Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Problem mit Flash-Player Fälschung (https://www.trojaner-board.de/95459-problem-flash-player-faelschung.html)

phochaew 06.02.2011 17:55
Problem mit Flash-Player Fälschung
 
Hallo erstmal,

ich bin neu hier und zwar wegen einem Problem.

Bei mir öffnet sich die ganze Zeit so ein Adobe Flash Player- Installier Fenster (siehe Bild). Da aber nichts von Adobe bei Herausgeber steht, wenn man das Fenster erweitert und rein gar nichts auf Adobe hinweist, denke ich, das es eine Malware o.ä. ist!:pfui:

Scan Ergenis angehängt!

http://www.fotos-hochladen.net/uploa...yt2ch50jo4.png

markusg 06.02.2011 18:09
kannst du in den details sehen von welcher url der download kommt? falls ja sende mir die mal als private nachicht.
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten.

phochaew 06.02.2011 18:35
Hier die Dateien! Die OTL.txt war zu groß, deswegen so:





OTL Logfile:
Code:
OTL logfile created on: 06.02.2011 18:20:48 - Run 2
OTL by OldTimer - Version 3.2.20.6    Folder = C:\Users\*********\Documents\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 629,59 Gb Total Space | 461,63 Gb Free Space | 73,32% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 103,77 Gb Free Space | 44,56% Space Free | Partition Type: NTFS
Drive F: | 702,83 Mb Total Space | 492,94 Mb Free Space | 70,14% Space Free | Partition Type: UDF
Drive R: | 955,98 Mb Total Space | 525,03 Mb Free Space | 54,92% Space Free | Partition Type: FAT32
 
Computer Name: FABIANS-PC | User Name: ********* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*********\Documents\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Audials 8\VCDWriter\64\VCDAudioService.exe (RapidSolution Software AG)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Appupdater\appupdatert.exe ()
PRC - C:\Program Files (x86)\Appupdater\appupdaters.exe (Nabber.org)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
PRC - C:\Program Files (x86)\Orbitdownloader\orbitnet.exe (Orbitdownloader.com)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
PRC - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*********\Documents\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Virtual CDAudio Service) -- C:\Program Files (x86)\Audials 8\VCDWriter\64\VCDAudioService.exe (RapidSolution Software AG)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Appupdater) -- C:\Program Files (x86)\Appupdater\appupdaters.exe (Nabber.org)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AODService) -- C:\Program Files (x86)\AMD-OverDrive\AODAssist.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (rsvcdwdr) -- C:\Windows\SysNative\drivers\rsvcdwdr.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\Windows\SysNative\drivers\tdrpm251.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (hxctlflt) -- C:\Windows\SysNative\drivers\hxctlflt.sys (Guillemot Corporation)
DRV:64bit: - (SNPSTD3) -- C:\Windows\SysNative\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV:64bit: - (fsRamDsk) -- C:\Windows\SysNative\drivers\fsRamDsk.sys ()
DRV:64bit: - (FVXSCSI) -- C:\Windows\SysNative\drivers\FVXSCSI.SYS (FarStone Inc.)
DRV:64bit: - (fcdabus) -- C:\Windows\SysNative\drivers\FCDABUS.SYS (FarStone Inc.)
DRV - (CrystalSysInfo) -- C:\Programme\MediaCoder\SysInfoX64.sys ()
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (prohlp02) -- C:\Windows\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\Windows\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (sfhlp01) -- C:\Windows\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (prosync1) -- C:\Windows\System32\drivers\prosync1.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\PremierOpinion
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\Real\RealPlayer\browserrecord\firefox\ext
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.02.03 18:41:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.02.06 14:58:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.02.06 18:12:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.10.23 14:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\Extensions
[2010.04.25 12:00:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.10.23 14:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\Extensions\Coder Preset
[2010.10.23 14:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\Extensions\MediaCoder
[2010.10.23 14:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\Extensions\MediaCoder-Benchmark
[2010.10.23 14:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard
[2011.02.06 15:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\o2r619a9.default\extensions
[2011.02.06 12:42:55 | 000,000,000 | ---D | M] (TweakTube) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\o2r619a9.default\extensions\{15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed}
[2011.02.02 19:09:25 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\o2r619a9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011.02.02 19:09:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\o2r619a9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.02.02 19:09:23 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\o2r619a9.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011.02.02 19:09:24 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\o2r619a9.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2011.02.02 19:09:23 | 000,000,000 | ---D | M] (Ecosia - The Green Search) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\o2r619a9.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
[2011.02.02 19:09:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\o2r619a9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.29 18:04:19 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\o2r619a9.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.02.02 19:09:24 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\o2r619a9.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010.10.29 17:59:15 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\o2r619a9.default\extensions\DeviceDetection@logitech.com
[2011.02.05 11:18:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.02.05 11:17:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.05 11:17:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.29 17:32:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.29 17:32:25 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.29 17:32:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.29 17:32:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.29 17:32:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.03 15:35:41 | 000,000,871 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant]  File not found
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 256
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Monopoly/Images/stg_drm.ocx (Reg Error: Key error.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Monopoly/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.04 15:31:18 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1ba4a8d8-d768-11de-a83a-00248c5d5e14}\Shell - "" = AutoRun
O33 - MountPoints2\{1ba4a8d8-d768-11de-a83a-00248c5d5e14}\Shell\AutoRun\command - "" = I:\Autorun.exe
O33 - MountPoints2\{a67222a1-d398-11de-840f-00248c5d5e14}\Shell - "" = AutoRun
O33 - MountPoints2\{a67222a1-d398-11de-840f-00248c5d5e14}\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.06 18:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2011.02.06 18:11:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup
[2011.02.06 18:01:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2011.02.06 17:56:32 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2011.02.06 17:54:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011.02.06 17:35:42 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Malwarebytes
[2011.02.06 17:35:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.02.06 17:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.06 17:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.02.06 17:35:36 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.02.06 17:35:36 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\Malwarebytes' Anti-Malware
[2011.02.06 17:20:49 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\MFTools
[2011.02.06 15:32:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reallusion
[2011.02.06 15:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrazyTalk Animator
[2011.02.06 15:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Reallusion
[2011.02.06 15:31:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\iClone
[2011.02.06 15:31:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion
[2011.02.06 15:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Reallusion
[2011.02.06 15:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrazyTalk Animator
[2011.02.06 14:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RapidSolution
[2011.02.06 14:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials TV
[2011.02.06 14:35:30 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Local\CrashRpt
[2011.02.06 14:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution
[2011.02.06 14:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials 8
[2011.02.06 14:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audials 8
[2011.02.06 12:23:52 | 000,000,000 | ---D | C] -- C:\Users\*********\.idlerc
[2011.02.06 12:23:35 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.1
[2011.02.06 10:48:24 | 000,000,000 | ---D | C] -- C:\Users\*********\bluej
[2011.02.06 10:46:38 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2011.02.06 10:23:41 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\GetRightToGo
[2011.02.05 19:41:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\temp
[2011.02.05 19:29:29 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\PS und YT
[2011.02.05 13:46:16 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\Aufnahme-11
[2011.02.05 12:59:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2011.02.05 12:58:47 | 000,242,176 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2011.02.05 12:58:47 | 000,193,024 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2011.02.05 12:58:47 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2011.02.05 12:58:47 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2011.02.05 11:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.02.05 11:17:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.02.05 11:13:53 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\gnupg
[2011.02.05 11:13:53 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Appupdater
[2011.02.05 11:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Appupdater
[2011.02.05 11:13:42 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GNU Privacy Guard
[2011.02.05 11:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GNU Privacy Guard
[2011.02.05 11:13:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GNU
[2011.02.05 11:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Appupdater
[2011.02.05 11:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Appupdater
[2011.02.05 11:01:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCWAppUpdater
[2011.02.03 20:06:58 | 000,000,000 | R--D | C] -- C:\Users\*********\Documents\Scanned Documents
[2011.02.03 20:06:57 | 000,000,000 | ---D | C] -- C:\Users\*********\Documents\Fax
[2011.02.03 18:46:53 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\PS
[2011.02.03 17:47:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2011.02.03 17:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011.02.03 17:45:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011.02.03 15:43:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2011.02.03 15:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.02.03 15:42:35 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.02.03 15:42:35 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.02.03 15:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.01.28 18:34:54 | 000,046,112 | ---- | C] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\tbhsd.sys
[2011.01.28 18:34:54 | 000,042,600 | ---- | C] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\rsvcdwdr.sys
[2011.01.28 18:34:50 | 000,037,480 | ---- | C] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\rrnetcap.sys
[2011.01.19 20:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Robot Karol
[2011.01.19 20:44:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RobotKarol
[2011.01.19 15:04:33 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\NCH Software
[2011.01.17 17:35:53 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lugert Verlag
[2011.01.17 17:35:45 | 000,155,648 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\Windows\SysWow64\viscomwaveform.dll
[2011.01.17 17:35:45 | 000,110,592 | ---- | C] (Viscom Software) -- C:\Windows\SysWow64\viscomaudioencoder.dll
[2011.01.17 17:35:45 | 000,102,400 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\Windows\SysWow64\viscomaudio.dll
[2011.01.17 17:35:45 | 000,094,208 | ---- | C] (Viscom Software) -- C:\Windows\SysWow64\viscomaudiodata.dll
[2011.01.17 17:35:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lugert Verlag
[2011.01.16 17:40:08 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\OpenOffice.org
[2011.01.16 17:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010.10.30 17:08:38 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.06 18:12:48 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011.02.06 18:12:24 | 001,021,406 | ---- | M] () -- C:\Users\*********\Desktop\Thunderbird 3.1.7 (en-US) - 2011-02-06.pcv
[2011.02.06 18:11:56 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2011.02.06 18:03:00 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.06 18:00:06 | 000,000,036 | ---- | M] () -- C:\Users\*********\AppData\Local\housecall.guid.cache
[2011.02.06 17:54:37 | 000,013,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.06 17:54:37 | 000,013,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.06 17:52:59 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.02.06 17:52:59 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.02.06 17:52:59 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.02.06 17:52:59 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.02.06 17:52:59 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.02.06 17:48:38 | 000,044,362 | ---- | M] () -- C:\Users\*********\Desktop\Unbenannt.png
[2011.02.06 17:47:21 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.06 17:47:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.06 17:47:02 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.06 17:35:39 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.06 15:46:57 | 000,014,848 | ---- | M] () -- C:\Users\*********\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.06 15:43:41 | 000,107,172 | ---- | M] () -- C:\Users\*********\Desktop\Unbenannt.jpg
[2011.02.06 15:32:50 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\CrazyTalk Animator PRO.lnk
[2011.02.06 15:32:34 | 000,000,153 | RHS- | M] () -- C:\Windows\CTA1PRET.BIN
[2011.02.06 14:58:05 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.02.06 14:35:38 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\audials TV.lnk
[2011.02.06 14:35:25 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Audials 8.lnk
[2011.02.05 13:16:07 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2011.02.05 12:29:50 | 000,259,430 | ---- | M] () -- C:\Users\*********\Desktop\Angelina_Jolie_2.jpg
[2011.02.05 11:13:44 | 000,001,014 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Appupdater Tray Notification Icon.lnk
[2011.02.05 11:13:44 | 000,000,996 | ---- | M] () -- C:\Users\Public\Desktop\Appupdater.lnk
[2011.02.04 14:25:44 | 000,276,885 | ---- | M] () -- C:\Users\*********\Desktop\kork03.jpg
[2011.02.04 14:09:16 | 000,039,465 | ---- | M] () -- C:\Users\*********\Desktop\bambus-fahrrad.jpg
[2011.02.03 20:43:41 | 000,917,618 | ---- | M] () -- C:\Users\*********\Desktop\bild2.jpg
[2011.02.03 20:41:11 | 015,882,677 | ---- | M] () -- C:\Users\*********\Desktop\bild2.psd
[2011.02.03 20:29:04 | 000,574,416 | ---- | M] () -- C:\Users\*********\Desktop\bild2.jpeg
[2011.02.03 20:23:48 | 001,275,553 | ---- | M] () -- C:\Users\*********\Desktop\bild.jpg
[2011.02.03 20:10:00 | 001,209,954 | ---- | M] () -- C:\Users\*********\Desktop\bild.jpeg
[2011.02.03 15:44:39 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011.02.03 15:42:50 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.02.03 15:34:04 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2011.02.03 15:33:18 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.02.03 15:26:16 | 000,226,548 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.02.02 20:30:48 | 005,108,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.02.02 18:35:44 | 000,000,680 | RHS- | M] () -- C:\Users\*********\ntuser.pol
[2011.01.30 13:50:47 | 000,011,719 | ---- | M] () -- C:\Users\*********\Documents\Englisch-Vorbereitung 2.SA 201011.odt
[2011.01.28 18:34:54 | 000,046,112 | ---- | M] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\tbhsd.sys
[2011.01.28 18:34:54 | 000,042,600 | ---- | M] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\rsvcdwdr.sys
[2011.01.28 18:34:50 | 000,037,480 | ---- | M] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\rrnetcap.sys
[2011.01.26 19:00:19 | 000,000,139 | -H-- | M] () -- C:\Users\*********\Documents\.~lock.Unbenannt 1.odt#
[2011.01.26 16:07:26 | 000,009,835 | ---- | M] () -- C:\Users\*********\Documents\2. Mathevorbereitung.odt
[2011.01.19 20:44:39 | 000,000,894 | ---- | M] () -- C:\Users\*********\Desktop\Robot Karol.lnk
[2011.01.19 15:09:29 | 000,000,272 | ---- | M] () -- C:\Users\*********\AppData\Roaming\default.rss
[2011.01.19 15:09:29 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.01.17 17:35:53 | 000,001,071 | ---- | M] () -- C:\Users\*********\Desktop\Forte Standard.lnk
[2011.01.16 20:59:14 | 000,002,386 | ---- | M] () -- C:\Users\*********\Documents\Neue Datenbank.odb
[2011.01.16 17:40:48 | 000,001,195 | ---- | M] () -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.06 18:12:11 | 001,021,406 | ---- | C] () -- C:\Users\*********\Desktop\Thunderbird 3.1.7 (en-US) - 2011-02-06.pcv
[2011.02.06 18:11:56 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2011.02.06 18:00:06 | 000,000,036 | ---- | C] () -- C:\Users\*********\AppData\Local\housecall.guid.cache
[2011.02.06 17:44:06 | 000,044,362 | ---- | C] () -- C:\Users\*********\Desktop\Unbenannt.png
[2011.02.06 17:35:39 | 000,000,795 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.06 15:43:41 | 000,107,172 | ---- | C] () -- C:\Users\*********\Desktop\Unbenannt.jpg
[2011.02.06 15:32:50 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\CrazyTalk Animator PRO.lnk
[2011.02.06 15:32:34 | 000,000,153 | RHS- | C] () -- C:\Windows\CTA1PRET.BIN
[2011.02.06 14:58:05 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.02.06 14:35:38 | 000,002,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\audials TV.lnk
[2011.02.06 14:35:38 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\audials TV.lnk
[2011.02.06 14:35:25 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\Audials 8.lnk
[2011.02.05 14:08:48 | 000,000,088 | ---- | C] () -- C:\Users\*********\Desktop\Sidebar_neu_initialisieren.bat
[2011.02.05 13:16:07 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2011.02.05 13:16:07 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2011.02.05 11:39:03 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011.02.05 11:36:03 | 000,259,430 | ---- | C] () -- C:\Users\*********\Desktop\Angelina_Jolie_2.jpg
[2011.02.05 11:13:44 | 000,001,014 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Appupdater Tray Notification Icon.lnk
[2011.02.05 11:13:44 | 000,000,996 | ---- | C] () -- C:\Users\Public\Desktop\Appupdater.lnk
[2011.02.04 14:25:44 | 000,276,885 | ---- | C] () -- C:\Users\*********\Desktop\kork03.jpg
[2011.02.04 14:09:15 | 000,039,465 | ---- | C] () -- C:\Users\*********\Desktop\bambus-fahrrad.jpg
[2011.02.03 20:41:31 | 000,917,618 | ---- | C] () -- C:\Users\*********\Desktop\bild2.jpg
[2011.02.03 20:41:09 | 015,882,677 | ---- | C] () -- C:\Users\*********\Desktop\bild2.psd
[2011.02.03 20:40:16 | 000,574,416 | ---- | C] () -- C:\Users\*********\Desktop\bild2.jpeg
[2011.02.03 20:17:33 | 001,275,553 | ---- | C] () -- C:\Users\*********\Desktop\bild.jpg
[2011.02.03 20:09:38 | 001,209,954 | ---- | C] () -- C:\Users\*********\Desktop\bild.jpeg
[2011.02.03 20:07:44 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\CNC173FD.TBL
[2011.02.03 20:07:44 | 000,013,312 | ---- | C] () -- C:\Windows\SysNative\CNC173FD.TBL
[2011.02.03 17:50:16 | 000,001,228 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
[2011.02.03 17:49:46 | 000,001,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2011.02.03 17:48:13 | 000,001,129 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2011.02.03 17:47:57 | 000,001,222 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011.02.03 17:46:23 | 000,001,313 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2011.02.03 17:46:17 | 000,001,479 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011.02.03 17:45:46 | 000,000,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011.02.03 15:44:39 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011.02.03 15:42:50 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.02.03 15:34:03 | 000,000,629 | ---- | C] () -- C:\Windows\SysNative\mapisvc.inf
[2011.02.03 15:33:18 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.02.02 18:19:10 | 000,000,680 | RHS- | C] () -- C:\Users\*********\ntuser.pol
[2011.01.30 13:50:45 | 000,011,719 | ---- | C] () -- C:\Users\*********\Documents\Englisch-Vorbereitung 2.SA 201011.odt
[2011.01.26 19:00:19 | 000,000,139 | -H-- | C] () -- C:\Users\*********\Documents\.~lock.Unbenannt 1.odt#
[2011.01.26 15:50:02 | 000,009,835 | ---- | C] () -- C:\Users\*********\Documents\2. Mathevorbereitung.odt
[2011.01.19 20:44:39 | 000,000,894 | ---- | C] () -- C:\Users\*********\Desktop\Robot Karol.lnk
[2011.01.19 15:02:20 | 000,081,428 | ---- | C] () -- C:\Users\*********\Desktop\Bonnet__.ttf
[2011.01.17 17:35:53 | 000,001,071 | ---- | C] () -- C:\Users\*********\Desktop\Forte Standard.lnk
[2011.01.16 20:56:24 | 000,002,386 | ---- | C] () -- C:\Users\*********\Documents\Neue Datenbank.odb
[2011.01.16 17:40:48 | 000,001,195 | ---- | C] () -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010.12.24 14:43:11 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010.11.11 18:46:52 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2010.11.04 12:00:24 | 000,000,244 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.11.02 14:49:48 | 000,000,000 | ---- | C] () -- C:\Users\*********\AppData\Roaming\chrtmp
[2010.10.30 17:08:38 | 000,015,478 | ---- | C] () -- C:\Windows\snpstd3.ini
[2010.10.18 17:47:25 | 000,000,012 | ---- | C] () -- C:\Windows\inform.ini
[2010.07.17 10:57:23 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.07.17 10:57:23 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.07.17 10:22:18 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.05.18 00:47:52 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.04.23 14:22:36 | 000,000,272 | ---- | C] () -- C:\Users\*********\AppData\Roaming\default.rss
[2010.04.23 14:22:25 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.03.01 15:08:29 | 000,000,286 | ---- | C] () -- C:\Users\*********\AppData\Roaming\burnaware.ini
[2010.02.26 19:50:38 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.02.20 16:31:33 | 000,007,838 | ---- | C] () -- C:\Users\*********\AppData\Local\Temppenciltemp.png
[2010.02.20 13:15:49 | 000,000,356 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010.02.02 18:11:42 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2010.01.24 13:09:37 | 000,000,133 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.01.04 17:38:59 | 000,007,609 | ---- | C] () -- C:\Users\*********\AppData\Local\Resmon.ResmonCfg
[2010.01.04 16:23:16 | 000,000,624 | ---- | C] () -- C:\Windows\S3D.ini
[2010.01.03 15:11:58 | 000,003,082 | ---- | C] () -- C:\Windows\SysWow64\affv300053706p4now.sys
[2009.12.06 14:46:00 | 000,005,110 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2009.11.23 16:37:15 | 000,014,848 | ---- | C] () -- C:\Users\*********\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.22 14:44:28 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\RDrv2KInterface.dll
[2009.11.22 14:44:28 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\RDrvNTInterface.dll
[2009.11.22 14:44:28 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\RDrv9xInterface.dll
[2009.11.22 14:44:28 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\RDrvInterface.dll
[2009.11.22 14:43:53 | 000,000,000 | ---- | C] () -- C:\Windows\Wininit.ini
[2009.11.22 14:34:45 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2009.11.21 13:19:09 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.11.18 14:29:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009.11.17 20:07:04 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2009.08.16 09:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.29 14:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.05.29 14:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2007.12.28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.09.18 14:20:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\VDExt800.dll
[2006.09.18 14:20:58 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\VDExt712.dll
[2006.09.18 14:20:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\GDExt800.dll
[2006.08.07 18:03:20 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\GDExt712.dll
 
========== LOP Check ==========
 
[2010.07.26 19:17:51 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\10 Finger BreakOut
[2010.05.12 18:18:31 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Acronis
[2010.04.22 17:43:44 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\aMule
[2011.02.05 11:13:53 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Appupdater
[2010.04.09 11:58:49 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\AquaSoft
[2010.02.18 13:29:45 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Artweaver
[2010.10.07 14:24:38 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\ASAP Utilities
[2010.09.18 12:59:14 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Atari
[2011.02.06 15:33:53 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\BitTorrent
[2010.10.23 14:17:20 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Broad Intelligence
[2010.05.13 12:48:18 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Bump Technologies, Inc
[2010.11.05 20:39:14 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Chilirec
[2010.03.27 11:27:40 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\CopyTransDoctor
[2010.03.27 11:25:40 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\CopyTransPhoto
[2010.05.05 18:51:21 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\DAEMON Tools Pro
[2010.04.09 11:21:13 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Digiarty
[2010.03.28 18:23:43 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Downloaded Installations
[2010.03.07 13:09:33 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\DreamDale
[2010.04.05 19:57:19 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Dropbox
[2010.06.14 19:15:04 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\eMagStudio
[2010.12.05 16:33:38 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\enchant
[2010.03.02 19:58:51 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\flightgear.org
[2011.02.06 10:24:29 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\GetRightToGo
[2010.10.17 17:31:36 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\GHISLER
[2010.04.05 14:12:54 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\GlarySoft
[2011.02.05 11:13:54 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\gnupg
[2010.04.05 20:33:55 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\GoodSync
[2010.10.29 20:07:43 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\GrabPro
[2010.03.07 13:26:03 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Jumping Bytes
[2010.02.20 13:00:47 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Leadertech
[2010.11.03 15:12:18 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\MAGIX
[2010.10.06 14:23:00 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Marine Aquarium 3
[2010.03.07 13:02:09 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\MB4
[2010.03.03 13:05:11 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Mobile Master
[2010.04.09 11:47:54 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\mresreg
[2010.04.05 12:08:26 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\MudTV
[2011.02.06 10:54:11 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Notepad++
[2010.11.02 19:49:38 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\OpenCandy
[2011.01.16 17:40:08 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\OpenOffice.org
[2011.02.06 17:59:58 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Orbit
[2010.11.03 13:20:50 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Outerspace Software
[2010.10.29 20:06:59 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\ProgSense
[2010.03.07 13:01:48 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\SmashFrenzy4
[2010.03.07 13:28:11 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\supertuxkart
[2010.04.25 12:00:36 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Thunderbird
[2010.06.26 17:26:48 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Titanium
[2010.04.21 15:03:34 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Tropico 3
[2010.03.27 10:52:56 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Ubisoft
[2010.10.17 17:19:31 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Uniblue
[2010.05.14 11:18:47 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\uTorrent
[2010.10.20 16:58:32 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\VOWSoft
[2010.10.18 17:49:33 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Win7codecs
[2010.10.30 11:56:48 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Windows Live Writer
[2010.10.31 08:15:11 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\WindSolutions
[2010.03.29 14:02:43 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\XWindows Dock
[2010.05.12 18:07:54 | 000,000,558 | ---- | M] () -- C:\Windows\Tasks\Backup Hauptplatte.job
[2010.04.06 09:32:37 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\GoodSync - Backup Hauptplatte.job
[2010.11.10 20:13:41 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.07.26 19:17:51 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\10 Finger BreakOut
[2010.05.12 18:18:31 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Acronis
[2011.02.04 14:54:59 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Adobe
[2010.12.04 11:54:06 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Ahead
[2010.04.22 17:43:44 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\aMule
[2010.03.27 11:43:41 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Apple Computer
[2011.02.05 11:13:53 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Appupdater
[2010.04.09 11:58:49 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\AquaSoft
[2010.02.18 13:29:45 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Artweaver
[2010.10.07 14:24:38 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\ASAP Utilities
[2010.09.18 12:59:14 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Atari
[2011.02.06 15:33:53 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\BitTorrent
[2010.10.23 14:17:20 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Broad Intelligence
[2010.05.13 12:48:18 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Bump Technologies, Inc
[2010.11.05 20:39:14 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Chilirec
[2010.03.27 11:27:40 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\CopyTransDoctor
[2010.03.27 11:25:40 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\CopyTransPhoto
[2010.05.13 11:05:20 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\CyberLink
[2010.05.05 18:51:21 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\DAEMON Tools Pro
[2010.04.09 11:21:13 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Digiarty
[2010.03.28 18:23:43 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Downloaded Installations
[2010.03.07 13:09:33 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\DreamDale
[2010.04.05 19:57:19 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Dropbox
[2010.07.30 11:13:20 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\dvdcss
[2010.06.14 19:15:04 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\eMagStudio
[2010.12.05 16:33:38 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\enchant
[2010.03.02 19:58:51 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\flightgear.org
[2011.02.06 10:24:29 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\GetRightToGo
[2010.10.17 17:31:36 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\GHISLER
[2010.04.05 14:12:54 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\GlarySoft
[2011.02.05 11:13:54 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\gnupg
[2010.04.05 20:33:55 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\GoodSync
[2010.10.29 20:07:43 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\GrabPro
[2010.10.30 17:00:35 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\InstallShield
[2010.03.07 13:26:03 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Jumping Bytes
[2010.02.20 13:00:47 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Leadertech
[2010.02.18 16:37:21 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Logitech
[2010.10.09 19:10:56 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Macromedia
[2010.11.03 15:12:18 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\MAGIX
[2011.02.06 17:35:42 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Malwarebytes
[2010.10.06 14:23:00 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Marine Aquarium 3
[2010.03.07 13:02:09 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\MB4
[2011.02.05 16:48:57 | 000,000,000 | --SD | M] -- C:\Users\*********\AppData\Roaming\Microsoft
[2010.03.03 13:05:11 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Mobile Master
[2010.06.02 12:56:01 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Move Networks
[2011.01.17 18:44:01 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Mozilla
[2010.04.09 11:47:54 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\mresreg
[2010.04.05 12:08:26 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\MudTV
[2011.01.19 15:04:33 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\NCH Software
[2010.08.02 15:57:47 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Nero
[2011.02.06 10:54:11 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Notepad++
[2010.11.02 19:49:38 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\OpenCandy
[2011.01.16 17:40:08 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\OpenOffice.org
[2011.02.06 17:59:58 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Orbit
[2010.11.03 13:20:50 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Outerspace Software
[2010.10.29 20:06:59 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\ProgSense
[2010.02.20 11:25:07 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Real
[2011.01.29 11:05:16 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Reallusion
[2010.02.20 13:12:36 | 000,000,000 | RH-D | M] -- C:\Users\*********\AppData\Roaming\SecuROM
[2010.03.07 13:01:48 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\SmashFrenzy4
[2010.03.07 13:28:11 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\supertuxkart
[2010.04.25 12:00:36 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Thunderbird
[2010.06.26 17:26:48 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Titanium
[2010.04.21 15:03:34 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Tropico 3
[2010.03.27 10:52:56 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Ubisoft
[2010.10.17 17:19:31 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Uniblue
[2010.05.14 11:18:47 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\uTorrent
[2010.10.29 19:25:00 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\vlc
[2010.10.20 16:58:32 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\VOWSoft
[2010.10.18 17:49:33 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Win7codecs
[2010.10.30 11:56:48 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Windows Live Writer
[2010.10.31 08:15:11 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\WindSolutions
[2010.03.27 11:14:13 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\WinRAR
[2010.03.29 14:02:43 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\XWindows Dock
 
< %APPDATA%\*.exe /s >
[2010.10.29 17:51:34 | 025,913,755 | ---- | M] () -- C:\Users\*********\AppData\Roaming\Chilirec\ChilirecUpdate.exe
[2010.11.21 18:46:51 | 000,012,862 | R--- | M] () -- C:\Users\*********\AppData\Roaming\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
[2010.03.28 17:44:44 | 000,010,134 | R--- | M] () -- C:\Users\*********\AppData\Roaming\Microsoft\Installer\{1AC91509-E17B-46F7-A032-B54DCCA6E8BB}\ARPPRODUCTICON.exe
[2011.02.06 12:23:35 | 000,098,304 | R--- | M] () -- C:\Users\*********\AppData\Roaming\Microsoft\Installer\{D40AF016-506C-43FB-A738-BD54FA8C1E85}\python_icon.exe
[2010.12.20 18:30:30 | 000,010,134 | R--- | M] () -- C:\Users\*********\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.06.02 12:56:01 | 000,144,053 | ---- | M] () -- C:\Users\*********\AppData\Roaming\Move Networks\uninstall.exe
[2010.02.11 20:31:38 | 000,097,216 | ---- | M] () -- C:\Users\*********\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2010.11.02 19:49:39 | 000,349,296 | ---- | M] () -- C:\Users\*********\AppData\Roaming\OpenCandy\OpenCandy_62256DED75BF402FAF991DC28BCFE193\DLMgr_3_1.6.87.exe
[2010.10.27 19:26:52 | 027,218,976 | ---- | M] (TuneUp Media, Inc.) -- C:\Users\*********\AppData\Roaming\OpenCandy\OpenCandy_62256DED75BF402FAF991DC28BCFE193\TuneUpInst-1.9.0-cmp132.exe
[2010.04.21 15:03:30 | 017,656,864 | ---- | M] () -- C:\Users\*********\AppData\Roaming\Tropico 3\Tropico3Patch100-109.exe
[2010.11.04 11:57:52 | 005,414,496 | ---- | M] (Uniblue Systems Ltd                                        ) -- C:\Users\*********\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\ub.exe
[2010.10.30 19:00:00 | 005,514,920 | ---- | M] (WindSolutions) -- C:\Users\*********\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTrans.exe
[2010.10.23 18:48:06 | 002,728,160 | ---- | M] (WindSolutions) -- C:\Users\*********\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
[2010.10.31 08:15:03 | 005,191,864 | ---- | M] (WindSolutions) -- C:\Users\*********\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransPhoto.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 168 bytes -> C:\Users\*********\Desktop\bild2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\*********\Desktop\bild.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:0888F409
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34

< End of report >
--- --- ---

markusg 06.02.2011 18:39
ich sehe true image, wirds genutzt? dann spiele doch nen backup zurück. das dauert 5 minuten.

phochaew 06.02.2011 18:43
Hallo,

wäre ungünstig, habe sehr viel gearbeitet seit letztem Backup!

MFG, phochaew

markusg 06.02.2011 18:47
oman wofür instaliert ihr euch eig backup programme wenn ihr sie nicht so nutzt, dass sie euch im notfall was nutzen...?
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

phochaew 06.02.2011 18:49
Erstmal gute Nachricht:

Es kam nichtmehr, seit ich nochmal mit diversen Scannern durchgelaufen bin.

Wenn es nochmal kommen sollte, informiere ich hier!

Speziellen Dank an markusg!!!!!

MFG, phoachew

markusg 06.02.2011 18:57
welche scanner, was haben sie gefunden?


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:42 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131