Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win 7 Security entfernen (log-files vorhanden) (https://www.trojaner-board.de/97259-win-7-security-entfernen-log-files-vorhanden.html)

hens1988 08.04.2011 19:08
Win 7 Security entfernen (log-files vorhanden)
 
Hallo,

ich habe mir bereits einige Threads zum Thema Win7 Security entfernen durhcgelesen. Ich habe HiJackThis installiert und jeweils beide log files erstellt. Ausserdem noch mit Ccleaner meine installierten Programme ausgegeben.

Den empfohlenen Malware entferner habe ich bereits installiert.

Hier meine log files:

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:41, on 08.04.2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Users\Hens\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [TvOutSwitch] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [PSUtility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ScanSoft PDF Create! 4-reminder] "C:\Program Files\ScanSoft\PDF Create! 4\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PDF Create\4\Ereg\Ereg.ini
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = Hens\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Nach Updates suchen.lnk = C:\Program Files\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Free YouTube Download - C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: FLEXlm server for PTC - Macrovision Corporation - C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - C:\Program Files\Fujitsu\PSUtility\PSUService.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: WirelessSelectorService - Unknown owner - C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe

--
End of file - 10027 bytes
Code:

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
                        º                                    º
                                    hjtscanlist v2.0             
                        º                                    º
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Microsoft Windows [Version 6.1.7600]
 
 
C:

      C:\pagefile.sys ---------   
      C:\hiberfil.sys ---------   
  08.04.2011 10:53    C:\Windows --------- 28672 
  08.04.2011 10:37    C:\ProgramData --------- 12288 
  08.04.2011 10:37    C:\Program Files --------- 28672 
  08.04.2011 10:32    C:\System Volume Information --------- 20480 
  20.03.2011 22:18    C:\DVDVideoSoft --------- 0 
  17.12.2010 14:06    C:\flexlm --------- 0 
  21.11.2010 07:26    C:\PTC --------- 0 
  22.04.2010 03:17    C:\SmartDraw 2010 --------- 0 
  21.03.2010 16:38    C:\IO.SYS --------- 0 
  21.03.2010 16:38    C:\MSDOS.SYS --------- 0 
  14.03.2010 10:59    C:\timestmp.tmp --------- 4 
  12.03.2010 10:06    C:\ptcsetup.log --------- 797246 
  21.02.2010 15:27    C:\Intel --------- 0 
  21.02.2010 15:27    C:\fsc.tmp --------- 0 
  21.02.2010 15:22    C:\DeskUpdate.tmp --------- 0 
  19.02.2010 10:08    C:\$Recycle.Bin --------- 0 
  08.02.2010 08:33    C:\MSOCache --------- 0 
  08.02.2010 08:29    C:\Users --------- 4096 
  08.02.2010 08:29    C:\Recovery --------- 0 
  08.02.2010 08:29    C:\Programme --------- 0 
  08.02.2010 08:29    C:\Dokumente und Einstellungen --------- 0 
  08.02.2010 08:19    C:\BOOTSECT.BAK --------- 8192 
  08.02.2010 08:19    C:\Boot --------- 4096 
  13.07.2009 22:53    C:\Documents and Settings --------- 0 
  13.07.2009 20:37    C:\PerfLogs --------- 0 
  13.07.2009 19:38    C:\bootmgr --------- 383562 
  10.06.2009 15:42    C:\config.sys --------- 10 
  10.06.2009 15:42    C:\autoexec.bat --------- 24 
----------------------------------------

 
C:\Windows

  08.04.2011 10:57    C:\Windows\ntbtlog.txt --------- 1192722 
  08.04.2011 10:56    C:\Windows\bootstat.dat --------- 67584 
  08.04.2011 10:53    C:\Windows\setuperr.log --------- 0 
  08.04.2011 10:53    C:\Windows\setupact.log --------- 56 
  19.07.2010 13:44    C:\Windows\win.ini --------- 509 
  10.04.2010 01:03    C:\Windows\KMService.exe --------- 77824 
  08.02.2010 08:37    C:\Windows\ODBC.INI --------- 400 
  18.01.2010 05:42    C:\Windows\Irremote.ini --------- 34666 
  30.10.2009 23:45    C:\Windows\explorer.exe --------- 2614272 
  13.07.2009 22:41    C:\Windows\WindowsShell.Manifest --------- 749 
  13.07.2009 19:16    C:\Windows\twain_32.dll --------- 51200 
  13.07.2009 19:14    C:\Windows\write.exe --------- 9216 
  13.07.2009 19:14    C:\Windows\winhlp32.exe --------- 9728 
  13.07.2009 19:14    C:\Windows\twunk_32.exe --------- 31232 
  13.07.2009 19:14    C:\Windows\regedit.exe --------- 398336 
  13.07.2009 19:14    C:\Windows\notepad.exe --------- 179712 
  13.07.2009 19:14    C:\Windows\hh.exe --------- 15360 
  13.07.2009 19:14    C:\Windows\HelpPane.exe --------- 497152 
  13.07.2009 19:14    C:\Windows\fveupdate.exe --------- 13824 
  13.07.2009 19:14    C:\Windows\bfsvc.exe --------- 65024 
  13.07.2009 16:58    C:\Windows\mib.bin --------- 43131 
  10.06.2009 15:46    C:\Windows\system.ini --------- 219 
  10.06.2009 15:42    C:\Windows\_default.pif --------- 707 
  10.06.2009 15:42    C:\Windows\winhelp.exe --------- 256192 
  10.06.2009 15:41    C:\Windows\twunk_16.exe --------- 49680 
  10.06.2009 15:41    C:\Windows\twain.dll --------- 94784 
  10.06.2009 15:34    C:\Windows\WMSysPr9.prx --------- 316640 
  10.06.2009 15:19    C:\Windows\msdfmap.ini --------- 1405 
  10.06.2009 15:14    C:\Windows\Starter.xml --------- 48201 
  10.06.2009 15:14    C:\Windows\HomePremium.xml --------- 48265 
  24.04.2007 09:51    C:\Windows\UNNeroShowTime.exe --------- 972336 
  20.03.2007 14:22    C:\Windows\UNNeroBackItUp.exe --------- 972336 
  12.03.2007 07:51    C:\Windows\UNNeroMediaHome.exe --------- 972336 
  28.02.2007 14:53    C:\Windows\UNNeroVision.exe --------- 972336 
  15.09.2005 07:35    C:\Windows\UNNeroMediaHome.cfg --------- 50 
  30.08.2005 14:37    C:\Windows\UNNeroVision.cfg --------- 50 
  30.08.2005 14:37    C:\Windows\UNNeroShowTime.cfg --------- 50 
  30.08.2005 14:33    C:\Windows\UNNeroBackItUp.cfg --------- 50 
  23.01.1998 04:20    C:\Windows\IsUn0407.exe --------- 305664 
----------------------------------------

 
C:\Windows\System

 13.07.2009 15:41      C:\Windows\System\OLESVR.DLL --------- 24064
 13.07.2009 15:41      C:\Windows\System\WFWNET.DRV --------- 12704
 13.07.2009 15:41      C:\Windows\System\COMMDLG.DLL --------- 32816
 13.07.2009 15:41      C:\Windows\System\TIMER.DRV --------- 4048
 13.07.2009 15:41      C:\Windows\System\MMSYSTEM.DLL --------- 68992
 13.07.2009 15:41      C:\Windows\System\mmtask.tsk --------- 1152
 13.07.2009 15:41      C:\Windows\System\mouse.drv --------- 2032
 13.07.2009 15:41      C:\Windows\System\vga.drv --------- 2176
 13.07.2009 15:41      C:\Windows\System\sound.drv --------- 1744
 13.07.2009 15:41      C:\Windows\System\keyboard.drv --------- 2000
 13.07.2009 15:41      C:\Windows\System\SHELL.DLL --------- 5120
 13.07.2009 15:41      C:\Windows\System\system.drv --------- 3360
 10.06.2009 15:42      C:\Windows\System\ver.dll --------- 9008
 10.06.2009 15:42      C:\Windows\System\olecli.dll --------- 82944
 10.06.2009 15:42      C:\Windows\System\lzexpand.dll --------- 9936
 10.06.2009 15:25      C:\Windows\System\stdole.tlb --------- 5532
 10.06.2009 15:21      C:\Windows\System\msvideo.dll --------- 126912
 10.06.2009 15:21      C:\Windows\System\mciwave.drv --------- 28160
 10.06.2009 15:21      C:\Windows\System\mciseq.drv --------- 25264
 10.06.2009 15:21      C:\Windows\System\mciavi.drv --------- 73376
 10.06.2009 15:21      C:\Windows\System\avifile.dll --------- 109456
 10.06.2009 15:21      C:\Windows\System\avicap.dll --------- 69584
----------------------------------------

 
C:\Windows\System32

 08.04.2011 10:37    C:\Windows\system32\drivers --------- 65536 
 08.04.2011 10:34    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 13456 
 08.04.2011 10:34    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 13456 
 08.04.2011 10:29    C:\Windows\system32\config --------- 28672 
 08.04.2011 09:49    C:\Windows\system32\perfc009.dat --------- 103568 
 08.04.2011 09:49    C:\Windows\system32\perfh009.dat --------- 607190 
 08.04.2011 09:49    C:\Windows\system32\perfh007.dat --------- 643866 
 08.04.2011 09:49    C:\Windows\system32\perfc007.dat --------- 126394 
 08.04.2011 09:49    C:\Windows\system32\PerfStringBackup.INI --------- 1472002 
 07.04.2011 23:24    C:\Windows\system32\sysprep --------- 0 
 29.03.2011 21:35    C:\Windows\system32\catroot2 --------- 16384 
 24.03.2011 22:34    C:\Windows\system32\FNTCACHE.DAT --------- 3834352 
 24.03.2011 14:13    C:\Windows\system32\catroot --------- 8192 
 24.03.2011 14:13    C:\Windows\system32\DriverStore --------- 0 
 02.03.2011 19:56    C:\Windows\system32\MRT.exe --------- 37943240 
 12.02.2011 13:00    C:\Windows\system32\jupdate-1.6.0_23-b05.log --------- 3734 
 11.02.2011 17:05    C:\Windows\system32\Tasks --------- 0 
 09.02.2011 22:32    C:\Windows\system32\migration --------- 0 
 02.02.2011 18:11    C:\Windows\system32\MpSigStub.exe --------- 222080 
 08.01.2011 16:25    C:\Windows\system32\QuickTime --------- 0 
 07.01.2011 01:27    C:\Windows\system32\atmlib.dll --------- 34304 
 06.01.2011 23:33    C:\Windows\system32\atmfd.dll --------- 294400 
 04.01.2011 23:37    C:\Windows\system32\vbscript.dll --------- 428032 
 04.01.2011 23:34    C:\Windows\system32\jscript.dll --------- 716800 
 04.01.2011 21:37    C:\Windows\system32\win32k.sys --------- 2329088 
 22.12.2010 23:28    C:\Windows\system32\sbe.dll --------- 850432 
 22.12.2010 23:28    C:\Windows\system32\EncDec.dll --------- 534528 
 22.12.2010 23:28    C:\Windows\system32\CPFilters.dll --------- 642048 
 22.12.2010 23:24    C:\Windows\system32\mpg2splt.ax --------- 199680 
 20.12.2010 02:52    C:\Windows\system32\NDF --------- 0 
 17.12.2010 23:32    C:\Windows\system32\wininet.dll --------- 981504 
 17.12.2010 23:32    C:\Windows\system32\urlmon.dll --------- 1228288 
 17.12.2010 23:30    C:\Windows\system32\mstscax.dll --------- 2690560 
 17.12.2010 23:30    C:\Windows\system32\mstime.dll --------- 606208 
 17.12.2010 23:30    C:\Windows\system32\mshtmled.dll --------- 67072 
 17.12.2010 23:30    C:\Windows\system32\mshtml.dll --------- 5980672 
 17.12.2010 23:30    C:\Windows\system32\msfeedsbs.dll --------- 64512 
 17.12.2010 23:30    C:\Windows\system32\msfeeds.dll --------- 599040 
 17.12.2010 23:29    C:\Windows\system32\licmgr10.dll --------- 44544 
 17.12.2010 23:29    C:\Windows\system32\kerberos.dll --------- 541184 
 17.12.2010 23:29    C:\Windows\system32\jsproxy.dll --------- 48128 
 17.12.2010 23:29    C:\Windows\system32\ieui.dll --------- 176640 
 17.12.2010 23:29    C:\Windows\system32\iertutil.dll --------- 2063360 
 17.12.2010 23:29    C:\Windows\system32\iepeers.dll --------- 185856 
 17.12.2010 23:29    C:\Windows\system32\ieframe.dll --------- 10989056 
 17.12.2010 23:29    C:\Windows\system32\iedkcs32.dll --------- 381440 
 17.12.2010 23:26    C:\Windows\system32\mstsc.exe --------- 1034240 
 17.12.2010 23:26    C:\Windows\system32\msfeedssync.exe --------- 12800 
 17.12.2010 22:20    C:\Windows\system32\html.iec --------- 386048 
 17.12.2010 21:47    C:\Windows\system32\mshtml.tlb --------- 1638912 
 16.12.2010 00:18    C:\Windows\system32\de-DE --------- 327680 
 12.11.2010 19:53    C:\Windows\system32\javaws.exe --------- 157472 
 12.11.2010 19:53    C:\Windows\system32\javaw.exe --------- 145184 
 12.11.2010 19:53    C:\Windows\system32\java.exe --------- 145184 
 12.11.2010 19:53    C:\Windows\system32\deployJava1.dll --------- 472808 
 11.11.2010 05:03    C:\Windows\system32\jupdate-1.6.0_22-b04.log --------- 4103 
 01.11.2010 22:41    C:\Windows\system32\wmicmiplugin.dll --------- 351232 
 01.11.2010 22:40    C:\Windows\system32\taskschd.dll --------- 496128 
 01.11.2010 22:40    C:\Windows\system32\taskcomp.dll --------- 305152 
 01.11.2010 22:39    C:\Windows\system32\schedsvc.dll --------- 749056 
 01.11.2010 22:34    C:\Windows\system32\taskeng.exe --------- 192000 
 01.11.2010 22:34    C:\Windows\system32\schtasks.exe --------- 179712 
 26.10.2010 22:43    C:\Windows\system32\ntoskrnl.exe --------- 3901824 
 26.10.2010 22:43    C:\Windows\system32\ntkrnlpa.exe --------- 3957120 
 26.10.2010 22:40    C:\Windows\system32\ntdll.dll --------- 1289536 
 26.10.2010 22:32    C:\Windows\system32\tzres.dll --------- 2048 
 15.10.2010 22:41    C:\Windows\system32\consent.exe --------- 101760 
 15.10.2010 22:36    C:\Windows\system32\webio.dll --------- 314368 
 15.10.2010 22:34    C:\Windows\system32\odbc32.dll --------- 573440 
 31.08.2010 22:29    C:\Windows\system32\wmp.dll --------- 11406848 
 31.08.2010 22:23    C:\Windows\system32\wmploc.DLL --------- 12625408 
 31.08.2010 13:14    C:\Windows\system32\jupdate-1.6.0_21-b07.log --------- 5351 
 30.08.2010 22:32    C:\Windows\system32\mfc40u.dll --------- 954288 
 30.08.2010 22:32    C:\Windows\system32\mfc40.dll --------- 954752 
 26.08.2010 23:46    C:\Windows\system32\srvsvc.dll --------- 168448 
 25.08.2010 22:39    C:\Windows\system32\t2embed.dll --------- 109056 
 20.08.2010 23:36    C:\Windows\system32\wmpmde.dll --------- 738816 
 20.08.2010 23:36    C:\Windows\system32\schannel.dll --------- 224256 
 20.08.2010 23:33    C:\Windows\system32\comctl32.dll --------- 530432 
 20.08.2010 23:32    C:\Windows\system32\spoolsv.exe --------- 316928 
 15.08.2010 00:41    C:\Windows\system32\Lang --------- 0 
 14.08.2010 06:00    C:\Windows\system32\x64 --------- 0 
 29.07.2010 06:09    C:\Windows\system32\wdi --------- 4096 
 29.07.2010 00:30    C:\Windows\system32\ir32_32.dll --------- 197632 
 29.07.2010 00:30    C:\Windows\system32\iccvid.dll --------- 82944 
 27.07.2010 08:03    C:\Windows\system32\shell32.dll --------- 12867584 
 28.06.2010 23:02    C:\Windows\system32\ole32.dll --------- 1413632 
 22.06.2010 23:30    C:\Windows\system32\tsccvid.dll --------- 411480 
 19.06.2010 00:23    C:\Windows\system32\rtutils.dll --------- 37376 
 08.06.2010 00:02    C:\Windows\system32\msxml3.dll --------- 1233920 
 26.05.2010 10:59    C:\Windows\system32\Wat --------- 0 
 05.05.2010 00:46    C:\Windows\system32\StructuredQuery.dll --------- 363520 
 03.05.2010 07:53    C:\Windows\system32\MSCHVBXM --------- 4098 
 26.04.2010 16:04    C:\Windows\system32\DivXControlPanelApplet.cpl --------- 353592 
 22.04.2010 06:29    C:\Windows\system32\lvcoinst.log --------- 11736 
 14.04.2010 14:20    C:\Windows\system32\GroupPolicy --------- 0 
 20.03.2010 12:11    C:\Windows\system32\FM20DEU.DLL --------- 36736 
 10.03.2010 13:29    C:\Windows\system32\dpl100.dll --------- 94208 
 05.03.2010 03:13    C:\Windows\system32\msjava.dll --------- 947472 
 05.03.2010 01:42    C:\Windows\system32\asycfilt.dll --------- 67584 
----------------------------------------

 
C:\Windows\Prefetch

 08.04.2011 10:56    C:\Windows\Prefetch\ReadyBoot --------- 4096 
 08.04.2011 10:55    C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 1373845 
 08.04.2011 10:55    C:\Windows\Prefetch\AgGlFaultHistory.db --------- 493739 
 08.04.2011 10:55    C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 2336149 
 08.04.2011 10:55    C:\Windows\Prefetch\AgRobust.db --------- 299804 
 08.04.2011 10:55    C:\Windows\Prefetch\PfSvPerfStats.bin --------- 508 
 08.04.2011 10:38    C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf --------- 43308 
 08.04.2011 10:38    C:\Windows\Prefetch\DISPLAYLINKKENSINGTONSUPPORT.-4A9C90F1.pf --------- 18028 
 08.04.2011 10:38    C:\Windows\Prefetch\DISPLAYLINKUI.EXE-70773ADB.pf --------- 24284 
 08.04.2011 10:37    C:\Windows\Prefetch\CONSENT.EXE-65F6206D.pf --------- 117942 
 08.04.2011 10:37    C:\Windows\Prefetch\DLLHOST.EXE-71214090.pf --------- 42638 
 08.04.2011 10:37    C:\Windows\Prefetch\PING.EXE-B29F6629.pf --------- 14828 
 08.04.2011 10:37    C:\Windows\Prefetch\CONHOST.EXE-3218E401.pf --------- 14314 
 08.04.2011 10:36    C:\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf --------- 33912 
 08.04.2011 10:35    C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf --------- 54288 
 08.04.2011 10:35    C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf --------- 28726 
 08.04.2011 10:31    C:\Windows\Prefetch\SVCHOST.EXE-8FD92526.pf --------- 20694 
 08.04.2011 10:31    C:\Windows\Prefetch\VSSVC.EXE-04D079CC.pf --------- 28274 
 08.04.2011 10:31    C:\Windows\Prefetch\SVCHOST.EXE-93CEEE07.pf --------- 62884 
 08.04.2011 10:30    C:\Windows\Prefetch\TASKHOST.EXE-437C05A8.pf --------- 76958 
 08.04.2011 10:30    C:\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf --------- 20252 
 08.04.2011 10:29    C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf --------- 72670 
 08.04.2011 10:29    C:\Windows\Prefetch\AgCx_SC4.db --------- 309398 
 08.04.2011 10:29    C:\Windows\Prefetch\WUAUCLT.EXE-830BCC14.pf --------- 56292 
 08.04.2011 10:28    C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf --------- 39260 
 08.04.2011 10:28    C:\Windows\Prefetch\SPPSVC.EXE-CBE91656.pf --------- 24846 
 08.04.2011 10:28    C:\Windows\Prefetch\WMPNETWK.EXE-BD0344CA.pf --------- 69152 
 08.04.2011 10:28    C:\Windows\Prefetch\WMPNSCFG.EXE-DF1DD51A.pf --------- 19082 
 08.04.2011 10:28    C:\Windows\Prefetch\SEARCHINDEXER.EXE-77D27BAC.pf --------- 85290 
 08.04.2011 10:28    C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf --------- 201106 
 08.04.2011 10:28    C:\Windows\Prefetch\DWM.EXE-AEABE78B.pf --------- 44378 
 08.04.2011 10:28    C:\Windows\Prefetch\USERINIT.EXE-F39AB672.pf --------- 23942 
 08.04.2011 10:27    C:\Windows\Prefetch\ATBROKER.EXE-FF58B71D.pf --------- 10564 
 08.04.2011 09:52    C:\Windows\Prefetch\ACRORD32INFO.EXE-E3F62CBD.pf --------- 78004 
 08.04.2011 09:52    C:\Windows\Prefetch\MIKTEX-TEXWORKS.EXE-730A698D.pf --------- 92954 
 08.04.2011 09:47    C:\Windows\Prefetch\WUDFHOST.EXE-81420B07.pf --------- 25930 
 08.04.2011 09:46    C:\Windows\Prefetch\AUDIODG.EXE-D0D776AC.pf --------- 23096 
 08.04.2011 09:35    C:\Windows\Prefetch\AVP.EXE-66FE3676.pf --------- 131754 
 08.04.2011 09:31    C:\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf --------- 19976 
 08.04.2011 09:28    C:\Windows\Prefetch\IGFXSRVC.EXE-67E7A62F.pf --------- 30290 
 08.04.2011 09:28    C:\Windows\Prefetch\IELOWUTIL.EXE-79D45B69.pf --------- 1402 
 08.04.2011 09:26    C:\Windows\Prefetch\KLWTBLFS.EXE-BD8E3D08.pf --------- 15204 
 08.04.2011 09:21    C:\Windows\Prefetch\RUNDLL32.EXE-AFD98684.pf --------- 15530 
 08.04.2011 08:19    C:\Windows\Prefetch\DLLHOST.EXE-53B78AD0.pf --------- 37768 
 08.04.2011 08:18    C:\Windows\Prefetch\SVCHOST.EXE-DB4C36D7.pf --------- 31902 
 08.04.2011 08:11    C:\Windows\Prefetch\TASKENG.EXE-5BAF290C.pf --------- 22616 
 07.04.2011 23:28    C:\Windows\Prefetch\OSPPSVC.EXE-FFA150A3.pf --------- 69032 
 07.04.2011 23:28    C:\Windows\Prefetch\PRINTISOLATIONHOST.EXE-83C184C4.pf --------- 15000 
 07.04.2011 23:28    C:\Windows\Prefetch\POWERPNT.EXE-C61D24E7.pf --------- 150592 
 07.04.2011 22:27    C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-1D5F6C6B.pf --------- 54662 
 07.04.2011 22:06    C:\Windows\Prefetch\SKYPEPM.EXE-2C1AF4F8.pf --------- 99332 
 07.04.2011 22:05    C:\Windows\Prefetch\SKYPE.EXE-40964AC7.pf --------- 164344 
 07.04.2011 22:05    C:\Windows\Prefetch\LVPRCSRV.EXE-E0306B6B.pf --------- 12576 
 07.04.2011 22:03    C:\Windows\Prefetch\THUNDERBIRD.EXE-EDED9AF7.pf --------- 252746 
 07.04.2011 22:02    C:\Windows\Prefetch\LULNCHR.EXE-E46CB67E.pf --------- 86564 
 07.04.2011 22:02    C:\Windows\Prefetch\LOGITECHUPDATE.EXE-55456C00.pf --------- 34410 
 07.04.2011 22:01    C:\Windows\Prefetch\FIREFOX.EXE-E60C0AA7.pf --------- 219566 
 07.04.2011 22:01    C:\Windows\Prefetch\SVCHOST.EXE-18D06B2E.pf --------- 6660 
 07.04.2011 22:01    C:\Windows\Prefetch\DROPBOX.EXE-6F5B5EDB.pf --------- 114496 
 07.04.2011 22:01    C:\Windows\Prefetch\CMD.EXE-89305D47.pf --------- 10908 
 07.04.2011 22:00    C:\Windows\Prefetch\WEBUPDATER.EXE-F58A287C.pf --------- 47714 
 07.04.2011 22:00    C:\Windows\Prefetch\SIDEBAR.EXE-3A7B3FCC.pf --------- 78692 
 07.04.2011 22:00    C:\Windows\Prefetch\DTLITE.EXE-77D34F4E.pf --------- 67736 
 07.04.2011 22:00    C:\Windows\Prefetch\RAINLENDAR2.EXE-437E37B5.pf --------- 81750 
 07.04.2011 22:00    C:\Windows\Prefetch\USBTIP.EXE-BF2C7046.pf --------- 26310 
 07.04.2011 22:00    C:\Windows\Prefetch\READER_SL.EXE-565703D6.pf --------- 13150 
 07.04.2011 22:00    C:\Windows\Prefetch\ADOBEARM.EXE-ACA00A4A.pf --------- 23094 
 07.04.2011 22:00    C:\Windows\Prefetch\SWITCHBOARD.EXE-7E935F90.pf --------- 30446 
 07.04.2011 22:00    C:\Windows\Prefetch\JUSCHED.EXE-07F32FAE.pf --------- 13964 
 07.04.2011 22:00    C:\Windows\Prefetch\UPDATERSTARTUPUTILITY.EXE-4E353C23.pf --------- 25712 
 07.04.2011 22:00    C:\Windows\Prefetch\CS5SERVICEMANAGER.EXE-5B253472.pf --------- 31260 
 07.04.2011 22:00    C:\Windows\Prefetch\IGFXPERS.EXE-F690CC93.pf --------- 17740 
 07.04.2011 22:00    C:\Windows\Prefetch\HKCMD.EXE-FA3EB5EE.pf --------- 18506 
 07.04.2011 22:00    C:\Windows\Prefetch\LWS.EXE-CC076DEB.pf --------- 59740 
 07.04.2011 22:00    C:\Windows\Prefetch\IGFXTRAY.EXE-95873609.pf --------- 19562 
 07.04.2011 22:00    C:\Windows\Prefetch\EREG.EXE-EEF5DFA3.pf --------- 26222 
 07.04.2011 21:59    C:\Windows\Prefetch\BCSSYNC.EXE-E11E559D.pf --------- 16300 
 07.04.2011 21:59    C:\Windows\Prefetch\IPODSERVICE.EXE-FE1A6FF7.pf --------- 19344 
 07.04.2011 21:59    C:\Windows\Prefetch\OPENVPN.EXE-51BE6D5E.pf --------- 17376 
 07.04.2011 21:59    C:\Windows\Prefetch\FJSSDMN.EXE-EB13373A.pf --------- 16722 
 07.04.2011 21:59    C:\Windows\Prefetch\SSBKGDUPDATE.EXE-2DA63B57.pf --------- 15888 
 07.04.2011 21:59    C:\Windows\Prefetch\BTNHND.EXE-3BD76FB3.pf --------- 17950 
 07.04.2011 21:59    C:\Windows\Prefetch\QUICKTOUCH.EXE-C66F2D8B.pf --------- 36808 
 07.04.2011 21:59    C:\Windows\Prefetch\INDICATORUTY.EXE-E859F9BC.pf --------- 18846 
 07.04.2011 21:59    C:\Windows\Prefetch\FUJ02E3.EXE-A0823DBD.pf --------- 14832 
 07.04.2011 21:59    C:\Windows\Prefetch\ITUNESHELPER.EXE-302622F9.pf --------- 75474 
 07.04.2011 21:54    C:\Windows\Prefetch\SVCHOST.EXE-4D8DA32A.pf --------- 24010 
 07.04.2011 21:54    C:\Windows\Prefetch\SVCHOST.EXE-B1D6DE75.pf --------- 19924 
 07.04.2011 18:06    C:\Windows\Prefetch\WINWORD.EXE-19416D26.pf --------- 221610 
 07.04.2011 18:03    C:\Windows\Prefetch\MSPAINT.EXE-89BB51A7.pf --------- 95820 
 07.04.2011 18:02    C:\Windows\Prefetch\TEXIFY.EXE-52D3EFBC.pf --------- 27196 
 07.04.2011 18:02    C:\Windows\Prefetch\PDFLATEX.EXE-F0A21ED7.pf --------- 116926 
 07.04.2011 18:02    C:\Windows\Prefetch\BIBTEX.EXE-4C074E6D.pf --------- 26122 
 07.04.2011 17:05    C:\Windows\Prefetch\ACRORD32.EXE-C2658FE9.pf --------- 87690 
 07.04.2011 16:59    C:\Windows\Prefetch\JAVAW.EXE-C4EA16F0.pf --------- 166406 
 07.04.2011 16:52    C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-631388349-1085569318-2024419824-1001.db --------- 943493 
 07.04.2011 16:52    C:\Windows\Prefetch\AgGlUAD_S-1-5-21-631388349-1085569318-2024419824-1001.db --------- 1267329 
 07.04.2011 16:13    C:\Windows\Prefetch\AgCx_SC2.db --------- 800696 
 07.04.2011 16:11    C:\Windows\Prefetch\PTC_D.EXE-50C7BF6C.pf --------- 23994 
 07.04.2011 11:51    C:\Windows\Prefetch\EXCEL.EXE-F0766CF1.pf --------- 154236 
 07.04.2011 11:42    C:\Windows\Prefetch\PDFTEX.EXE-ADEB943E.pf --------- 29180 
 07.04.2011 11:30    C:\Windows\Prefetch\FOXITR~1.EXE-54C77552.pf --------- 91340 
 07.04.2011 10:54    C:\Windows\Prefetch\DLLHOST.EXE-6202E8F2.pf --------- 213674 
 07.04.2011 10:24    C:\Windows\Prefetch\RUNDLL32.EXE-B641F777.pf --------- 33908 
 07.04.2011 09:51    C:\Windows\Prefetch\OUTLOOK.EXE-6869E875.pf --------- 265070 
 07.04.2011 09:46    C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 3350318 
 07.04.2011 08:37    C:\Windows\Prefetch\ITUNES.EXE-049DB451.pf --------- 271298 
 07.04.2011 08:01    C:\Windows\Prefetch\QTTASK.EXE-D42B72A5.pf --------- 10784 
 06.04.2011 16:59    C:\Windows\Prefetch\WERFAULT.EXE-B7E27BE5.pf --------- 33982 
 06.04.2011 15:22    C:\Windows\Prefetch\PAINTDOTNET.EXE-A48207C8.pf --------- 139468 
 06.04.2011 15:14    C:\Windows\Prefetch\MATLAB.EXE-83FCC2C9.pf --------- 317714 
 06.04.2011 15:14    C:\Windows\Prefetch\MATLAB.EXE-F8C74B66.pf --------- 31212 
 06.04.2011 15:14    C:\Windows\Prefetch\VCRT_CHECK.EXE-9270A550.pf --------- 17660 
 06.04.2011 13:34    C:\Windows\Prefetch\W32TM.EXE-5D2265F4.pf --------- 15448 
 06.04.2011 13:33    C:\Windows\Prefetch\CSC.EXE-4EF173D0.pf --------- 40938 
 06.04.2011 13:33    C:\Windows\Prefetch\CVTRES.EXE-419E4E46.pf --------- 13220 
 06.04.2011 13:33    C:\Windows\Prefetch\SDIAGNHOST.EXE-67CD1457.pf --------- 63440 
 06.04.2011 13:33    C:\Windows\Prefetch\RUNDLL32.EXE-85E123DD.pf --------- 8630 
 06.04.2011 13:26    C:\Windows\Prefetch\RUNDLL32.EXE-125D4518.pf --------- 43814 
 06.04.2011 13:23    C:\Windows\Prefetch\SVCHOST.EXE-8DA0BAAD.pf --------- 17266 
 06.04.2011 13:23    C:\Windows\Prefetch\DEFRAG.EXE-738093E8.pf --------- 15134 
 06.04.2011 13:23    C:\Windows\Prefetch\Layout.ini --------- 1261444 
 06.04.2011 08:01    C:\Windows\Prefetch\DISPSWITCHLAUNCHER.EXE-B5D5114D.pf --------- 15864 
 05.04.2011 15:08    C:\Windows\Prefetch\MPSIGSTUB.EXE-7C60A359.pf --------- 25040 
 05.04.2011 15:08    C:\Windows\Prefetch\MPMINISIGSTUB.EXE-5E580501.pf --------- 7166 
 05.04.2011 15:08    C:\Windows\Prefetch\MPAS-D_BD1.EXE-B82677C3.pf --------- 15744 
 05.04.2011 10:55    C:\Windows\Prefetch\RUNDLL32.EXE-A5D8DA74.pf --------- 18540 
 05.04.2011 10:54    C:\Windows\Prefetch\DEVICEDISPLAYOBJECTPROVIDER.E-5B0FD533.pf --------- 33620 
 05.04.2011 10:50    C:\Windows\Prefetch\SVCHOST.EXE-7488A139.pf --------- 22334 
 05.04.2011 08:00    C:\Windows\Prefetch\COCIMANAGER.EXE-24AD6BC2.pf --------- 22156 
 04.04.2011 16:06    C:\Windows\Prefetch\CALC.EXE-AC08706A.pf --------- 23096 
 04.04.2011 15:12    C:\Windows\Prefetch\JAVAWS.EXE-25FD1E0F.pf --------- 18906 
 04.04.2011 15:12    C:\Windows\Prefetch\JAUCHECK.EXE-04AFF24E.pf --------- 33028 
 04.04.2011 14:54    C:\Windows\Prefetch\IZARC.EXE-1472F2CB.pf --------- 139640 
 04.04.2011 13:16    C:\Windows\Prefetch\SNDVOL.EXE-783DCB11.pf --------- 26990 
 03.04.2011 23:00    C:\Windows\Prefetch\WSQMCONS.EXE-E2CE6542.pf --------- 1242 
 03.04.2011 21:30    C:\Windows\Prefetch\INSTALLFLASHPLAYER.EXE-5258DA1C.pf --------- 22546 
 03.04.2011 21:28    C:\Windows\Prefetch\SC.EXE-BC6DAF49.pf --------- 3606 
 01.04.2011 14:59    C:\Windows\Prefetch\DLLHOST.EXE-91B07125.pf --------- 15754 
 01.04.2011 14:59    C:\Windows\Prefetch\SOFTWAREUPDATE.EXE-2B0C49F7.pf --------- 26590 
 01.04.2011 14:57    C:\Windows\Prefetch\AgCx_SC1.db --------- 687516 
 01.04.2011 14:56    C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 280194 
 08.02.2010 08:22    C:\Windows\Prefetch\AgAppLaunch.db --------- 332116 
----------------------------------------

 
C:\Windows\Tasks

 08.04.2011 10:53    C:\Windows\Tasks\SA.DAT --------- 6 
 12.02.2011 03:21    C:\Windows\Tasks\SCHEDLGU.TXT --------- 32632 
----------------------------------------

 
C:\Windows\Temp

 08.04.2011 10:53    C:\Windows\Temp\spserv.dat --------- 1024 
----------------------------------------

 
C:\Users\Hens\AppData\Local\Temp

 08.04.2011 10:56    C:\Users\Hens\AppData\Local\Temp\WPDNSE --------- 0 
 08.04.2011 10:52    C:\Users\Hens\AppData\Local\Temp\js6cy226kpp3fu006bryc5cx757a25077l2 --------- 8578 
 08.04.2011 10:44    C:\Users\Hens\AppData\Local\Temp\mik64428 --------- 0 
 08.04.2011 09:26    C:\Users\Hens\AppData\Local\Temp\Low --------- 0 
 07.04.2011 23:24    C:\Users\Hens\AppData\Local\Temp\0.46982674232693467.exe --------- 217202 
 07.04.2011 22:00    C:\Users\Hens\AppData\Local\Temp\manifest.xml --------- 5275 
 07.04.2011 22:00    C:\Users\Hens\AppData\Local\Temp\config.xml --------- 0 
 07.04.2011 22:00    C:\Users\Hens\AppData\Local\Temp\de-de --------- 0 
 07.04.2011 22:00    C:\Users\Hens\AppData\Local\Temp\en-us --------- 0 
 07.04.2011 22:00    C:\Users\Hens\AppData\Local\Temp\resource.h --------- 0 
 08.02.2010 08:31    C:\Users\Hens\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0 
----------------------------------------

 
C:\Program Files

 08.04.2011 10:37    C:\Program Files\Malwarebytes' Anti-Malware --------- 4096 
 08.04.2011 10:37    C:\Program Files\CCleaner --------- 0 
 08.04.2011 10:32    C:\Program Files\Trend Micro --------- 0 
 31.03.2011 09:17    C:\Program Files\Adobe --------- 4096 
 24.03.2011 22:55    C:\Program Files\Mozilla Firefox --------- 32768 
 24.03.2011 14:12    C:\Program Files\Common Files --------- 4096 
 24.03.2011 14:00    C:\Program Files\Pinnacle --------- 0 
 24.03.2011 12:50    C:\Program Files\SafeNet Sentinel --------- 0 
 24.03.2011 12:50    C:\Program Files\InstallShield Installation Information --------- 0 
 24.03.2011 12:37    C:\Program Files\Motion Analysis --------- 0 
 08.03.2011 09:52    C:\Program Files\Mozilla Thunderbird --------- 28672 
 21.02.2011 00:12    C:\Program Files\Paint.NET --------- 16384 
 12.02.2011 13:00    C:\Program Files\Java --------- 4096 
 09.02.2011 22:32    C:\Program Files\Internet Explorer --------- 4096 
 18.01.2011 11:09    C:\Program Files\MATLAB --------- 0 
 18.01.2011 10:19    C:\Program Files\KinTrak 7.0 --------- 0 
 08.01.2011 16:24    C:\Program Files\TechSmith --------- 0 
 31.12.2010 11:23    C:\Program Files\Skype --------- 0 
 16.12.2010 00:18    C:\Program Files\Windows Mail --------- 0 
 15.12.2010 15:37    C:\Program Files\JDownloader --------- 0 
 07.12.2010 13:04    C:\Program Files\Ask.com --------- 4096 
 07.12.2010 13:04    C:\Program Files\Foxit Software --------- 0 
 07.11.2010 11:53    C:\Program Files\IrfanView --------- 0 
 07.11.2010 11:47    C:\Program Files\Ghostgum --------- 0 
 07.11.2010 07:34    C:\Program Files\Ghostscript --------- 0 
 07.11.2010 07:23    C:\Program Files\Texmaker --------- 16384 
 07.11.2010 07:21    C:\Program Files\TeXnicCenter --------- 0 
 07.11.2010 01:26    C:\Program Files\MiKTeX 2.9 --------- 4096 
 03.11.2010 13:16    C:\Program Files\Adobe Media Player --------- 0 
 13.10.2010 07:23    C:\Program Files\Windows Media Player --------- 4096 
 12.09.2010 01:28    C:\Program Files\Logitech --------- 0 
 15.08.2010 00:41    C:\Program Files\Intel --------- 0 
 06.08.2010 02:48    C:\Program Files\DVDVideoSoft --------- 0 
 19.07.2010 13:47    C:\Program Files\7-Zip --------- 0 
 19.07.2010 13:38    C:\Program Files\Microsoft Synchronization Services --------- 0 
 19.07.2010 13:37    C:\Program Files\Microsoft Office --------- 4096 
 19.07.2010 13:37    C:\Program Files\Microsoft SQL Server Compact Edition --------- 0 
 19.07.2010 13:37    C:\Program Files\Microsoft.NET --------- 0 
 19.07.2010 13:32    C:\Program Files\Microsoft Analysis Services --------- 0 
 19.07.2010 13:06    C:\Program Files\IZArc --------- 4096 
 12.06.2010 08:53    C:\Program Files\PCTV Systems --------- 0 
 09.06.2010 12:12    C:\Program Files\Avanquest update --------- 0 
 07.06.2010 14:41    C:\Program Files\MDESIGN --------- 0 
 06.06.2010 04:09    C:\Program Files\MyPhoneExplorer --------- 4096 
 31.05.2010 02:48    C:\Program Files\DisplayLink Core Software --------- 8192 
 16.05.2010 10:57    C:\Program Files\MSECache --------- 0 
 05.05.2010 03:36    C:\Program Files\DAEMON Tools Lite --------- 0 
 21.04.2010 11:57    C:\Program Files\Microsoft CAPICOM 2.1.0.2 --------- 0 
 15.04.2010 03:48    C:\Program Files\WinRAR --------- 4096 
 14.04.2010 14:20    C:\Program Files\ScanSoft --------- 0 
 22.03.2010 07:19    C:\Program Files\HBM --------- 0 
 12.03.2010 10:05    C:\Program Files\proeWildfire 4.0 --------- 8192 
 12.03.2010 09:57    C:\Program Files\flexnet --------- 4096 
 06.03.2010 04:32    C:\Program Files\PokerStars.NET --------- 8192 
 02.03.2010 01:18    C:\Program Files\OpenVPN --------- 4096 
 01.03.2010 08:22    C:\Program Files\MSXML 4.0 --------- 0 
 27.02.2010 11:09    C:\Program Files\Nero --------- 0 
 21.02.2010 15:40    C:\Program Files\Fujitsu --------- 4096 
 21.02.2010 15:32    C:\Program Files\O2Micro OZ711 SCR Driver --------- 0 
 21.02.2010 15:30    C:\Program Files\Sierra Wireless Inc --------- 0 
 09.02.2010 14:57    C:\Program Files\Microsoft --------- 0 
 09.02.2010 14:57    C:\Program Files\Windows Live --------- 0 
 09.02.2010 14:57    C:\Program Files\Windows Live SkyDrive --------- 0 
 09.02.2010 03:29    C:\Program Files\Kensington Display Adapter --------- 0 
 08.02.2010 10:39    C:\Program Files\iTunes --------- 4096 
 08.02.2010 10:38    C:\Program Files\iPod --------- 0 
 08.02.2010 10:38    C:\Program Files\Bonjour --------- 0 
 08.02.2010 10:38    C:\Program Files\QuickTime --------- 4096 
 08.02.2010 10:37    C:\Program Files\Apple Software Update --------- 4096 
 08.02.2010 10:04    C:\Program Files\Rainlendar2 --------- 0 
 08.02.2010 09:05    C:\Program Files\VideoLAN --------- 0 
 08.02.2010 08:41    C:\Program Files\Kaspersky Lab --------- 0 
 08.02.2010 08:29    C:\Program Files\Windows NT --------- 4096 
 08.02.2010 08:29    C:\Program Files\Gemeinsame Dateien --------- 0 
 14.07.2009 02:56    C:\Program Files\DVD Maker --------- 0 
 14.07.2009 02:56    C:\Program Files\Windows Journal --------- 0 
 14.07.2009 02:56    C:\Program Files\Microsoft Games --------- 0 
 14.07.2009 02:47    C:\Program Files\Windows Sidebar --------- 0 
 14.07.2009 02:47    C:\Program Files\Windows Photo Viewer --------- 0 
 14.07.2009 02:47    C:\Program Files\Windows Defender --------- 0 
 13.07.2009 22:53    C:\Program Files\Uninstall Information --------- 0 
 13.07.2009 22:52    C:\Program Files\Windows Portable Devices --------- 0 
 13.07.2009 22:52    C:\Program Files\Reference Assemblies --------- 0 
 13.07.2009 22:52    C:\Program Files\MSBuild --------- 0 
 13.07.2009 22:41    C:\Program Files\desktop.ini --------- 174 
----------------------------------------

 
C:\ProgramData\..

Hens   
Default   
Public   
Default User   
All Users   
desktop.ini   
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com

----------------------------------------

 

Abbildname                    PID Sitzungsname      Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                  0            24 K
System                          4 Services                  0          712 K
smss.exe                      288 Services                  0          820 K
csrss.exe                      384 Services                  0        2.804 K
csrss.exe                      432 Console                    1        4.608 K
wininit.exe                    440 Services                  0        3.572 K
services.exe                  500 Services                  0        5.304 K
lsass.exe                      508 Services                  0        7.244 K
lsm.exe                        520 Services                  0        2.800 K
winlogon.exe                  552 Console                    1        4.444 K
svchost.exe                    660 Services                  0        6.532 K
svchost.exe                    740 Services                  0        4.548 K
svchost.exe                    792 Services                  0        7.512 K
svchost.exe                    860 Services                  0        9.460 K
svchost.exe                    920 Services                  0        3.596 K
svchost.exe                    984 Services                  0        4.008 K
explorer.exe                  1140 Console                    1        47.812 K
ctfmon.exe                    1196 Console                    1        3.124 K
cmd.exe                      2012 Console                    1        3.248 K
conhost.exe                  2020 Console                    1        2.984 K
tasklist.exe                  952 Console                    1        4.200 K
dllhost.exe                  1316 Console                    1        5.596 K
WmiPrvSE.exe                  1400 Services                  0        4.756 K

 
***** Ende des Scans 08.04.2011 um 10:59:44,33 ***
Programme:

Code:
Adobe AIR        Adobe Systems Inc.        03.11.2010                1.5.3.9120
Adobe Community Help        Adobe Systems Incorporated        03.11.2010                3.0.0.400
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        06.08.2010        6,00MB        10.1.53.64
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        03.04.2011        6,00MB        10.2.153.1
Adobe Media Player        Adobe Systems Incorporated        03.11.2010                1.8
Adobe Photoshop CS5        Adobe Systems Incorporated        03.11.2010        1.559MB        12.0
Adobe Reader 9.4.3 - Deutsch        Adobe Systems Incorporated        31.03.2011        164,6MB        9.4.3
Adobe Shockwave Player 11.5        Adobe Systems, Inc.        05.10.2010                11.5.8.612
Akamai NetSession Interface                03.11.2010               
Apple Application Support        Apple Inc.        08.02.2010        32,4MB        1.1.0
Apple Mobile Device Support        Apple Inc.        08.02.2010        40,4MB        2.6.0.32
Apple Software Update        Apple Inc.        08.02.2010        2,16MB        2.1.1.116
Avanquest update        Avanquest Software        09.06.2010                1.22
Bonjour        Apple Inc.        08.02.2010        0,49MB        1.0.106
Camtasia Studio 7        TechSmith Corporation        08.01.2011        219MB        7.0.1
catmanEasy/AP  3.0.4.100        Hottinger Baldwin Messtechnik GmbH        22.03.2010                3.0.4.100
CCleaner        Piriform        08.04.2011                3.05
Compatibility Pack for the 2007 Office system        Microsoft Corporation        10.11.2010        129,5MB        12.0.6514.5001
DisplayLink Core Software        DisplayLink Corp.        09.02.2010        12,8MB        5.2.22617.0
DivX-Setup        DivX, Inc.        04.10.2010                2.1.0.12
Dropbox                24.09.2010                0.7.110
EVaRT 5.0.4        Motion Analysis Corporation        24.03.2011        62,5MB        5.0.4
Facebook Plug-In        Facebook, Inc.        12.04.2010               
Faraday's Electromagnetic Lab        University of Colorado, Department of Physics        07.03.2010               
Foxit Reader        Foxit Corporation        07.12.2010        11,1MB        4.3.0.1110
Foxit Toolbar        Ask.com        07.12.2010        2,57MB        1.9.1.0
Free Audio CD Burner version 1.4.7        DVDVideoSoft Limited.        26.03.2011        10,7MB       
Free Studio version 5.0.6        DVDVideoSoft Limited.        24.03.2011        258MB       
Free YouTube Download 2.8        DVDVideoSoft Limited.        29.07.2010        25,5MB       
Free YouTube to MP3 Converter version 3.9.35.324        DVDVideoSoft Limited.        26.03.2011        36,0MB       
Fujitsu Display Manager        FUJITSU LIMITED        21.02.2010        1,09MB        50.0.1.0
Fujitsu Hotkey Utility        FUJITSU LIMITED        21.02.2010        0,22MB        3.0.0.0
Fujitsu MobilityCenter Extension Utility        FUJITSU LIMITED        21.02.2010        0,28MB        1.1.0.0
Fujitsu System Extension Utility        FUJITSU LIMITED        21.02.2010        0,13MB        2.1.1.0
GPL Ghostscript 9.00                07.11.2010               
GSview 4.9                07.11.2010               
HBM TEDS Editor        Hottinger Baldwin Messtechnik GmbH        22.03.2010                3.0.0.86
HiJackThis        Trend Micro        08.04.2011        0,36MB        1.0.0
HijackThis 2.0.2        TrendMicro        08.04.2011                2.0.2
Intel(R) Graphics Media Accelerator Driver        Intel Corporation        15.08.2010        54,3MB        8.15.10.1930
Intel(R) TV Wizard        Intel Corporation        15.08.2010               
IrfanView (remove only)        Irfan Skiljan        07.11.2010        1,50MB        4.27
iTunes        Apple Inc.        08.02.2010        146,3MB        9.0.3.15
IZArc 4.1.2        Ivan Zahariev        19.07.2010        13,8MB        4.1.2
Java(TM) 6 Update 23        Sun Microsystems, Inc.        23.05.2010        94,5MB        6.0.230
Java(TM) 6 Update 5        Sun Microsystems, Inc.        08.02.2010        140,9MB        1.6.0.50
JDownloader        AppWork UG (haftungsbeschränkt)        13.04.2010                0.89
Kaspersky Anti-Virus 2010        Kaspersky Lab        08.02.2010                9.0.0.459
Kensington Display Adapter        Kensington Computer Products Group        09.02.2010        1,83MB        5.2.22663.0
KinTrak 7.0        University of Calgary        18.01.2011        32,8MB        7.0.25
LifeBook Application Panel        FUJITSU LIMITED        21.02.2010        5,48MB        7.0.0.0
Logitech Vid HD        Logitech Inc..        11.09.2010                7.2 (7230)
Logitech Webcam Software        Logitech Inc.        21.04.2010        43,9MB        12.10.1113
Logitech Webcam Software-Treiberpaket        Logitech Inc.        20.04.2010                12.10.1110
Malwarebytes' Anti-Malware        Malwarebytes Corporation        08.04.2011        10,5MB       
MATLAB R2010a        The MathWorks, Inc.        18.01.2011                7.10
MDESIGN Roloff-Matek Edition                07.06.2010                2009
Microsoft Office Professional Plus 2010        Microsoft Corporation        19.07.2010                14.0.4763.1000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        16.02.2010        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        12.02.2010        0,42MB        8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        10.02.2010        0,20MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        08.02.2010        0,58MB        9.0.30729
MiKTeX 2.9        MiKTeX.org        07.11.2010                2.9
Mozilla Firefox 4.0 (x86 en-US)        Mozilla        24.03.2011        33,7MB        4.0
Mozilla Thunderbird (3.1.9)        Mozilla        08.03.2011                3.1.9 (de)
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        01.03.2010        35,00KB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        01.03.2010        1,33MB        4.20.9876.0
MSXML 4.0 SP2 Parser and SDK        Microsoft Corporation        12.06.2010        36,00KB        4.20.9818.0
MyPhoneExplorer        F.J. Wechselberger        06.06.2010                1.7.6
Nero 7 Essentials        Nero AG        27.02.2010        1.814MB        7.02.8076
OpenVPN 2.0.9-gui-1.0.3                02.03.2010               
OZ711 SCR Driver V3.0.0.9A        O2Micro        21.02.2010        0,95MB        3.0.0.9A
Paint.NET v3.5.7        dotPDN LLC        20.02.2011        10,4MB        3.57.0
Pinnacle Studio 14        Pinnacle Systems        24.03.2011        2.030MB        14.0.0.7255
Pinnacle Video Treiber        Pinnacle Systems        24.03.2011        4,96MB        12.1.0.030
PokerStars.net        PokerStars.net        05.03.2010               
Power Saving Utility        Fujitsu LIMITED        21.02.2010        0,76MB        3.1.1.0
Pro/ENGINEER Release Wildfire 4.0 Datecode F000        PTC        12.03.2010                Wildfire 4.0
PTC License Server Release Wildfire 4.0 Datecode F000        PTC        12.03.2010                Wildfire 4.0
QuickTime        Apple Inc.        08.02.2010        77,3MB        7.65.17.80
Rainlendar2 (remove only)                08.02.2010               
ScanSoft PDF Create! 4        Nuance, Inc.        14.04.2010        27,4MB        4.01.0109
Sentinel Protection Installer 7.3.0        SafeNet, Inc.        24.03.2011        2,56MB        7.3.0
Shock Sensor Utility        FUJITSU LIMITED        21.02.2010        0,75MB        2.2.0.0
Skype Toolbars        Skype Technologies S.A.        11.02.2011        5,76MB        5.0.4137
Skype™ 5.1        Skype Technologies S.A.        11.02.2011        22,7MB        5.1.112
Spider32 Setup                21.03.2010               
Texmaker                07.11.2010               
TVCenter        PCTV Systems        12.06.2010        160,5MB        6.3.0.584
Uninstall 1.0.0.1                26.03.2011        10,6MB       
VLC media player 1.0.3        VideoLAN Team        08.02.2010                1.0.3
Windows Live Anmelde-Assistent        Microsoft Corporation        09.02.2010        1,94MB        5.000.818.5
Windows Live Essentials        Microsoft Corporation        09.02.2010                14.0.8089.0726
Windows Live-Uploadtool        Microsoft Corporation        09.02.2010        0,22MB        14.0.8014.1029
WinRAR                15.04.2010               
Wireless Selector        FUJITSU LIMITED        21.02.2010        0,34MB        2.0.0.0
Waere sehr dankbar fuer Hilfe, was ich nun hijacken soll.

Ansonsten ist das Problem, dass ich den Malware detecter nicht aktualisieren kann (wie empfohlen) weil ich wegen dem Win7 nicht ins Inet komme.

Danke fuer eure Hilfe

markusg 08.04.2011 19:09
1. nimm keinerlei reinigung selbstständig vor, sonst ist das nur störend.
2. reiche alle evtl vorhandenen scan logs mit funden nach
auch fundorte benennen.
3.
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten

hens1988 08.04.2011 21:15
OTL

Code:
OTL logfile created on: 08.04.2011 13:15:13 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Hens\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 7,27 Gb Free Space | 4,88% Space Free | Partition Type: NTFS
Drive E: | 7,88 Gb Total Space | 1,55 Gb Free Space | 19,68% Space Free | Partition Type: FAT32
 
Computer Name: HENS-PC | User Name: Hens | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hens\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Hens\AppData\Local\dsh.exe ()
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\KMService.exe ()
PRC - C:\Programme\flexnet\i486_nt\obj\ptc_d.exe ()
PRC - C:\Programme\flexnet\i486_nt\obj\lmgrd.exe (Macrovision Corporation)
PRC - C:\Programme\Kensington Display Adapter\DisplayLinkKensingtonSupport.exe (DisplayLink Corp.)
PRC - C:\Programme\DisplayLink Core Software\DisplayLinkUI.exe (DisplayLink Corp.)
PRC - C:\Programme\DisplayLink Core Software\DisplayLinkUserAgent.exe (DisplayLink Corp.)
PRC - C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Fujitsu\WirelessSelector\WSUService.exe ()
PRC - C:\Programme\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED)
PRC - C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
PRC - C:\Windows\System32\srvany.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Hens\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_a35e6b9.dll ()
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (FLEXlm server for PTC) -- C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe (Macrovision Corporation)
SRV - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WirelessSelectorService) -- C:\Programme\Fujitsu\WirelessSelector\WSUService.exe ()
SRV - (PowerSavingUtilityService) -- C:\Programme\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
SRV - (SentinelProtectionServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (FJGSDisk) -- C:\Windows\system32\DRIVERS\FJGSDisk.sys (FUJITSU LIMITED)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (DisplayLinkUsbPort) -- C:\Windows\System32\drivers\DisplayLinkUsbPort_5.2.22617.0.sys (hxxp://libusb-win32.sourceforge.net)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (dlkmd) -- C:\Windows\system32\drivers\dlkmd.sys (DisplayLink Corp.)
DRV - (dlkmdldr) -- C:\Windows\system32\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom)
DRV - (LVUVC) Logitech QuickCam Pro 9000(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (azvusb) -- C:\Windows\System32\drivers\azvusb.sys (AzureWave Technologies, Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (SMSCIRDA) -- C:\Windows\System32\drivers\smscirda.sys (SMSC)
DRV - (SWUMX32) Sierra Wireless USB MUX Driver (UMTS32) -- C:\Windows\System32\drivers\swumx32.sys (Sierra Wireless Inc.)
DRV - (SWNC8U32) Sierra Wireless MUX NDIS Driver (UMTS32) -- C:\Windows\System32\drivers\swnc8u32.sys (Sierra Wireless Inc.)
DRV - (O2SCBUS) -- C:\Windows\System32\drivers\ozscr.sys (O2Micro)
DRV - (FUJ02E3) -- C:\Windows\System32\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV - (FUJ02B1) -- C:\Windows\System32\drivers\fuj02b1.sys (FUJITSU LIMITED)
DRV - (O2SDRDR) -- C:\Windows\system32\DRIVERS\o2sd.sys (O2Micro )
DRV - (O2MDRDR) -- C:\Windows\system32\DRIVERS\o2media.sys (O2Micro )
DRV - (tap0801) -- C:\Windows\System32\drivers\tap0801.sys (The OpenVPN Project)
DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.)
DRV - (SNTNLUSB) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (SafeNet, Inc.)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (DirectNT) -- C:\Windows\System32\drivers\DirectNT.sys (c't)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA 74 17 F2 04 EC CB 01  [binary data]
IE - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.zeit.de"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 22:55:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.31 09:18:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.08 09:52:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.01.03 16:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hens\AppData\Roaming\mozilla\Extensions
[2011.01.03 16:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hens\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.03.23 22:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hens\AppData\Roaming\mozilla\Firefox\Profiles\rowa3jhx.default\extensions
[2010.07.29 14:17:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Hens\AppData\Roaming\mozilla\Firefox\Profiles\rowa3jhx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.09.11 08:35:09 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Hens\AppData\Roaming\mozilla\Firefox\Profiles\rowa3jhx.default\extensions\vshare@toolbar
[2011.03.24 22:55:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.12.31 11:23:04 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.05.23 04:42:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.31 13:14:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.11 05:03:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.12 13:00:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.02.09 12:56:45 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) --
[2010.12.31 11:23:04 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2010.02.08 10:20:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2010.05.23 04:42:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.31 13:14:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.11 05:03:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.12 13:00:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.18 11:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2010.05.10 08:27:59 | 000,001,345 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IndicatorUtility] C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [openvpn-gui] C:\Programme\OpenVPN\bin\openvpn-gui.exe ()
O4 - HKLM..\Run: [PSUtility] C:\Programme\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [ScanSoft PDF Create! 4-reminder] C:\Program Files\ScanSoft\PDF Create! 4\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSUtility] C:\Programme\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TvOutSwitch] C:\Programme\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [USBToolTip] C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Hens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hens\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 136.159.89.2 136.159.130.8
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{36eb6e8f-3659-11df-949c-00037aaaaab2}\Shell - "" = AutoRun
O33 - MountPoints2\{36eb6e8f-3659-11df-949c-00037aaaaab2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{9d6f704a-17ce-11df-a047-00037aaaaab2}\Shell - "" = AutoRun
O33 - MountPoints2\{9d6f704a-17ce-11df-a047-00037aaaaab2}\Shell\AutoRun\command - "" = F:\Welcome\Welcome.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001..exefile [open] -- "C:\Users\Hens\AppData\Local\dsh.exe" -a "%1" %* ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\...exe [@ = exefile] -- "C:\Users\Hens\AppData\Local\dsh.exe" -a "%1" %* ()
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.08 12:46:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Hens\Desktop\OTL.exe
[2011.04.08 10:57:15 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Hens\Desktop\HiJackThis.exe
[2011.04.08 10:47:27 | 000,000,000 | ---D | C] -- C:\Users\Hens\Desktop\hjtscanlist
[2011.04.08 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Hens\AppData\Roaming\Malwarebytes
[2011.04.08 10:37:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.08 10:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.08 10:37:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.08 10:37:37 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.08 10:37:14 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.04.08 10:32:36 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2011.04.08 10:32:36 | 000,000,000 | ---D | C] -- C:\Users\Hens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.04.07 23:24:42 | 000,000,000 | ---D | C] -- C:\Users\Hens\AppData\Local\Panther
[2011.04.07 23:24:36 | 000,114,688 | -HS- | C] (Microsoft Corporation) -- C:\Users\Hens\AppData\Local\keg.exe
[2011.03.27 10:46:49 | 000,000,000 | ---D | C] -- C:\Users\Hens\Desktop\Maria's & Karelia's Party
[2011.03.24 14:16:09 | 000,000,000 | ---D | C] -- C:\Users\Hens\Documents\Pinnacle Studio
[2011.03.24 14:15:41 | 000,000,000 | ---D | C] -- C:\Users\Hens\AppData\Local\Pinnacle
[2011.03.24 14:12:14 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Pinnacle
[2011.03.24 14:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Ultimate Collection
[2011.03.24 14:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 14
[2011.03.24 14:06:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Projects
[2011.03.24 14:00:04 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Pegasus Imaging
[2011.03.24 14:00:03 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Yahoo!
[2011.03.24 14:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Studio 14
[2011.03.24 14:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Plus
[2011.03.24 14:00:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle
[2011.03.24 12:50:59 | 000,000,000 | ---D | C] -- C:\Programme\SafeNet Sentinel
[2011.03.24 12:50:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\SafeNet Sentinel
[2011.03.24 12:50:33 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011.03.24 12:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motion Analysis
[2011.03.24 12:37:32 | 000,000,000 | ---D | C] -- C:\Programme\Motion Analysis
[2011.03.24 11:48:14 | 000,000,000 | ---D | C] -- C:\Users\Hens\AppData\Roaming\DVDVideoSoft
[2011.03.19 19:36:43 | 000,000,000 | ---D | C] -- C:\Users\Hens\Desktop\Banff
[2010.06.06 04:21:30 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeA9D5.dll
[3 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.08 13:11:33 | 000,008,692 | -HS- | M] () -- C:\Users\Hens\AppData\Local\js6cy226kpp3fu006bryc5cx757a25077l2
[2011.04.08 13:11:33 | 000,008,692 | -HS- | M] () -- C:\ProgramData\js6cy226kpp3fu006bryc5cx757a25077l2
[2011.04.08 12:36:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Hens\Desktop\OTL.exe
[2011.04.08 12:18:18 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.08 12:18:18 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.08 12:10:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.08 12:10:17 | 1603,080,192 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.08 10:54:50 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Hens\Desktop\HiJackThis.exe
[2011.04.08 10:46:52 | 000,109,774 | ---- | M] () -- C:\Users\Hens\Documents\cc_20110408_104634.reg
[2011.04.08 10:37:46 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.08 10:37:15 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.08 10:32:36 | 000,002,959 | ---- | M] () -- C:\Users\Hens\Desktop\HiJackThis.lnk
[2011.04.08 09:49:33 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.08 09:49:33 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.08 09:49:33 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.08 09:49:33 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.07 23:24:36 | 000,114,688 | -HS- | M] (Microsoft Corporation) -- C:\Users\Hens\AppData\Local\keg.exe
[2011.04.07 23:24:22 | 000,217,202 | -HS- | M] () -- C:\Users\Hens\AppData\Local\dsh.exe
[2011.04.07 23:24:20 | 000,217,202 | -HS- | M] () -- C:\Users\Hens\AppData\Local\dxm.exe
[2011.04.06 17:21:33 | 000,208,896 | ---- | M] () -- C:\Users\Hens\Documents\Studierendenfeedback_Berufspraktikum_Hendrik_Enders.dot
[2011.04.04 23:10:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011.04.04 10:47:00 | 000,115,267 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011.04.04 10:47:00 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011.04.01 08:45:28 | 000,272,624 | ---- | M] () -- C:\Users\Hens\Desktop\payment.png
[2011.03.31 09:06:26 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.03.27 16:39:22 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.03.24 22:34:05 | 003,834,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.03.24 14:06:55 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\Pinnacle Studio 14.lnk
[2011.03.24 12:37:47 | 000,002,093 | ---- | M] () -- C:\Users\Public\Desktop\EVaRT 5.0.4.lnk
[2011.03.24 12:37:47 | 000,002,060 | ---- | M] () -- C:\Users\Public\Desktop\MAC License Tool.lnk
[2011.03.23 12:01:48 | 000,191,488 | ---- | M] () -- C:\Users\Hens\Desktop\Assessment_of_professional_internship_Hendrik_Enders.dot
[2011.03.23 11:59:39 | 000,214,528 | ---- | M] () -- C:\Users\Hens\Desktop\Student_feedback professional internship_Hendrik_Enders.dot
[2011.03.23 11:57:59 | 000,217,088 | ---- | M] () -- C:\Users\Hens\Desktop\Company_feedback_on_professional_internship__Hendrik_Enders.dot
[3 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.08 10:46:38 | 000,109,774 | ---- | C] () -- C:\Users\Hens\Documents\cc_20110408_104634.reg
[2011.04.08 10:37:46 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.08 10:37:15 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.08 10:32:36 | 000,002,959 | ---- | C] () -- C:\Users\Hens\Desktop\HiJackThis.lnk
[2011.04.07 23:24:38 | 000,008,692 | -HS- | C] () -- C:\Users\Hens\AppData\Local\js6cy226kpp3fu006bryc5cx757a25077l2
[2011.04.07 23:24:38 | 000,008,692 | -HS- | C] () -- C:\ProgramData\js6cy226kpp3fu006bryc5cx757a25077l2
[2011.04.07 23:24:22 | 000,217,202 | -HS- | C] () -- C:\Users\Hens\AppData\Local\dsh.exe
[2011.04.07 23:24:20 | 000,217,202 | -HS- | C] () -- C:\Users\Hens\AppData\Local\dxm.exe
[2011.04.06 17:14:36 | 000,208,896 | ---- | C] () -- C:\Users\Hens\Documents\Studierendenfeedback_Berufspraktikum_Hendrik_Enders.dot
[2011.03.31 09:17:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.03.24 22:55:35 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.03.24 14:06:55 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle Studio 14.lnk
[2011.03.24 12:37:47 | 000,002,093 | ---- | C] () -- C:\Users\Public\Desktop\EVaRT 5.0.4.lnk
[2011.03.24 12:37:47 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\MAC License Tool.lnk
[2011.03.23 12:01:48 | 000,191,488 | ---- | C] () -- C:\Users\Hens\Desktop\Assessment_of_professional_internship_Hendrik_Enders.dot
[2011.03.23 11:59:39 | 000,214,528 | ---- | C] () -- C:\Users\Hens\Desktop\Student_feedback professional internship_Hendrik_Enders.dot
[2011.03.23 11:57:58 | 000,217,088 | ---- | C] () -- C:\Users\Hens\Desktop\Company_feedback_on_professional_internship__Hendrik_Enders.dot
[2011.01.18 19:23:34 | 000,000,132 | ---- | C] () -- C:\Users\Hens\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010.09.21 07:41:59 | 000,012,956 | ---- | C] () -- C:\Users\Hens\AppData\Roaming\Kommagetrennte Werte (Windows).CAL
[2010.08.15 01:07:03 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe
[2010.08.15 01:07:03 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010.08.15 00:41:15 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010.04.20 17:07:12 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.04.14 14:20:19 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.03.15 09:13:35 | 000,739,328 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2010.03.15 09:13:35 | 000,073,728 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2010.03.15 09:12:56 | 000,872,507 | ---- | C] () -- C:\Windows\System32\mesa.dll
[2010.03.15 09:12:55 | 000,031,776 | ---- | C] () -- C:\Windows\System32\NT_IODRV.EXE
[2010.02.09 03:27:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd9.dll
[2010.02.09 03:27:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd10.dll
[2010.02.08 09:49:31 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.08 08:43:26 | 000,604,140 | -HS- | C] () -- C:\Windows\System32\drivers\ISwift3.dat
[2010.02.08 08:41:39 | 000,115,267 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.02.08 08:41:39 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.02.08 08:37:01 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.01.18 05:42:06 | 000,034,666 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.10.06 17:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.06 17:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.09.23 11:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009.07.14 02:47:43 | 000,643,866 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 02:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 02:47:43 | 000,126,394 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 02:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.13 22:33:53 | 003,834,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.13 20:05:48 | 000,607,190 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.13 20:05:48 | 000,103,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.13 18:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2009.07.13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.05.24 22:18:10 | 000,027,507 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2007.08.23 10:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
 
========== LOP Check ==========
 
[2010.02.12 06:35:55 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DAEMON Tools Lite
[2011.04.07 22:04:05 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Dropbox
[2011.03.24 11:49:11 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DVDVideoSoft
[2011.03.24 11:49:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.12 09:14:14 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Facebook
[2010.12.07 13:06:12 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Foxit Software
[2010.11.07 11:53:34 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\IrfanView
[2011.02.24 20:16:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\JabRef 2.6
[2010.04.20 17:08:56 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Leadertech
[2010.06.06 04:27:37 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\MyPhoneExplorer
[2010.02.13 14:32:00 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\PTC
[2010.04.14 14:23:43 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\ScanSoft
[2010.02.21 15:31:09 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Sierra Wireless
[2010.04.21 09:54:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\SmartDraw
[2010.11.07 01:34:21 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\SumatraPDF
[2011.01.03 16:28:35 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Thunderbird
[2010.11.07 07:44:08 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\xm1
[2010.04.14 14:21:48 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Zeon
[2011.02.12 03:21:24 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.01.11 14:04:11 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Adobe
[2010.02.28 08:59:05 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Ahead
[2010.02.28 11:35:31 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Apple Computer
[2010.02.12 06:35:55 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DAEMON Tools Lite
[2011.03.24 14:17:08 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DivX
[2011.04.07 22:04:05 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Dropbox
[2011.03.26 15:58:29 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\dvdcss
[2011.03.24 11:49:11 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DVDVideoSoft
[2011.03.24 11:49:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.12 09:14:14 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Facebook
[2010.12.07 13:06:12 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Foxit Software
[2010.02.08 08:30:01 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Identities
[2010.11.07 11:53:34 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\IrfanView
[2011.02.24 20:16:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\JabRef 2.6
[2010.04.20 17:08:56 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Leadertech
[2010.02.08 08:58:50 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Macromedia
[2011.04.08 10:42:20 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Malwarebytes
[2010.02.14 14:42:05 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\MathWorks
[2009.07.14 02:56:41 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Media Center Programs
[2011.03.24 14:12:16 | 000,000,000 | --SD | M] -- C:\Users\Hens\AppData\Roaming\Microsoft
[2010.11.07 01:49:45 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\MiKTeX
[2010.02.08 08:49:06 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Mozilla
[2010.06.06 04:27:37 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\MyPhoneExplorer
[2010.02.13 14:32:00 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\PTC
[2010.04.14 14:23:43 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\ScanSoft
[2010.02.21 15:31:09 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Sierra Wireless
[2011.04.08 10:44:57 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Skype
[2011.04.07 22:06:46 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\skypePM
[2010.04.21 09:54:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\SmartDraw
[2010.11.07 01:34:21 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\SumatraPDF
[2011.01.03 16:28:35 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Thunderbird
[2011.04.06 22:27:43 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\vlc
[2010.04.15 03:48:23 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\WinRAR
[2010.11.07 07:44:08 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\xm1
[2010.04.14 14:21:48 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Zeon
 
< %APPDATA%\*.exe /s >
[2010.02.25 23:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Hens\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2010.09.24 06:57:28 | 000,089,831 | ---- | M] () -- C:\Users\Hens\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2010.04.12 09:14:14 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Hens\AppData\Roaming\Facebook\uninstall.exe
[2010.04.13 10:18:24 | 000,048,963 | ---- | M] () -- C:\Users\Hens\AppData\Roaming\JabRef 2.6\JabRef.exe
[2011.02.24 20:16:47 | 000,062,536 | ---- | M] (JabRef Team) -- C:\Users\Hens\AppData\Roaming\JabRef 2.6\uninstall.exe
[2011.04.08 10:32:36 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Hens\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2011.03.24 14:12:16 | 000,029,926 | R--- | M] () -- C:\Users\Hens\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.13 19:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.13 19:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.13 19:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.23 17:22:16 | 000,032,890 | ---- | M] () MD5=4FA5D1120762802A741F374F8B391E69 -- C:\Programme\MATLAB\R2010a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2007.02.12 07:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\fsc.tmp\1010858\64bit\iastor.sys
[2007.02.12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\fsc.tmp\1010858\32bit\iastor.sys
[2007.02.12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007.02.12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_32495ab0b5cbc36c\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009.07.13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.13 19:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.13 19:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.27 23:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.13 19:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.13 17:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.13 17:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.02.12 06:01:34 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.13 19:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\expsrv.dll
[2004.08.04 08:00:00 | 001,355,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\MSVBVM50.DLL
[2009.07.13 19:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll
[2009.07.13 19:16:18 | 000,489,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< End of report >
Extras

Code:
OTL Extras logfile created on: 08.04.2011 13:15:13 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Hens\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 7,27 Gb Free Space | 4,88% Space Free | Partition Type: NTFS
Drive E: | 7,88 Gb Total Space | 1,55 Gb Free Space | 19,68% Space Free | Partition Type: FAT32
 
Computer Name: HENS-PC | User Name: Hens | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Users\Hens\AppData\Local\dsh.exe ()
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DB2A37A-67C1-48DB-AA21-1F003FF11D91}" = DisplayLink Core Software
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18BD326E-89F9-430C-B4BD-11DE323CCCA3}" = Wireless Selector
"{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{273BEEED-2915-4C6C-B63E-564A4B2819B7}" = KinTrak 7.0
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{33E6FA96-31C0-4CEF-B385-C20D51C0FA06}" = OZ711 SCR Driver V3.0.0.9A
"{3D05721D-98BD-41AB-B529-30AABE96E7F9}" = ScanSoft PDF Create! 4
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{404C18ED-873A-4191-BA03-30F627445418}" = Sentinel Protection Installer 7.3.0
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45212F71-750F-4B98-8931-2F35DBE6B661}" = Paint.NET v3.5.7
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6733975E-52C9-4624-805D-36A4F79F7BBB}" = MDESIGN Roloff-Matek Edition
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D71C3D1-7E36-4655-9A5E-6118C891DC25}" = Kensington Display Adapter
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7426D8C8-7323-4A3D-9F94-2465B95C26B5}" = TVCenter
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C99490E-9ACE-440D-A717-E750AAF89E6E}" = EVaRT 5.0.4
"{827517C3-9B89-458E-A8F2-96DD24BDFE29}" = Shock Sensor Utility
"{8556B16D-AD7A-42A7-8A75-F7C532371031}" = Nero 7 Essentials
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EAB283A2-3F35-4FCD-81B0-31A63D2470F9}" = Power Saving Utility
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2BCC06B-72EF-49E5-B54F-DCCDFEA42CA2}" = Fujitsu Display Manager
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"A71701C3-4C1A-4181-93FA-D7CA487F287D_is1" = HBM TEDS Editor
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"catmanEasy3.0_is1" = catmanEasy/AP  3.0.4.100
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.0.6
"Free YouTube Download_is1" = Free YouTube Download 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"GSview 4.9" = GSview 4.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{18BD326E-89F9-430C-B4BD-11DE323CCCA3}" = Wireless Selector
"InstallShield_{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"InstallShield_{33E6FA96-31C0-4CEF-B385-C20D51C0FA06}" = OZ711 SCR Driver V3.0.0.9A
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{7C99490E-9ACE-440D-A717-E750AAF89E6E}" = EVaRT 5.0.4
"InstallShield_{827517C3-9B89-458E-A8F2-96DD24BDFE29}" = Shock Sensor Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EAB283A2-3F35-4FCD-81B0-31A63D2470F9}" = Power Saving Utility
"InstallShield_{F2BCC06B-72EF-49E5-B54F-DCCDFEA42CA2}" = Fujitsu Display Manager
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2010a" = MATLAB R2010a
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"MPE" = MyPhoneExplorer
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenVPN" = OpenVPN 2.0.9-gui-1.0.3
"PokerStars.net" = PokerStars.net
"Pro/ENGINEER Release Wildfire 4.0 Datecode F000" = Pro/ENGINEER Release Wildfire 4.0 Datecode F000
"PTC License Server Release Wildfire 4.0 Datecode F000" = PTC License Server Release Wildfire 4.0 Datecode F000
"Rainlendar2" = Rainlendar2 (remove only)
"Spider32 Setup" = Spider32 Setup
"Texmaker" = Texmaker
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Faraday's Electromagnetic Lab" = Faraday's Electromagnetic Lab
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.04.2011 18:44:12 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt,
 dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus
 starten?.
 
Error - 06.04.2011 18:50:00 | Computer Name = Hens-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.5123.5000,
 Zeitstempel: 0x4c646b38  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
 Zeitstempel: 0x4cc7ab44  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000c35e3  ID des fehlerhaften
 Prozesses: 0x1060  Startzeit der fehlerhaften Anwendung: 0x01cbf4acf2f2e718  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 339dffca-60a0-11e0-af37-c268356a43de
 
Error - 06.04.2011 18:50:12 | Computer Name = Hens-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.5123.5000,
 Zeitstempel: 0x4c646b38  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
 Zeitstempel: 0x4cc7ab44  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000c35e3  ID des fehlerhaften
 Prozesses: 0x1340  Startzeit der fehlerhaften Anwendung: 0x01cbf4acfb365982  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 3a6071e1-60a0-11e0-af37-c268356a43de
 
Error - 06.04.2011 18:50:22 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt,
 dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus
 starten?.
 
Error - 06.04.2011 18:56:08 | Computer Name = Hens-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.5123.5000,
 Zeitstempel: 0x4c646b38  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
 Zeitstempel: 0x4cc7ab44  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000c35e3  ID des fehlerhaften
 Prozesses: 0x1420  Startzeit der fehlerhaften Anwendung: 0x01cbf4adce3bb062  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 0ec44c73-60a1-11e0-af37-c268356a43de
 
Error - 06.04.2011 18:56:34 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt,
 dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus
 starten?.
 
Error - 06.04.2011 18:56:49 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt,
 dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus
 starten?.
 
Error - 06.04.2011 18:56:59 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt,
 dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus
 starten?.
 
Error - 06.04.2011 18:59:32 | Computer Name = Hens-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.5123.5000,
 Zeitstempel: 0x4c646b38  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
 Zeitstempel: 0x4cc7ab44  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000c35e3  ID des fehlerhaften
 Prozesses: 0x7b8  Startzeit der fehlerhaften Anwendung: 0x01cbf4ae46a32346  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 885d8d11-60a1-11e0-af37-c268356a43de
 
Error - 06.04.2011 18:59:51 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt,
 dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus
 starten?.
 
[ System Events ]
Error - 08.04.2011 12:56:53 | Computer Name = Hens-PC | Source = DCOM | ID = 10005
Description =
 
Error - 08.04.2011 12:56:53 | Computer Name = Hens-PC | Source = DCOM | ID = 10005
Description =
 
Error - 08.04.2011 12:56:54 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 08.04.2011 12:56:54 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 08.04.2011 12:56:54 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 08.04.2011 12:56:54 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 08.04.2011 12:56:55 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 08.04.2011 12:56:55 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 08.04.2011 14:02:02 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 08.04.2011 14:02:03 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
 
< End of report >
Mein Malwarebztes Scanner laeuft noch.

Danke schon mal

hens1988 08.04.2011 23:26
lodatei malwarebytes scanner

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6314

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.04.2011 16:20:18
mbam-log-2011-04-08 (16-20-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 430309
Laufzeit: 3 Stunde(n), 58 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> 540 -> No action taken.
c:\Users\Hens\AppData\Local\dsh.exe (Trojan.Agent) -> 3704 -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Hens\AppData\Local\dsh.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Hens\AppData\Local\dsh.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Hens\AppData\Local\dsh.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Users\Hens\AppData\Local\dsh.exe" -a "%1" %*) Good: ("%1" %*) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> No action taken.
c:\Users\Hens\AppData\Local\dsh.exe (Trojan.Agent) -> No action taken.
c:\Users\Hens\AppData\Local\dxm.exe (Trojan.Agent) -> No action taken.
c:\Users\Hens\AppData\Local\Temp\0.46982674232693467.exe (Trojan.Agent) -> No action taken.
c:\Users\Hens\AppData\LocalLow\Sun\Java\deployment\cache\6.0\59\5fe6bdfb-57f354a0 (Trojan.Agent) -> No action taken.
c:\Users\Hens\Desktop\techsmith camtasia studio v7.0.1\keymaker(zwt)\keygen.exe (Backdoor.RBot) -> No action taken.
c:\Users\Hens\downloads\microsoft office professional plus 2010\activator\mini-kms_activator_v1.052.exe (Riskware.Keygen) -> No action taken.
c:\Windows\System32\sysprep\cryptbase.dll (Trojan.Agent) -> No action taken.
kann ich die gefundenen infektionen hier loeschen oder "stoert" das dann wie vorher erwaehnt?

markusg 09.04.2011 10:33
die beiden hab idch ja ganz übersehen
c:\Users\Hens\downloads\microsoft office professional plus 2010\activator\mini-kms_activator_v1.052.exe (Riskware.Keygen) -> No action taken.
c:\Windows\System32\sysprep\cryptbase.dll (Trojan.Agent) -> No action taken.
wer so was nutzt muss sich über malware nicht wundern, desweiteren sehe ich noch verdächtige hosts einträge, du nutzt also wohl noch illegal adobe produkte.
dies unterstützen wir nicht, da dies eine straftat ist.
du bekommst hier hilfe beim neu aufsetzen, mehr nicht.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:40 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27