710000 \Windows\System32\kernel32.dll
0x75510000 \Windows\System32\iertutil.dll
0x753B0000 \Windows\System32\ole32.dll
0x75320000 \Windows\System32\comctl32.dll
0x752F0000 \Windows\System32\wintrust.dll
0x752D0000 \Windows\System32\devobj.dll
0x751B0000 \Windows\System32\crypt32.dll
0x75180000 \Windows\System32\cfgmgr32.dll
0x75130000 \Windows\System32\KernelBase.dll
0x75120000 \Windows\System32\msasn1.dll

Processes (total 65):
0 System Idle Process
4 SYSTEM
300 C:\Windows\System32\smss.exe
428 csrss.exe
484 C:\Windows\System32\wininit.exe
492 csrss.exe
540 C:\Windows\System32\services.exe
556 C:\Windows\System32\lsass.exe
564 C:\Windows\System32\lsm.exe
592 C:\Windows\System32\winlogon.exe
712 C:\Windows\System32\svchost.exe
808 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\audiodg.exe
1112 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\svchost.exe
1516 C:\Windows\System32\spoolsv.exe
1560 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1580 C:\Windows\System32\svchost.exe
1748 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1776 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1828 C:\Windows\System32\FsUsbExService.Exe
1872 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1896 C:\Windows\System32\conhost.exe
1948 C:\Program Files\CyberLink\Shared files\RichVideo.exe
1988 C:\Windows\System32\svchost.exe
2028 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
456 C:\Windows\System32\svchost.exe
824 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2168 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2320 C:\Windows\System32\SearchIndexer.exe
2752 C:\Windows\System32\taskhost.exe
2804 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
2812 C:\Windows\System32\taskeng.exe
2864 C:\Windows\System32\dwm.exe
2960 C:\Windows\explorer.exe
2980 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
3036 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
3044 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
3140 C:\Windows\System32\igfxext.exe
3168 C:\Windows\System32\igfxsrvc.exe
3328 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3344 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3424 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
3504 C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
3596 C:\Program Files\AnyPC Client\APLangApp.exe
3680 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3688 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3796 C:\Windows\System32\hkcmd.exe
3912 C:\Windows\System32\igfxpers.exe
2564 C:\Windows\System32\svchost.exe
2888 C:\Windows\System32\svchost.exe
3484 C:\Program Files\Windows Media Player\wmpnetwk.exe
3160 C:\Program Files\Nero\Update\NASvc.exe
1908 C:\Windows\System32\wuauclt.exe
1716 C:\Windows\System32\svchost.exe
4180 C:\PROGRA~1\Samsung\SAMSUN~2\SUPNOT~1.EXE
4160 C:\Windows\System32\SearchProtocolHost.exe
3316 C:\Windows\System32\SearchFilterHost.exe
932 dllhost.exe
2108 dllhost.exe
4380 C:\Users\rai\Desktop\MBRCheck.exe
2832 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000016`d4a00000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM250HI, Rev: 2AC101C4

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

cosinus 06.07.2011 20:32
Zitat:
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5
Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Win7 (32-Bit) installiert?
Wenn nicht: Schau mal hier => RescueDisc-Win7-32-Bit

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten)

Falls Du eine normale Win7-Installations-DVD (32-Bit) hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der dieser DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:34 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131