Trojaner-Board - Internetseiten nicht mehr über normale URL erreichbar

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Internetseiten nicht mehr über normale URL erreichbar (https://www.trojaner-board.de/100959-internetseiten-mehr-normale-url-erreichbar.html)

Internetseiten nicht mehr über normale URL erreichbar

Liebe Trojaner-Bekämpfer,

ich habe folgendes Problem:

Sobald ich eine Web-Adresse aufrufen möchte, wird nicht diese Seite, sondern eine andere, nicht gewünschte Seite aufgerufen.

Auf die gewünschten Seiten kann ich nur noch über Google kommen.

Nun möchte ich dies gerne behoben haben und hoffe auf $ure Hilfe.

Liebe Grüße und vorab schon vielen Dank

Annika

Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

Zitat:

Malware versucht die Arbeit mit dem Computer zu erschweren: z.B. wenn Du auf von mir angegebenen Link klickst, kann es sein, dass Du dann automatisch auf eine gefälschte Seite weitergeleitet wirst.
In diesem Fall bitte möglichst sofortige Rückmeldung!

1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird Gmer beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

2.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.

Downloade die MBR.exe von Gmer und
kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
Start => ausführen => cmd (da reinschreiben) => OK
es öffnet sich eine Eingabeaufforderung.

Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
Nach dem Prompt (>_) folgenden

aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

Code:

mbr.exe -t > C:\mbr.log & C:\mbr.log

(Enter drücken)
Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
Bitte kopiere den Inhalt hier in Deinen Thread.

3.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung/virus-protect.org

4.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in Code-Tags hier in den Thread.

5.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

6.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

7.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Danke für deine Antwort. ich werde die Scans nun nach und nach durchführen.

Hier der 1. Scan mit GMER:

Code:

GMER 1.0.15.15640 - hxxp://www.gmer.net

Rootkit scan 2011-07-04 18:40:43

Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.2AC1

Running: gmer.exe; Driver: C:\Users\****\AppData\Local\Temp\kxldrpod.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            8B2C8FE6                                                                                                                ZwCreateSection

SSDT            8B2C8FEB                                                                                                                ZwSetContextThread

SSDT            8B2C8F87                                                                                                                ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13BD                                                                                         81E7A569 1 Byte  [06]

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                  81E9F092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text           ntkrnlpa.exe!RtlSidHashLookup + 340                                                                                     81EA6950 4 Bytes  [E6, 8F, 2C, 8B] {OUT 0x8f, AL; SUB AL, 0x8b}

.text           ntkrnlpa.exe!RtlSidHashLookup + 6E0                                                                                     81EA6CF0 4 Bytes  [EB, 8F, 2C, 8B] {JMP 0xffffffffffffff91; SUB AL, 0x8b}

.text           ntkrnlpa.exe!RtlSidHashLookup + 7B8                                                                                     81EA6DC8 4 Bytes  [87, 8F, 2C, 8B]
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\windows\System32\rundll32.exe[2832] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                   [753D5E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\windows\System32\rundll32.exe[2832] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                    [753D5E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\windows\System32\rundll32.exe[2832] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                  [753D5E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\windows\System32\rundll32.exe[2832] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                 [753D5E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
 

---- Devices - GMER 1.0.15 ----
 

Device          \Driver\BTHUSB \Device\0000009b                                                                                         bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 

Device          \Driver\ACPI_HAL \Device\00000079                                                                                       halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

Device          \Driver\BTHUSB \Device\00000099                                                                                         bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bb1d07f6c                                             

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313ba7a88                                             

Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind                                                        ????37???????????????????;???????????????????????????????????????????????????????????????i?m?l?m?m?m?n?n?e?i?l?l????Microsoft????i???g??????????????????oem15.inf????????????????????????????????f???????????????????????????????????????????????????????????0????s00}??@usbport.inf,%generic.mfg%;(Standard USB Host Controller)???USB\Class_0e&SubClass_03&Prot_00?USB\Class_0e&SubClass_03?USB\Class_0e??????????????????????????USB\ROOT_HUB20&VID8086&PID27CC&REV0002?USB\ROOT_HUB20&VID8086&PID27CC?USB\ROOT_HUB20??????????????????????????????????????????m??????????????f????????m?tu??mshdc.inf_x86_neutral_f64b9c35a3a5be81??????@???????????????????????????????????????????????????????????{4d36e97d-e325-11ce-bfc1-08002be10318}???????????????.??? ???????5??????s9??@oem17.inf,%brcm219c.devicedesc%;Broadcom BCM2070 Bluetooth 3.0 + HS USB Device?????@%systemroot%\system32\drivers\afd.sys,-1000????\Device\{8CDF8AD2-0A72-419C-A45A-E89747A9CE7B}??????@%systemroot%\system32\rascfg.dll,-32001?????????????????????5???????????f????????m

Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route                                                       ???js????????????????j???y??sv???????????V??00?????? ???? ?????s?4??????????????????????????????????t??????? ??????????s?????????Z????????????N??l???????????1??????????????????????Microsoft???????????????Sftvol?A09???????t???????????-?????s?3??????s????y?z?k??NDProxy?????Typ??????????????????j???j?t?~??????blbdrive.inf:MSFT.NTx86:blbdrive_device:6.1.7600.16385:root\blbdrive?5???????????????????????j???????????j?j?????????????????????????j???????????????????????????????????????j???????????????3???j?j6.???????????????????????j???3??????6.1.7600.16385??6.???j?j??????????????????????,??j???3??????File as Volume Driver????j?j?????????????????e???????j??????????blbdrive.inf?????j?j?????????????i???????? ??j???i??????blbdrive_device?bl???j?j?????????????3???????????j??????????.NT??????j?j?????????????3???3???????j???5??????root\blbdrive????j?j?????????????3???????????j???????????????j???/???2??????-8???????????s???F???????j???f??sf??LegacyDriver????ROOT\VOLMGR??????????j??????????PrinterBusEnumerator?6???6?????????

Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export                                                      ???t????NDIS Usermode I/O Protocol??????????????????????????????????????????????? ???????t?????t?????t?????????????? ??????????????? ????????e??? ???????t???????????t????????????????????????????????????5?????? ???????o?????t?????t??????????T?????????????:??t????????h?????0.0.0.0?80?????t????Video Save????????N??????f?????t?k????N??????o???????????s?????????????????t?????t??????????????t???????????????t??????????????????????????????????g??????:??t????????h?????????????????????????????? ???????t?????t?????t?????????????? ????????????????????????e??? ???????t???????????t????????????????????????????????????5?????? ???????o?????t????????????????\???????????????????????t?????????????????????????????????????????L??t????????h???????$??t??????p????t?t?t?t?t?tt????????$??luafv????????t??????p???@%SystemRoot%\system32\drivers\netbt.sys,-2??????????????t???????????t?t?u?u?u?t?t??????????????????????????????????Extended Base????;?f?p?p?q?q?s?s?s??.NTx86?????????t?????t?t?t????6??t?????????e???????????????????????????????

Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind                                                   ?????B??{36fc9e60-c465-11cf-8056-444553540000}\0009?????Deterministic Network Enhancer Miniport???????????????????????????????????????????m??????$??????????????????????????????????????????-0?????? ????????????????????????????????.??????????????????????????????????????????????????????????????????????????????????????????????????????blbdrive.inf_x86_neutral_1aa816fe7dc98c3f???keyboard.inf_x86_neutral_0c4a1880f2aa5a72???volume.inf_x86_neutral_29364d30156a24ca??????????????v??????????????????6_??tunnel??? ???????????p???????????????????B???????????f???????????????????f??????????{1f9dfe62-4f2c-562e-9f43-83af7c80b854}?\5f??{4d36e967-e325-11ce-bfc1-08002be10318}\0007??????????????????????????`?f?f?f?i?i?i?k?n?U?k?m??????????????????????m?????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B2470861-9521-47F8-9EDD-747C6DC42F0E}] SEQPACKET 35?4????????????????????m?????????????{77F7F122-20B0-4117-A2FB-059D1FC88256}?? ???????????????????????????{4d36e967-e325-11ce-bfc1-08002be10318}?????

Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route                                                  ???k?????????????????????????????3???C???e??WinUsb???????j?j????? ???????k?????j?????j?-?????????? ??????????T??LegacyDriver?r???????????8?????????j???j????? ???????k?????j?????j?-???????????? ???????B???? ???????j???????????i?-????????N????????????????????????????B?????j?????j?j?j???????????????0???????????????j???0???e???????????N?????sEN????????????X??l???&???&??????????Nd??11??????????????? ???????j?????????????-?????????????????f??? ???????j?????j???????1??L????????? ???????????? ???????j?????j???????1????????????&???????????????????????? ???????j?????j???????1????????????????????? ???????j???????????j?1?????????????????????????????????7???????j??????pp??battery.inf:Microsoft.NTx86:COMPBATT_Inst:6.1.7600.16385:composite_battery?????????j????? ???????j?????k???????1????????????&????????????????????6?????j???j????? ???????j?????j???????1????????????????????? ???????j???????????j?1?????????????????????????????????????????j???????5???????????j?j?j?????j????? ???????j?????j???????1?????????????????????j?j???

Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                                                 ???j?????|?|????????wp???????/??????CC?????i????@oem1.inf,%pci\ven_8086&dev_27ca.devicedesc%;Intel(R) N10/ICH7 Family USB Universal Host Controller - 27CA? - 27CA???????k?k????? ???????i?????i?????i?-??(???$???????????????sys,?????????????????????4?????????i??????????????\??\PCI#VEN_8086&DEV_27CA&SUBSYS_C072144D&REV_02#3&21436425&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}??????i?i???????i????? ???????i?????i???????-??4??????????????????????????-???i??????????????? ???????i???????????i?-??????"??????????f???????i ??b????????rvic????????}????????????????? ??????????????? ? ????????????????????????????????????????????????????????????? ??????????????i?????i??? ???????i?????j???????1??L????????? ??????rp_?????i???i???i????????? ???????i?????i???????1????????????&????????????????????c??? ???????i?????????????1???????????????????????i????? ???????i?????????????1?????????????????????i?i????????? ???????i?????????????1?????????????????????????i???.???????i??? ???????i?????????????1????????????????????? ???????i?????

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bb1d07f6c (not active ControlSet)                         

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313ba7a88 (not active ControlSet)                         

Reg             HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind                                                            ???5??????????!?O4??Root\*6TO4MP\0018????5????N??f???R????D?????????????????????? ???????5???????????4?,????????????'????????????????????}??\\?\Root#*6TO4MP#0009#{cac88484-7515-4c03-82e6-71a87abac361}?????5??NDIS?;????$??5????????????????z??5???_???????????????-??????? ??? ???????U?????5?????4?,??N?????$?'?<???????????????????????????????????\\?\Root#*6TO4MP#0035#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{2BF0F698-C9F0-4534-8DC9-62AC4E097584}??????????????5?????5????Root\*6TO4MP\0015???\\?\Root#*6TO4MP#0015#{cac88484-7515-4c03-82e6-71a87abac361}??????$??5???W??????? ??Root\*6TO4MP\0017?????z??5????????????????$??5????????????????z??5???A???????????7?t?????????5???.??????????usbport.inf??????5?5?5?5?5?5?5?5?5?5?/?5?5??? ???????5?????.???????1?????????? ???????????z??5???e??????_T???????-???????7??\\?\Root#*6TO4MP#0011#{cac88484-7515-4c03-82e6-71a87abac361}????\\?\Root#*6TO4MP#0012#{cac88484-7515-4c03-82e6-71a87abac361}?3??\\?\Root#*6TO4MP#0013#{cac88484-7515-4c03-82e6-71a87abac361}????\\?\Root#*6TO4MP#0014#{cac8

Reg             HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route                                                           ???7?r????N??g???C????DE-5???7???}?}?`???7???????????????????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P??????????????????7???????e???7???7??? ???????6???????6??? ???????6???????6??? ???????6???????6???????????6?????????r?6???????????6???????????6???????????7???g???????????6?????????r?6???????????6???????????6????<??7???7???????7???????????7?????7?7???????????7??????????? ^??7???7???????????7???7?7?7?7?7?7?7?7?7?7?7?7?7????<??7??????????? ???????7???????????7?/????????H??? ??????????????????????4???????????????????? ????????????????????????????6???7??? ?????????????7?????7?,???????? ?,?&????????????????????????? ??7??????s???igfx? ??????1????d???????????7?7?7??? ??1????7??????????? ???????7???????????7?/???????????? ??????????????7?????????7??????????????????????????Root\DNI_DNEMP\0001?????Root\DNI_DNEMP\0002?????tunnel?Tcp??dni_dnemp????????????????????????%???%?7?7????~??7????????????????<??7????????????????4??7?

Reg             HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                                          ???T?q??? ???U???_???????????????q??? ???????T?????T?????.?,????????$???<????????????????????????????????????????-???????????????????u?????????????????e?????????/???1??sB??? ???????T???????????.?,????????z?????#?????????????????????????????????????????????base?????????????????????????????/???t??s???? ???????T?????????????,????????????&??????????????????????????LAN-Verbindung*ection*???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????&WAN Miniport (SSTP)???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Reg             HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind                                                       ???iT ??????????????????@system32\DRIVERS\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,28,1)?I?????????????????s?/????*??j?????????????n?????????????????????A?????? 4???????e??????????@nettun.inf,%msft%;Microsoft??????6??????_???????????????i??????????????????WPD??????????????|?|?z??@nettun.inf,%msft%;Microsoft?\????N??m?????????D?????e??11?ft?????????????????????????????V??v???-??????????Microsoft-6zu4-Adapter #3???????????????????????? ???h???3?????-14???????????????????????j???.??s??????????????g???????i????@oem2.inf,%pci\ven_8086&dev_27d2.devicedesc%;Intel(R) N10/ICH7 Family PCI Express Root Port - 27D2? - 27D2???????i?i?i?i?j?j????? ???????i?????i???????-??(???????????????????s00-???i?i????? ???????i?????i???????-??4????????????????????????????i????? ???????i?????????????-?????????????????????y?????i????? ???????i???????????i?-??????"??????????f???????i ??f????????rfff????????<???????????????@???????????????????????????????D????????????????????????????????????????????????????????????????????????

Reg             HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route                                                      ???o?o??@%systemroot%\system32\drivers\dfsc.sys,-102????System32\drivers\discache.sys???LDDM Graphics Subsystem??????????????d?????????V2A????6??????.???????.??????????? ???????o?????o?????o?????????????? ????????????????????????e??? ???????o????????????????????4???????????????????????????????d???????????????5????????????????????????????? ????????????????u?????o???o????? ?????????????????????????????????????s?????????????!???!??? ???????????????????????????????????u??? ??????????????????? ???????o???????????o??????????????????????????? ???????o?????o?????n??????????P?????????????R??o????????h?????NDIS?????????q?????????n??????????????????????????4??s????????h????????????????????????o?????o??system32\DRIVERS\CompositeBus.sys?siteBus.sys????g?p?p?o?o?o?q??????????????????????Net?t???? ??W????-?????4DD??? ???????o?????o?????o?????????????? ???????????????????????????? ???????o???????????o??????????????????????????????????????????? ???????o?????o???????????????????????????????o???o????? ???????o???????????o?????

Reg             HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                                                     ???p?p??????????system32\drivers\fileinfo.sys????????????????????????????????????????????p???0???2???????????p???????????p??? ???????o??????????????????????R?P??????????????????????????????????????????p?p?p??system32\drivers\drmkaud.sys?????p????R??p????????h??????????p??????p???RpcSs???????\SystemRoot\system32\DRIVERS\elxstor.sys??????R??p???????????d??netpost???????@??p?????????e?????????p??????????? ??????????????r?????????????????????????(??s??????p???elxstor.inf_x86_neutral_4263942b9dfe9077?????p?p?p?p?p?pe.???????t???????p??????????????????????t????? ??k?????????t????? ????????????????????????????????p???????V??p?????????e?????????????????????????i?zt-??? ???????p???????????p??????????????????????????????4?? ?????????? ????\???????????????????? ??????????????????????????? ??????? ????????p?????o???o???p????????? ???????o???????????k??????????T?1?????????????????????t????p??%SystemRoot%\system32\wevtapi.dll???? ??????????????D???? ???o??????????e?????????????????n??????p?p?p?p?p?p?q?????????????g???????

Reg             HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{2087255A-A7F8-11DF-9F2F-806E6F6E6963}  1167566336
 

---- EOF - GMER 1.0.15 ----

Hier der 2. Scan mit MBR:

Code:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net

Windows 6.1.7600 Disk: SAMSUNG_ rev.2AC1 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 
 

device: opened successfully

user: MBR read successfully
 

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 

C:\windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver

1 ntkrnlpa!IofCallDriver[0x81E73428] -> \Device\Harddisk0\DR0[0x8539AAA0]

3 CLASSPNP[0x8878E59E] -> ntkrnlpa!IofCallDriver[0x81E73428] -> \Device\Ide\IAAStorageDevice-0[0x84942028]

kernel: MBR read successfully

user & kernel MBR OK

hier nun der 3. scan

Code:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org
 

Datenbank Version: 7019
 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385
 

04.07.2011 20:35:51

mbam-log-2011-07-04 (20-35-50).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Durchsuchte Objekte: 302084

Laufzeit: 1 Stunde(n), 36 Minute(n), 48 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Morgen geht es dann weiter!

Guten Morgen,

nun die Scan-Logs mit OTL:

Code:

OTL logfile created on: 7/5/2011 6:29:36 AM - Run 1

OTL by OldTimer - Version 3.2.26.0     Folder = C:\Users\****\Desktop

 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1.99 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.51% Memory free

3.98 Gb Paging File | 2.76 Gb Available in Paging File | 69.36% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 85.00 Gb Total Space | 51.17 Gb Free Space | 60.20% Space Free | Partition Type: NTFS

Drive D: | 127.79 Gb Total Space | 127.68 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

 

Computer Name: ****-PC | User Name: **** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2478663-x86.exe (Microsoft Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - d:\3752c6260e0a815c0bccd4211e148e8b\Setup.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files\Samsung\SFB\SmartRestarter.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

PRC - C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.)

PRC - C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\Elantech\ETDApix.dll (ELAN Microelectronics Corp.)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (rtport) -- C:\Windows\System32\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider)

DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)

DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)

DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..network.proxy.type: 4

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

 

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/05 06:25:03 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 21:15:30 | 000,000,000 | ---D | M]

FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/05 06:25:03 | 000,000,000 | ---D | M]

FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 21:15:30 | 000,000,000 | ---D | M]

 

[2010/12/24 21:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anni\AppData\Roaming\mozilla\Extensions

[2011/01/15 16:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anni\AppData\Roaming\mozilla\Firefox\Profiles\ijfj9lck.default\extensions

[2011/06/09 21:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/01/02 23:58:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/03/14 14:23:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

File not found (No name found) -- 

[2011/07/05 06:25:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [DivX Download Manager]  File not found

O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{1c2fb66a-1e62-11e0-8640-001bb1d07f6c}\Shell - "" = AutoRun

O33 - MountPoints2\{1c2fb66a-1e62-11e0-8640-001bb1d07f6c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{1c2fb67b-1e62-11e0-8640-001bb1d07f6c}\Shell - "" = AutoRun

O33 - MountPoints2\{1c2fb67b-1e62-11e0-8640-001bb1d07f6c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{1c2fb6b0-1e62-11e0-8640-001bb1d07f6c}\Shell - "" = AutoRun

O33 - MountPoints2\{1c2fb6b0-1e62-11e0-8640-001bb1d07f6c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{1c2fb6cb-1e62-11e0-8640-001bb1d07f6c}\Shell - "" = AutoRun

O33 - MountPoints2\{1c2fb6cb-1e62-11e0-8640-001bb1d07f6c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{cf441eab-1e5b-11e0-b900-001bb1d07f6c}\Shell - "" = AutoRun

O33 - MountPoints2\{cf441eab-1e5b-11e0-b900-001bb1d07f6c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{cf441eb9-1e5b-11e0-b900-001bb1d07f6c}\Shell - "" = AutoRun

O33 - MountPoints2\{cf441eb9-1e5b-11e0-b900-001bb1d07f6c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011/07/05 06:28:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011/07/05 06:27:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe

[2011/07/04 18:57:40 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes

[2011/07/04 18:57:30 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys

[2011/07/04 18:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/04 18:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/07/04 18:57:23 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2011/07/04 18:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/04 17:05:55 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders

[2011/06/08 22:09:54 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\BA-Prüfung - Linguistik

[2011/06/07 07:49:29 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl

 
 ========== Files - Modified Within 30 Days ==========

 

[2011/07/05 06:29:12 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2011/07/05 06:29:12 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2011/07/05 06:29:12 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2011/07/05 06:29:12 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2011/07/05 06:27:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe

[2011/07/05 06:26:56 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/05 06:26:56 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/05 06:18:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2011/07/05 06:18:53 | 2136,260,608 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/04 18:57:30 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/04 18:47:22 | 000,089,088 | ---- | M] () -- C:\windows\System32\mbr.exe

[2011/07/04 17:13:48 | 000,302,592 | ---- | M] () -- C:\Users\****\Desktop\gmer.exe

[2011/07/03 13:49:42 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl

[2011/07/02 13:47:28 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys

[2011/07/02 13:47:28 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys

[2011/06/09 21:59:32 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011/06/05 13:06:14 | 000,579,244 | ---- | M] () -- C:\Users\****\Desktop\IMG_0154.jpg

 
 ========== Files Created - No Company Name ==========

 

[2011/07/04 18:57:30 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/04 18:47:20 | 000,089,088 | ---- | C] () -- C:\windows\System32\mbr.exe

[2011/06/09 21:59:32 | 000,001,072 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2011/06/09 21:59:32 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011/06/05 13:06:14 | 000,579,244 | ---- | C] () -- C:\Users\****\Desktop\IMG_0154.jpg

[2010/12/27 18:23:02 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/12/24 20:27:44 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2010/08/15 01:36:21 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat

[2010/08/15 01:36:21 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat

[2010/08/15 01:36:21 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat

[2010/08/15 01:36:21 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat

[2010/08/14 09:22:30 | 000,002,018 | ---- | C] () -- C:\windows\HotFixList.ini

[2010/08/14 09:15:18 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll

[2009/11/17 13:08:34 | 000,197,424 | ---- | C] () -- C:\windows\System32\vpnapi.dll

[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2009/07/14 06:33:53 | 000,302,352 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT

[2009/07/14 04:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat

[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat

[2009/07/14 04:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat

[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat

[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT

[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat

[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll

[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

[2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin

[2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin

[2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin

[2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin

[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
 

< End of report >

Code:

OTL Extras logfile created on: 7/5/2011 6:29:36 AM - Run 1

OTL by OldTimer - Version 3.2.26.0     Folder = C:\Users\****\Desktop

 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1.99 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.51% Memory free

3.98 Gb Paging File | 2.76 Gb Available in Paging File | 69.36% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 85.00 Gb Total Space | 51.17 Gb Free Space | 60.20% Space Free | Partition Type: NTFS

Drive D: | 127.79 Gb Total Space | 127.68 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

 

Computer Name: ****-PC | User Name: **** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4

"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager

"{18AA278D-E0B9-4F99-ACCC-070978A38453}" = Easy Resolution Manager

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24

"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync

"{5A1084A3-79B7-480C-9275-D8AA0CCEFA52}" = RUBICon

"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager

"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender

"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5

"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare

"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software

"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker

"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch

"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger

"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials

"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program

"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack

"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call

"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus

"{DDF38EE7-3A53-4B4C-8924-CFFDF906091A}" = EasyFileShare

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager

"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter

"Elantech" = ETDWare PS/2-x86 7.0.7.0_WHQL

"GPL Ghostscript 9.00" = GPL Ghostscript 9.00

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200

"Marvell Miniport Driver" = Marvell Miniport Driver

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)

"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.4 for Windows

"WinLiveSuite_Wave3" = Windows Live Essentials

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 6/2/2011 12:14:57 PM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 11:54:34 AM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung

 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 

"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 11:54:36 AM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 11:55:18 AM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 12:14:17 PM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung

 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 

"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".
 

Error - 6/5/2011 12:14:18 PM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 12:14:41 PM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 12:16:33 PM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\easy

 display manager\RunGfxUI64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 12:17:22 PM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 12:17:24 PM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

[ System Events ]

Error - 5/3/2011 8:58:30 AM | Computer Name = ****-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   cdrom

 

Error - 5/4/2011 3:10:41 PM | Computer Name = ****-PC | Source = NetBT | ID = 4321

Description = Der Name "****-PC        :0" konnte nicht auf der Schnittstelle mit

 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.103

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 5/4/2011 3:10:50 PM | Computer Name = ****-PC | Source = Server | ID = 2505

Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht

 \Device\NetBT_Tcpip_{7C17894E-AAAD-4E18-A9E6-E5FFDFE25919} vom Serverdienst nicht

 gebunden werden. Der Serverdienst konnte nicht gestartet werden.

 

Error - 5/4/2011 3:10:50 PM | Computer Name = ****-PC | Source = NetBT | ID = 4321

Description = Der Name "****-PC        :20" konnte nicht auf der Schnittstelle mit

 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.103

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 5/4/2011 3:11:13 PM | Computer Name = ****-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   cdrom

 

Error - 5/4/2011 3:12:52 PM | Computer Name = ****-PC | Source = NetBT | ID = 4321

Description = Der Name "****-PC        :0" konnte nicht auf der Schnittstelle mit

 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.103

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 5/5/2011 9:00:53 AM | Computer Name = ****-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   cdrom

 

Error - 5/5/2011 9:23:45 AM | Computer Name = ****-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   cdrom

 

Error - 5/5/2011 10:10:16 AM | Computer Name = ****-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   cdrom

 

Error - 5/5/2011 10:19:24 AM | Computer Name = ****-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst ShellHWDetection erreicht.

 

 

< End of report >

1.
Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

:OTL

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{1c2fb66a-1e62-11e0-8640-001bb1d07f6c}\Shell - "" = AutoRun

O33 - MountPoints2\{1c2fb66a-1e62-11e0-8640-001bb1d07f6c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{1c2fb67b-1e62-11e0-8640-001bb1d07f6c}\Shell - "" = AutoRun

O33 - MountPoints2\{1c2fb67b-1e62-11e0-8640-001bb1d07f6c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{1c2fb6b0-1e62-11e0-8640-001bb1d07f6c}\Shell - "" = AutoRun

O33 - MountPoints2\{1c2fb6b0-1e62-11e0-8640-001bb1d07f6c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{1c2fb6cb-1e62-11e0-8640-001bb1d07f6c}\Shell - "" = AutoRun

O33 - MountPoints2\{1c2fb6cb-1e62-11e0-8640-001bb1d07f6c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{cf441eab-1e5b-11e0-b900-001bb1d07f6c}\Shell - "" = AutoRun

O33 - MountPoints2\{cf441eab-1e5b-11e0-b900-001bb1d07f6c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{cf441eb9-1e5b-11e0-b900-001bb1d07f6c}\Shell - "" = AutoRun

O33 - MountPoints2\{cf441eb9-1e5b-11e0-b900-001bb1d07f6c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
 

:Commands

[purity]

[emptytemp]

und füge es hier ein: http://image.hijackthis.eu/upload/hjt1-021.jpg
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
Punkt 7. fehlt noch, bitte nachreichen:-> http://www.trojaner-board.de/100959-...tml#post679220

Danke für deine Antwort!

Hier nun erstmal die HJTscanlist:

Code:

 

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

                        º                                    º 

                                    hjtscanlist v2.0              

                        º                                    º 

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
 

Microsoft Windows [Version 6.1.7600]

 

 

C:
 

  05.07.2011 16:40     C:\System Volume Information --------- 16384   

       C:\pagefile.sys ---------    

       C:\hiberfil.sys ---------    

  04.07.2011 18:57     C:\ProgramData --------- 8192   

  04.07.2011 18:57     C:\Program Files --------- 12288   

  04.07.2011 18:53     C:\mbr.log --------- 663   

  13.05.2011 21:29     C:\Windows --------- 20480   

  05.01.2011 23:21     C:\$Recycle.Bin --------- 0   

  05.01.2011 14:33     C:\MSOCache --------- 0   

  24.12.2010 20:17     C:\Users --------- 4096   

  24.12.2010 20:15     C:\Recovery --------- 0   

  14.08.2010 09:33     C:\Setup.log --------- 166   

  14.08.2010 09:12     C:\RHDSetup.log --------- 2047   

  14.08.2010 09:09     C:\Intel --------- 0   

  14.07.2009 06:53     C:\Documents and Settings --------- 0   

  14.07.2009 04:37     C:\PerfLogs --------- 0   

  10.06.2009 23:42     C:\autoexec.bat --------- 24   

  10.06.2009 23:42     C:\config.sys --------- 10   

----------------------------------------
 

 

C:\windows
 

  05.07.2011 16:49     C:\windows\WindowsUpdate.log --------- 1976013   

  05.07.2011 16:29     C:\windows\setupact.log --------- 63421   

  05.07.2011 16:29     C:\windows\bootstat.dat --------- 67584   

  02.07.2011 13:51     C:\windows\PFRO.log --------- 189574   

  13.05.2011 21:37     C:\windows\IE9_main.log --------- 2552   

  26.02.2011 07:33     C:\windows\explorer.exe --------- 2614784   

  24.01.2011 15:03     C:\windows\MEMORY.DMP --------- 235527301   

  17.01.2011 13:11     C:\windows\VPNInstall.MIF --------- 1594   

  06.01.2011 16:39     C:\windows\VPNUnInstall.MIF --------- 1594   

  24.12.2010 21:33     C:\windows\setuperr.log --------- 0   

  24.12.2010 20:44     C:\windows\Setup.log --------- 157   

  24.12.2010 20:42     C:\windows\2010-12-24_19-32_b38-4afi361w.log --------- 130329   

  24.12.2010 20:39     C:\windows\DirectX.log --------- 29377   

  24.12.2010 20:32     C:\windows\0 --------- 33   

  24.12.2010 20:17     C:\windows\LCDStretchMode.log --------- 1836   

  12.11.2010 21:29     C:\windows\DtcInstall.log --------- 3043   

  15.08.2010 01:07     C:\windows\TSSysprep.log --------- 3540   

  14.08.2010 10:39     C:\windows\Report.htm --------- 33688   

  14.08.2010 10:21     C:\windows\Csup.txt --------- 10   

  14.08.2010 09:51     C:\windows\HotFixList.ini --------- 2018   

  14.08.2010 09:21     C:\windows\setup_theme.log --------- 165   

  14.08.2010 09:18     C:\windows\DPINST.LOG --------- 4446   

  14.08.2010 09:18     C:\windows\SamsungInstaller.log --------- 191   

  14.08.2010 09:13     C:\windows\YukonInstall.log --------- 370   

  17.04.2010 02:45     C:\windows\WLXPGSS.SCR --------- 307056   

  23.03.2010 00:22     C:\windows\RtlExUpd.dll --------- 1247776   

  16.11.2009 09:27     C:\windows\Crystal Delight.scr --------- 19480587   

  10.11.2009 03:32     C:\windows\surbey.ico --------- 562718   

  17.09.2009 21:00     C:\windows\SetLCDStretchMode.exe --------- 345600   

  14.07.2009 06:54     C:\windows\win.ini --------- 403   

  14.07.2009 06:41     C:\windows\WindowsShell.Manifest --------- 749   

  14.07.2009 03:16     C:\windows\twain_32.dll --------- 51200   

  14.07.2009 03:14     C:\windows\write.exe --------- 9216   

  14.07.2009 03:14     C:\windows\winhlp32.exe --------- 9728   

  14.07.2009 03:14     C:\windows\twunk_32.exe --------- 31232   

  14.07.2009 03:14     C:\windows\regedit.exe --------- 398336   

  14.07.2009 03:14     C:\windows\notepad.exe --------- 179712   

  14.07.2009 03:14     C:\windows\hh.exe --------- 15360   

  14.07.2009 03:14     C:\windows\HelpPane.exe --------- 497152   

  14.07.2009 03:14     C:\windows\fveupdate.exe --------- 13824   

  14.07.2009 03:14     C:\windows\bfsvc.exe --------- 65024   

  14.07.2009 00:58     C:\windows\mib.bin --------- 43131   

  10.06.2009 23:46     C:\windows\system.ini --------- 219   

  10.06.2009 23:42     C:\windows\_default.pif --------- 707   

  10.06.2009 23:42     C:\windows\winhelp.exe --------- 256192   

  10.06.2009 23:41     C:\windows\twunk_16.exe --------- 49680   

  10.06.2009 23:41     C:\windows\twain.dll --------- 94784   

  10.06.2009 23:34     C:\windows\WMSysPr9.prx --------- 316640   

  10.06.2009 23:19     C:\windows\msdfmap.ini --------- 1405   

  10.06.2009 23:14     C:\windows\Starter.xml --------- 48201   

  02.02.2009 20:26     C:\windows\SkyDrive.ico --------- 419750   

  06.12.2008 02:04     C:\windows\HotfixChecker.exe --------- 406528   

  10.11.2006 00:31     C:\windows\Samsung.png --------- 16018   

----------------------------------------
 

 

C:\windows\System
 

 13.07.2009 23:41      C:\windows\System\OLESVR.DLL --------- 24064 

 13.07.2009 23:41      C:\windows\System\WFWNET.DRV --------- 12704 

 13.07.2009 23:41      C:\windows\System\COMMDLG.DLL --------- 32816 

 13.07.2009 23:41      C:\windows\System\TIMER.DRV --------- 4048 

 13.07.2009 23:41      C:\windows\System\MMSYSTEM.DLL --------- 68992 

 13.07.2009 23:41      C:\windows\System\mmtask.tsk --------- 1152 

 13.07.2009 23:41      C:\windows\System\mouse.drv --------- 2032 

 13.07.2009 23:41      C:\windows\System\vga.drv --------- 2176 

 13.07.2009 23:41      C:\windows\System\sound.drv --------- 1744 

 13.07.2009 23:41      C:\windows\System\keyboard.drv --------- 2000 

 13.07.2009 23:41      C:\windows\System\SHELL.DLL --------- 5120 

 13.07.2009 23:41      C:\windows\System\system.drv --------- 3360 

 10.06.2009 23:42      C:\windows\System\ver.dll --------- 9008 

 10.06.2009 23:42      C:\windows\System\olecli.dll --------- 82944 

 10.06.2009 23:42      C:\windows\System\lzexpand.dll --------- 9936 

 10.06.2009 23:25      C:\windows\System\stdole.tlb --------- 5532 

 10.06.2009 23:21      C:\windows\System\msvideo.dll --------- 126912 

 10.06.2009 23:21      C:\windows\System\mciwave.drv --------- 28160 

 10.06.2009 23:21      C:\windows\System\mciseq.drv --------- 25264 

 10.06.2009 23:21      C:\windows\System\mciavi.drv --------- 73376 

 10.06.2009 23:21      C:\windows\System\avifile.dll --------- 109456 

 10.06.2009 23:21      C:\windows\System\avicap.dll --------- 69584 

----------------------------------------
 

 

C:\windows\System32
 

 05.07.2011 16:38     C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 10272  

 05.07.2011 16:38     C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 10272  

 05.07.2011 16:29     C:\windows\system32\config --------- 28672  

 05.07.2011 16:29     C:\windows\system32\FNTCACHE.DAT --------- 302352  

 05.07.2011 06:58     C:\windows\system32\drivers --------- 65536  

 05.07.2011 06:58     C:\windows\system32\migration --------- 4096  

 05.07.2011 06:44     C:\windows\system32\MRT.exe --------- 47716296  

 05.07.2011 06:29     C:\windows\system32\perfh009.dat --------- 616008  

 05.07.2011 06:29     C:\windows\system32\perfc009.dat --------- 106388  

 05.07.2011 06:29     C:\windows\system32\perfh007.dat --------- 654166  

 05.07.2011 06:29     C:\windows\system32\perfc007.dat --------- 130006  

 05.07.2011 06:29     C:\windows\system32\PerfStringBackup.INI --------- 1519874  

 04.07.2011 18:53     C:\windows\system32\mbr.log --------- 663  

 04.07.2011 18:47     C:\windows\system32\mbr.exe --------- 89088  

 04.07.2011 17:05     C:\windows\system32\EventProviders --------- 0  

 03.07.2011 13:49     C:\windows\system32\FlashPlayerCPLApp.cpl --------- 404640  

 02.07.2011 14:05     C:\windows\system32\catroot --------- 4096  

 02.07.2011 14:05     C:\windows\system32\catroot2 --------- 20480  

 28.05.2011 06:38     C:\windows\system32\mshtml.dll --------- 5984256  

 28.05.2011 05:00     C:\windows\system32\mshtml.tlb --------- 1638912  

 24.05.2011 19:14     C:\windows\system32\MpSigStub.exe --------- 222080  

 24.05.2011 12:35     C:\windows\system32\umpnpmgr.dll --------- 294912  

 04.05.2011 06:53     C:\windows\system32\tquery.dll --------- 1553920  

 04.05.2011 06:52     C:\windows\system32\mssrch.dll --------- 1401856  

 04.05.2011 06:52     C:\windows\system32\mssvp.dll --------- 666624  

 04.05.2011 06:52     C:\windows\system32\mssph.dll --------- 337408  

 04.05.2011 06:52     C:\windows\system32\mssphtb.dll --------- 197120  

 04.05.2011 06:52     C:\windows\system32\msscntrs.dll --------- 59392  

 04.05.2011 06:52     C:\windows\system32\SearchProtocolHost.exe --------- 164352  

 04.05.2011 06:52     C:\windows\system32\SearchIndexer.exe --------- 428032  

 04.05.2011 06:52     C:\windows\system32\SearchFilterHost.exe --------- 86528  

 03.05.2011 14:57     C:\windows\system32\de-DE --------- 262144  

 03.05.2011 14:57     C:\windows\system32\DriverStore --------- 4096  

 03.05.2011 06:50     C:\windows\system32\inetcomm.dll --------- 740864  

 22.04.2011 21:31     C:\windows\system32\wininet.dll --------- 981504  

 22.04.2011 21:31     C:\windows\system32\urlmon.dll --------- 1229824  

 22.04.2011 21:31     C:\windows\system32\mstime.dll --------- 606208  

 22.04.2011 21:31     C:\windows\system32\mshtmled.dll --------- 67072  

 22.04.2011 21:31     C:\windows\system32\msfeeds.dll --------- 599552  

 22.04.2011 21:31     C:\windows\system32\msfeedsbs.dll --------- 64512  

 22.04.2011 21:31     C:\windows\system32\licmgr10.dll --------- 44544  

 22.04.2011 21:31     C:\windows\system32\jsproxy.dll --------- 48128  

 22.04.2011 21:31     C:\windows\system32\ieui.dll --------- 176640  

 22.04.2011 21:31     C:\windows\system32\iertutil.dll --------- 2063360  

 22.04.2011 21:31     C:\windows\system32\ieframe.dll --------- 10990080  

 22.04.2011 21:31     C:\windows\system32\iepeers.dll --------- 185856  

 22.04.2011 21:31     C:\windows\system32\iedkcs32.dll --------- 381440  

 22.04.2011 21:30     C:\windows\system32\msfeedssync.exe --------- 12800  

 22.04.2011 20:23     C:\windows\system32\html.iec --------- 386048  

 09.04.2011 08:13     C:\windows\system32\ntoskrnl.exe --------- 3901824  

 09.04.2011 08:13     C:\windows\system32\ntkrnlpa.exe --------- 3957632  

 09.04.2011 07:56     C:\windows\system32\poqexec.exe --------- 123904  

 20.03.2011 15:57     C:\windows\system32\Tasks --------- 4096  

 14.03.2011 14:23     C:\windows\system32\jupdate-1.6.0_24-b07.log --------- 3305  

 12.03.2011 13:31     C:\windows\system32\XpsPrint.dll --------- 442880  

 11.03.2011 07:40     C:\windows\system32\mfc42u.dll --------- 1164288  

 11.03.2011 07:40     C:\windows\system32\mfc42.dll --------- 1137664  

 11.03.2011 07:39     C:\windows\system32\esent.dll --------- 1686016  

 11.03.2011 07:37     C:\windows\system32\fsutil.exe --------- 74240  

 03.03.2011 07:29     C:\windows\system32\dnsrslvr.dll --------- 132608  

 03.03.2011 07:29     C:\windows\system32\dnsapi.dll --------- 269824  

 03.03.2011 07:27     C:\windows\system32\dnscacheugc.exe --------- 28672  

 03.03.2011 05:31     C:\windows\system32\win32k.sys --------- 2331136  

 24.02.2011 07:32     C:\windows\system32\XpsGdiConverter.dll --------- 288256  

 19.02.2011 07:33     C:\windows\system32\FntCache.dll --------- 802304  

 19.02.2011 07:32     C:\windows\system32\DWrite.dll --------- 1074176  

 19.02.2011 07:32     C:\windows\system32\d2d1.dll --------- 739840  

 19.02.2011 07:32     C:\windows\system32\atmlib.dll --------- 34304  

 19.02.2011 05:37     C:\windows\system32\atmfd.dll --------- 294912  

 18.02.2011 07:36     C:\windows\system32\vbscript.dll --------- 428032  

 18.02.2011 07:35     C:\windows\system32\jscript.dll --------- 716800  

 18.02.2011 07:33     C:\windows\system32\prevhost.exe --------- 31232  

 12.02.2011 07:30     C:\windows\system32\FXSCOVER.exe --------- 191488  

 02.02.2011 22:40     C:\windows\system32\javaws.exe --------- 157472  

 02.02.2011 22:40     C:\windows\system32\javaw.exe --------- 145184  

 02.02.2011 22:40     C:\windows\system32\java.exe --------- 145184  

 02.02.2011 22:40     C:\windows\system32\deployJava1.dll --------- 472808  

 30.01.2011 15:40     C:\windows\system32\NDF --------- 0  

 19.01.2011 13:22     C:\windows\system32\winrm --------- 0  

 19.01.2011 13:22     C:\windows\system32\migwiz --------- 4096  

 19.01.2011 13:22     C:\windows\system32\oobe --------- 4096  

 19.01.2011 13:22     C:\windows\system32\it-IT --------- 0  

 19.01.2011 13:21     C:\windows\system32\slmgr --------- 0  

 19.01.2011 13:21     C:\windows\system32\Boot --------- 4096  

 19.01.2011 13:21     C:\windows\system32\sysprep --------- 4096  

 19.01.2011 13:21     C:\windows\system32\Setup --------- 0  

 19.01.2011 13:21     C:\windows\system32\XPSViewer --------- 0  

 19.01.2011 13:21     C:\windows\system32\WCN --------- 0  

 19.01.2011 13:21     C:\windows\system32\Dism --------- 4096  

 19.01.2011 13:21     C:\windows\system32\MUI --------- 0  

 19.01.2011 13:21     C:\windows\system32\Printing_Admin_Scripts --------- 0  

 19.01.2011 13:21     C:\windows\system32\com --------- 4096  

 19.01.2011 13:21     C:\windows\system32\fr-FR --------- 0  

 19.01.2011 13:20     C:\windows\system32\wbem --------- 65536  

 19.01.2011 13:20     C:\windows\system32\en-US --------- 221184  

 17.01.2011 07:38     C:\windows\system32\d3d10_1.dll --------- 161792  

 13.01.2011 11:06     C:\windows\system32\wdi --------- 4096  

 05.01.2011 14:43     C:\windows\system32\LogFiles --------- 4096  

 24.12.2010 20:41     C:\windows\system32\DRVSTORE --------- 0  

 24.12.2010 20:18     C:\windows\system32\Microsoft --------- 0  

----------------------------------------
 

 

C:\windows\Prefetch
 

----------------------------------------
 

 

C:\windows\Tasks
 

 05.07.2011 16:29     C:\windows\Tasks\SA.DAT --------- 6  

 10.03.2011 19:10     C:\windows\Tasks\SCHEDLGU.TXT --------- 32640  

----------------------------------------
 

 

C:\windows\Temp
 

----------------------------------------
 

 

C:\Users\****\AppData\Local\Temp
 

 05.07.2011 16:36     C:\Users\****\AppData\Local\Temp\jusched.log --------- 162608  

 05.07.2011 16:31     C:\Users\****\AppData\Local\Temp\AdobeARM.log --------- 400078  

 05.07.2011 16:31     C:\Users\****\AppData\Local\Temp\WPDNSE --------- 0  

 05.07.2011 16:31     C:\Users\****\AppData\Local\Temp\ArmUI.ini --------- 148526  

 04.07.2011 18:57     C:\Users\****\AppData\Local\Temp\~DF3F4F880393228BCB.TMP --------- 147456  

 04.07.2011 18:57     C:\Users\****\AppData\Local\Temp\~DF72CBAC57CC36B8B4.TMP --------- 147456  

 03.07.2011 13:48     C:\Users\****\AppData\Local\Temp\119D.dir --------- 0  

 03.07.2011 13:48     C:\Users\****\AppData\Local\Temp\119D.tmp --------- 0  

 03.07.2011 12:27     C:\Users\****\AppData\Local\Temp\hsperfdata_**** --------- 0  

 03.07.2011 12:27     C:\Users\****\AppData\Local\Temp\AUCHECK_PARSER.txt --------- 1920  

 03.07.2011 12:27     C:\Users\****\AppData\Local\Temp\AUCHECK_CORE.txt --------- 6342  

 29.06.2011 10:46     C:\Users\****\AppData\Local\Temp\IcqUpdater.exe --------- 80184  

 09.06.2011 21:57     C:\Users\****\AppData\Local\Temp\Low --------- 0  

 07.06.2011 23:27     C:\Users\****\AppData\Local\Temp\msohtmlclip1 --------- 0  

 07.06.2011 11:59     C:\Users\****\AppData\Local\Temp\~btAFFA.tmp --------- 5509  

 07.06.2011 11:59     C:\Users\****\AppData\Local\Temp\~ttAFE9.tmp --------- 6700  

 07.06.2011 11:59     C:\Users\****\AppData\Local\Temp\~fmAFE8.tmp --------- 6108  

 07.06.2011 11:59     C:\Users\****\AppData\Local\Temp\~ftAFD8.tmp --------- 15770  

 07.06.2011 11:59     C:\Users\****\AppData\Local\Temp\~hmAFC7.tmp --------- 34920  

 07.06.2011 11:58     C:\Users\****\AppData\Local\Temp\~btF722.tmp --------- 5509  

 07.06.2011 11:58     C:\Users\****\AppData\Local\Temp\~ttF721.tmp --------- 6700  

 07.06.2011 11:58     C:\Users\****\AppData\Local\Temp\~fmF710.tmp --------- 7349  

 07.06.2011 11:58     C:\Users\****\AppData\Local\Temp\~ftF6F0.tmp --------- 35296  

 07.06.2011 11:58     C:\Users\****\AppData\Local\Temp\~hmF6D0.tmp --------- 34920  

 07.06.2011 11:58     C:\Users\****\AppData\Local\Temp\~fmD606.tmp --------- 24044  

 07.06.2011 11:58     C:\Users\****\AppData\Local\Temp\~ftD5F5.tmp --------- 43528  

 07.06.2011 11:58     C:\Users\****\AppData\Local\Temp\~hmD5C6.tmp --------- 34920  

 07.06.2011 11:58     C:\Users\****\AppData\Local\Temp\~btAD10.tmp --------- 5509  

 07.06.2011 11:58     C:\Users\****\AppData\Local\Temp\~ttAD0F.tmp --------- 6700  

 07.06.2011 11:58     C:\Users\****\AppData\Local\Temp\~fmACFE.tmp --------- 6355  

 07.06.2011 11:58     C:\Users\****\AppData\Local\Temp\~ftACEE.tmp --------- 20656  

 07.06.2011 11:58     C:\Users\****\AppData\Local\Temp\~hmACCD.tmp --------- 34920  

 07.06.2011 11:57     C:\Users\****\AppData\Local\Temp\~bt1687.tmp --------- 5509  

 07.06.2011 11:57     C:\Users\****\AppData\Local\Temp\~tt1686.tmp --------- 6700  

 07.06.2011 11:57     C:\Users\****\AppData\Local\Temp\~fm1675.tmp --------- 7349  

 07.06.2011 11:57     C:\Users\****\AppData\Local\Temp\~ft1655.tmp --------- 35296  

 07.06.2011 11:57     C:\Users\****\AppData\Local\Temp\~hm1644.tmp --------- 34920  

 07.06.2011 11:56     C:\Users\****\AppData\Local\Temp\~DF383D20D5CE842202.TMP --------- 312320  

 07.06.2011 07:49     C:\Users\****\AppData\Local\Temp\59D3.dir --------- 0  

 07.06.2011 07:49     C:\Users\****\AppData\Local\Temp\59D3.tmp --------- 0  

 05.06.2011 18:35     C:\Users\****\AppData\Local\Temp\21718427.od --------- 134  

 05.06.2011 18:35     C:\Users\****\AppData\Local\Temp\CVR659B.tmp.cvr --------- 0  

 05.06.2011 18:35     C:\Users\****\AppData\Local\Temp\21672548.od --------- 134  

 05.06.2011 18:35     C:\Users\****\AppData\Local\Temp\CVRB254.tmp.cvr --------- 0  

 05.06.2011 12:41     C:\Users\****\AppData\Local\Temp\461154.od --------- 134  

 05.06.2011 12:41     C:\Users\****\AppData\Local\Temp\CVR962.tmp.cvr --------- 0  

 03.06.2011 20:34     C:\Users\****\AppData\Local\Temp\wmplog02.sqm --------- 1218  

 03.06.2011 20:32     C:\Users\****\AppData\Local\Temp\{B23EA1EE-BF17-4624-8F81-F903B9DDCB85} --------- 0  

 03.06.2011 20:30     C:\Users\****\AppData\Local\Temp\0a50e25a83046228c11dcaa7eeed09bb.exe --------- 14538152  

 03.06.2011 15:21     C:\Users\****\AppData\Local\Temp\29975280.od --------- 134  

 03.06.2011 15:21     C:\Users\****\AppData\Local\Temp\CVR62F0.tmp.cvr --------- 0  

 03.06.2011 15:17     C:\Users\****\AppData\Local\Temp\29705616.od --------- 134  

 03.06.2011 15:17     C:\Users\****\AppData\Local\Temp\CVR4581.tmp.cvr --------- 0  

 02.06.2011 20:04     C:\Users\****\AppData\Local\Temp\19623303.od --------- 134  

 02.06.2011 20:04     C:\Users\****\AppData\Local\Temp\CVR6D87.tmp.cvr --------- 0  

 02.06.2011 09:58     C:\Users\****\AppData\Local\Temp\6824934.od --------- 134  

 02.06.2011 09:58     C:\Users\****\AppData\Local\Temp\CVR23E6.tmp.cvr --------- 0  

 01.06.2011 22:32     C:\Users\****\AppData\Local\Temp\15043176.od --------- 134  

 01.06.2011 22:32     C:\Users\****\AppData\Local\Temp\CVR8A58.tmp.cvr --------- 0  

 01.06.2011 20:06     C:\Users\****\AppData\Local\Temp\6278244.od --------- 134  

 01.06.2011 20:06     C:\Users\****\AppData\Local\Temp\CVRCC55.tmp.cvr --------- 0  

 30.05.2011 21:20     C:\Users\****\AppData\Local\Temp\plugtmp-39 --------- 0  

 30.05.2011 16:59     C:\Users\****\AppData\Local\Temp\909C.dir --------- 0  

 30.05.2011 16:59     C:\Users\****\AppData\Local\Temp\909C.tmp --------- 0  

 18.05.2011 23:27     C:\Users\****\AppData\Local\Temp\wmplog01.sqm --------- 1422  

 07.05.2011 18:21     C:\Users\****\AppData\Local\Temp\wmplog00.sqm --------- 1274  

 07.05.2011 17:56     C:\Users\****\AppData\Local\Temp\wmsetup.log --------- 6776  

 03.05.2011 14:04     C:\Users\****\AppData\Local\Temp\CA03.dir --------- 0  

 03.05.2011 14:04     C:\Users\****\AppData\Local\Temp\CA03.tmp --------- 0  

 20.04.2011 01:21     C:\Users\****\AppData\Local\Temp\AskSLib.dll --------- 178568  

 12.04.2011 13:49     C:\Users\****\AppData\Local\Temp\msdt --------- 0  

 12.04.2011 11:20     C:\Users\****\AppData\Local\Temp\BF78.tmp --------- 0  

 11.04.2011 19:50     C:\Users\****\AppData\Local\Temp\~DF077B5DC389925FE3.TMP --------- 312320  

 11.04.2011 19:45     C:\Users\****\AppData\Local\Temp\~DFEDC245F2FC048D42.TMP --------- 312320  

 11.04.2011 19:44     C:\Users\****\AppData\Local\Temp\~DFB16BE48CA4310C20.TMP --------- 312320  

 11.04.2011 19:44     C:\Users\****\AppData\Local\Temp\~DF8EE0CF92EB81B96D.TMP --------- 312320  

 11.04.2011 19:31     C:\Users\****\AppData\Local\Temp\~DF709CA4FCF1AF795F.TMP --------- 312320  

 11.04.2011 19:31     C:\Users\****\AppData\Local\Temp\~DFE15FD7B770ECEADE.TMP --------- 312320  

 11.04.2011 19:30     C:\Users\****\AppData\Local\Temp\~DF551ECF457F12CFD0.TMP --------- 312320  

 11.04.2011 19:30     C:\Users\****\AppData\Local\Temp\~DF139181F27F58AA41.TMP --------- 312320  

 11.04.2011 19:30     C:\Users\****\AppData\Local\Temp\~DFE9C81E5D3D90A5C0.TMP --------- 312320  

 11.04.2011 19:30     C:\Users\****\AppData\Local\Temp\~DF88AE019F4BAD64AB.TMP --------- 312320  

 11.04.2011 19:29     C:\Users\****\AppData\Local\Temp\~DFABCA3E36A2A04589.TMP --------- 312320  

 11.04.2011 19:29     C:\Users\****\AppData\Local\Temp\~DF80C70B545C6A5871.TMP --------- 312320  

 21.03.2011 11:08     C:\Users\****\AppData\Local\Temp\plugtmp-38 --------- 0  

 20.03.2011 21:22     C:\Users\****\AppData\Local\Temp\~DFB1734BE2EA2251BD.TMP --------- 312320  

 20.03.2011 21:22     C:\Users\****\AppData\Local\Temp\~DF67896B6D9133185A.TMP --------- 312320  

 20.03.2011 16:01     C:\Users\****\AppData\Local\Temp\~DF31C3E61BD240EF5E.TMP --------- 312320  

 20.03.2011 16:00     C:\Users\****\AppData\Local\Temp\709492.od --------- 134  

 20.03.2011 16:00     C:\Users\****\AppData\Local\Temp\CVRD364.tmp.cvr --------- 0  

 20.03.2011 15:57     C:\Users\****\AppData\Local\Temp\~DF2D44F63136622540.TMP --------- 312320  

 20.03.2011 15:57     C:\Users\****\AppData\Local\Temp\~DF6A0442D6805B9C34.TMP --------- 312320  

 20.03.2011 15:56     C:\Users\****\AppData\Local\Temp\~DF1B54E5121B6FCB60.TMP --------- 312320  

 20.03.2011 15:56     C:\Users\****\AppData\Local\Temp\~DF9C09FF48341CFFF3.TMP --------- 312320  

 14.03.2011 14:25     C:\Users\****\AppData\Local\Temp\JAUReg.log --------- 415  

 14.03.2011 14:23     C:\Users\****\AppData\Local\Temp\java_install_reg.log --------- 4480  

 14.03.2011 13:56     C:\Users\****\AppData\Local\Temp\950404.od --------- 134  

 14.03.2011 13:56     C:\Users\****\AppData\Local\Temp\CVR8075.tmp.cvr --------- 0  

 14.03.2011 13:48     C:\Users\****\AppData\Local\Temp\java_install_sp.log --------- 2683  

 14.03.2011 13:47     C:\Users\****\AppData\Local\Temp\jinstall.cfg --------- 1275  

 14.03.2011 10:30     C:\Users\****\AppData\Local\Temp\C3AC.dir --------- 0  

 14.03.2011 10:30     C:\Users\****\AppData\Local\Temp\C3AC.tmp --------- 0  

 13.03.2011 15:14     C:\Users\****\AppData\Local\Temp\plugtmp-37 --------- 0  

 13.03.2011 13:08     C:\Users\****\AppData\Local\Temp\xprt5a7d.ico --------- 4286  

 06.03.2011 15:04     C:\Users\****\AppData\Local\Temp\7889.dir --------- 0  

 06.03.2011 15:04     C:\Users\****\AppData\Local\Temp\7889.tmp --------- 0  

 05.03.2011 18:52     C:\Users\****\AppData\Local\Temp\~DF3E115AC03AEFECA8.TMP --------- 312320  

 05.03.2011 18:52     C:\Users\****\AppData\Local\Temp\~DF55296ADCFD0610E9.TMP --------- 312320  

 05.03.2011 18:52     C:\Users\****\AppData\Local\Temp\~DF5390DD0C41083D0E.TMP --------- 312320  

 05.03.2011 18:51     C:\Users\****\AppData\Local\Temp\~DFBA6E6FE2BAA4035C.TMP --------- 312320  

 05.03.2011 18:50     C:\Users\****\AppData\Local\Temp\SkypeSetup.exe --------- 20327816  

 05.03.2011 18:50     C:\Users\****\AppData\Local\Temp\~DF84ED9A34F53D3854.TMP --------- 312320  

 05.03.2011 18:50     C:\Users\****\AppData\Local\Temp\~DF96B7A1BB95E2D732.TMP --------- 312320  

 05.03.2011 18:50     C:\Users\****\AppData\Local\Temp\~DFB693038221ECCAFD.TMP --------- 312320  

 05.03.2011 18:49     C:\Users\****\AppData\Local\Temp\~DF90914C245E5C0BAF.TMP --------- 312320  

 05.03.2011 18:49     C:\Users\****\AppData\Local\Temp\~DF714119057D39661A.TMP --------- 312320  

 05.03.2011 18:49     C:\Users\****\AppData\Local\Temp\~DFF7357195ED41F0CF.TMP --------- 312320  

 05.03.2011 18:48     C:\Users\****\AppData\Local\Temp\~DF12548369EF0FCF57.TMP --------- 312320  

 05.03.2011 18:48     C:\Users\****\AppData\Local\Temp\~DF12AF030AB957F171.TMP --------- 312320  

 04.03.2011 15:00     C:\Users\****\AppData\Local\Temp\plugtmp-36 --------- 0  

 03.03.2011 16:08     C:\Users\****\AppData\Local\Temp\plugtmp-35 --------- 0  

 03.03.2011 15:57     C:\Users\****\AppData\Local\Temp\2230.dir --------- 0  

 03.03.2011 15:57     C:\Users\****\AppData\Local\Temp\2230.tmp --------- 0  

 26.02.2011 12:02     C:\Users\****\AppData\Local\Temp\plugtmp-34 --------- 0  

 24.02.2011 15:39     C:\Users\****\AppData\Local\Temp\plugtmp-33 --------- 0  

 24.02.2011 08:12     C:\Users\****\AppData\Local\Temp\plugtmp-32 --------- 0  

 24.02.2011 08:11     C:\Users\****\AppData\Local\Temp\Cookies --------- 0  

 23.02.2011 23:04     C:\Users\****\AppData\Local\Temp\plugtmp-31 --------- 0  

 21.02.2011 09:03     C:\Users\****\AppData\Local\Temp\plugtmp-30 --------- 0  

 21.02.2011 00:34     C:\Users\****\AppData\Local\Temp\2011_02_20_Tagesordnung Klassenpflegschaft 5a.doc --------- 21504  

 20.02.2011 18:17     C:\Users\****\AppData\Local\Temp\plugtmp-29 --------- 0  

 20.02.2011 09:54     C:\Users\****\AppData\Local\Temp\7FBA.dir --------- 0  

 20.02.2011 09:54     C:\Users\****\AppData\Local\Temp\7FBA.tmp --------- 0  

 19.02.2011 21:48     C:\Users\****\AppData\Local\Temp\22150254.od --------- 134  

 19.02.2011 21:48     C:\Users\****\AppData\Local\Temp\CVRFC5E.tmp.cvr --------- 0  

 19.02.2011 19:03     C:\Users\****\AppData\Local\Temp\~DF4952C808AA0401FC.TMP --------- 312320  

 19.02.2011 19:03     C:\Users\****\AppData\Local\Temp\~DF56C85176CA2291B8.TMP --------- 312320  

 18.02.2011 17:07     C:\Users\****\AppData\Local\Temp\3827234.od --------- 134  

 18.02.2011 17:07     C:\Users\****\AppData\Local\Temp\CVR6622.tmp.cvr --------- 0  

 17.02.2011 22:09     C:\Users\****\AppData\Local\Temp\OneNoteRuntimeCache --------- 0  

 17.02.2011 22:09     C:\Users\****\AppData\Local\Temp\{27D8A3A1-C7D6-463A-AB3A-B4F686FE257B} --------- 41086  

 17.02.2011 22:06     C:\Users\****\AppData\Local\Temp\{2507B3C6-38FF-4F7D-8596-C5C41326ECE7} --------- 41434  

 17.02.2011 22:04     C:\Users\****\AppData\Local\Temp\{519186E5-8817-48C9-9B8F-B1D3C0E839C2} --------- 135452  

 17.02.2011 22:02     C:\Users\****\AppData\Local\Temp\{22828DF2-AFA6-4682-8561-18F6D75B37EC} --------- 27874  

 17.02.2011 20:56     C:\Users\****\AppData\Local\Temp\plugtmp-28 --------- 0  

 17.02.2011 17:35     C:\Users\****\AppData\Local\Temp\~DF6AAC456C564C2BEF.TMP --------- 312320  

 17.02.2011 17:32     C:\Users\****\AppData\Local\Temp\~DF3CF4A7BB608B7173.TMP --------- 312320  

 17.02.2011 17:32     C:\Users\****\AppData\Local\Temp\~DF7C248B0DD4F8550E.TMP --------- 312320  

 17.02.2011 17:32     C:\Users\****\AppData\Local\Temp\~DF38974C3B1CBDAEEA.TMP --------- 312320  

 17.02.2011 17:31     C:\Users\****\AppData\Local\Temp\~DF843E06A613A3C7E3.TMP --------- 312320  

 17.02.2011 17:31     C:\Users\****\AppData\Local\Temp\~DF8084947CB6AD1CAE.TMP --------- 312320  

 17.02.2011 17:31     C:\Users\****\AppData\Local\Temp\~DFAA65C1B723B8CEFE.TMP --------- 312320  

 17.02.2011 17:31     C:\Users\****\AppData\Local\Temp\~DF33B9D637B7E928F1.TMP --------- 312320  

 17.02.2011 17:30     C:\Users\****\AppData\Local\Temp\~DF5D4DFA2E909F8233.TMP --------- 312320  

 17.02.2011 17:30     C:\Users\****\AppData\Local\Temp\~DF192B27A7A2A73D57.TMP --------- 312320  

 17.02.2011 17:30     C:\Users\****\AppData\Local\Temp\~DF941A7562ECDCCDAD.TMP --------- 312320  

 17.02.2011 17:30     C:\Users\****\AppData\Local\Temp\~DF8CB47039EDEBC7BE.TMP --------- 312320  

 17.02.2011 17:30     C:\Users\****\AppData\Local\Temp\~DF29DCA7539F740D83.TMP --------- 312320  

 17.02.2011 17:26     C:\Users\****\AppData\Local\Temp\~DF6DD39D226A1B42FE.TMP --------- 312320  

 17.02.2011 17:26     C:\Users\****\AppData\Local\Temp\~DF7A777389CE86FE27.TMP --------- 312320  

 17.02.2011 14:15     C:\Users\****\AppData\Local\Temp\{BA89B596-6D32-4F24-B37F-028093B9FF28} --------- 107408  

 16.02.2011 23:49     C:\Users\****\AppData\Local\Temp\HA A5 Titel ****ka.docx --------- 13503  

 16.02.2011 17:39     C:\Users\****\AppData\Local\Temp\plugtmp-27 --------- 0  

 16.02.2011 12:24     C:\Users\****\AppData\Local\Temp\plugtmp-26 --------- 0  

 15.02.2011 23:14     C:\Users\****\AppData\Local\Temp\plugtmp-25 --------- 0  

 15.02.2011 08:56     C:\Users\****\AppData\Local\Temp\plugtmp-24 --------- 0  

 14.02.2011 15:45     C:\Users\****\AppData\Local\Temp\plugtmp-23 --------- 0  

 14.02.2011 15:25     C:\Users\****\AppData\Local\Temp\~DFA8E6A40A8CA683B6.TMP --------- 32768  

 13.02.2011 15:42     C:\Users\****\AppData\Local\Temp\~DF79C573DA9A873771.TMP --------- 32768  

 13.02.2011 10:43     C:\Users\****\AppData\Local\Temp\~DFEF3FE763FC0C50C2.TMP --------- 32768  

 13.02.2011 02:36     C:\Users\****\AppData\Local\Temp\~DF8414DC83D88A99DF.TMP --------- 32768  

 13.02.2011 01:27     C:\Users\****\AppData\Local\Temp\~DFD0A3061E02E29D03.TMP --------- 32768  

 12.02.2011 09:11     C:\Users\****\AppData\Local\Temp\AdobeARM_NotLocked.log --------- 739  

 10.02.2011 09:49     C:\Users\****\AppData\Local\Temp\~DF2D64195EA7EC348D.TMP --------- 32768  

 10.02.2011 02:48     C:\Users\****\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe --------- 885536  

 09.02.2011 20:06     C:\Users\****\AppData\Local\Temp\plugtmp-22 --------- 0  

 09.02.2011 18:05     C:\Users\****\AppData\Local\Temp\34729192.od --------- 134  

 09.02.2011 18:05     C:\Users\****\AppData\Local\Temp\CVRECE8.tmp.cvr --------- 0  

 09.02.2011 12:57     C:\Users\****\AppData\Local\Temp\16280435.od --------- 134  

 09.02.2011 12:57     C:\Users\****\AppData\Local\Temp\CVR6B64.tmp.cvr --------- 0  

 09.02.2011 10:00     C:\Users\****\AppData\Local\Temp\~DF2489F89B863DE7DE.TMP --------- 32768  

 08.02.2011 08:41     C:\Users\****\AppData\Local\Temp\~DFF8386C398425ECFE.TMP --------- 32768  

 07.02.2011 22:12     C:\Users\****\AppData\Local\Temp\~DFB77E173C419C24D3.TMP --------- 32768  

 07.02.2011 21:26     C:\Users\****\AppData\Local\Temp\~DF5E7ED391FC9E5850.TMP --------- 312320  

 07.02.2011 21:25     C:\Users\****\AppData\Local\Temp\~DF0BD931F613AF33B6.TMP --------- 312320  

 07.02.2011 21:25     C:\Users\****\AppData\Local\Temp\~DF96C58007975CA82D.TMP --------- 312320  

 07.02.2011 21:12     C:\Users\****\AppData\Local\Temp\~DF7F6F3513D3A4F3CC.TMP --------- 312320  

 07.02.2011 21:12     C:\Users\****\AppData\Local\Temp\~DFDDCFE9A75EB84006.TMP --------- 312320  

 07.02.2011 20:58     C:\Users\****\AppData\Local\Temp\~DFF01B822635422C58.TMP --------- 312320  

 07.02.2011 20:58     C:\Users\****\AppData\Local\Temp\~DF2666A8B5E23A3963.TMP --------- 312320  

 07.02.2011 20:58     C:\Users\****\AppData\Local\Temp\~DF1BECFA76C6F3BE23.TMP --------- 312320  

 07.02.2011 20:49     C:\Users\****\AppData\Local\Temp\~DF7E0BEF79E6FBF773.TMP --------- 312320  

 07.02.2011 20:49     C:\Users\****\AppData\Local\Temp\~DF0CA95BBA9E20E8B9.TMP --------- 312320  

 07.02.2011 13:25     C:\Users\****\AppData\Local\Temp\plugtmp-21 --------- 0  

 07.02.2011 12:53     C:\Users\****\AppData\Local\Temp\plugtmp-20 --------- 0  

 07.02.2011 11:50     C:\Users\****\AppData\Local\Temp\plugtmp-19 --------- 0  

 07.02.2011 10:58     C:\Users\****\AppData\Local\Temp\plugtmp-18 --------- 0  

 07.02.2011 10:55     C:\Users\****\AppData\Local\Temp\plugtmp-17 --------- 0  

 07.02.2011 08:53     C:\Users\****\AppData\Local\Temp\~DFDBBF617A0CB2B754.TMP --------- 32768  

 06.02.2011 18:11     C:\Users\****\AppData\Local\Temp\~DF6DEED794129D45F2.TMP --------- 32768  

 05.02.2011 20:02     C:\Users\****\AppData\Local\Temp\~DF676F2B9DCB75E85E.TMP --------- 312320  

 05.02.2011 19:59     C:\Users\****\AppData\Local\Temp\~DF02C00615E5347739.TMP --------- 312320  

 05.02.2011 19:57     C:\Users\****\AppData\Local\Temp\~DF6990A0D600B95E18.TMP --------- 312320  

 05.02.2011 19:55     C:\Users\****\AppData\Local\Temp\~DF4D25AA667A84C7A0.TMP --------- 312320  

 05.02.2011 19:52     C:\Users\****\AppData\Local\Temp\~DFA03149D49C52B93C.TMP --------- 312320  

 05.02.2011 19:52     C:\Users\****\AppData\Local\Temp\~DFCB9989F8F90DCDAF.TMP --------- 312320  

 05.02.2011 19:52     C:\Users\****\AppData\Local\Temp\~DFF5B29D7E51B05E54.TMP --------- 312320  

 05.02.2011 19:40     C:\Users\****\AppData\Local\Temp\~DF25CB6FDFD82682F3.TMP --------- 312320  

 05.02.2011 19:36     C:\Users\****\AppData\Local\Temp\~DF1247E22F0F11A0D9.TMP --------- 312320  

 05.02.2011 19:35     C:\Users\****\AppData\Local\Temp\~DF17EE6A2B7BE2EBEE.TMP --------- 312320  

 05.02.2011 19:35     C:\Users\****\AppData\Local\Temp\~DF70E79D84E3080247.TMP --------- 312320  

 05.02.2011 19:34     C:\Users\****\AppData\Local\Temp\~DFEDB1869566028C1F.TMP --------- 312320  

 05.02.2011 19:34     C:\Users\****\AppData\Local\Temp\~DF619206C12BF98935.TMP --------- 312320  

 05.02.2011 09:01     C:\Users\****\AppData\Local\Temp\~DF99930EB82D2E9971.TMP --------- 32768  

 04.02.2011 13:19     C:\Users\****\AppData\Local\Temp\~DF10FE858B28625E4C.TMP --------- 32768  

 03.02.2011 22:21     C:\Users\****\AppData\Local\Temp\~DF55309B1EB2139750.TMP --------- 32768  

 03.02.2011 16:42     C:\Users\****\AppData\Local\Temp\~DFA490476E9DCF1F10.TMP --------- 32768  

 03.02.2011 12:34     C:\Users\****\AppData\Local\Temp\plugtmp-16 --------- 0  

 03.02.2011 09:50     C:\Users\****\AppData\Local\Temp\~DFA76D3D9FB3C33013.TMP --------- 32768  

 03.02.2011 03:18     C:\Users\****\AppData\Local\Temp\plugtmp-15 --------- 0  

 02.02.2011 14:12     C:\Users\****\AppData\Local\Temp\~DF682D3351E8054BF8.TMP --------- 32768  

 02.02.2011 08:59     C:\Users\****\AppData\Local\Temp\{A4579471-B335-407B-8F82-D1E0BA4BF568} --------- 0  

 02.02.2011 08:50     C:\Users\****\AppData\Local\Temp\~DF9BA06E24A63FE07A.TMP --------- 32768  

 01.02.2011 21:16     C:\Users\****\AppData\Local\Temp\~DF8E9D8718A3CE92E3.TMP --------- 32768  

 01.02.2011 18:38     C:\Users\****\AppData\Local\Temp\~DF3B42CB685E932E82.TMP --------- 312320  

 01.02.2011 18:37     C:\Users\****\AppData\Local\Temp\~DFD7161480D071063E.TMP --------- 312320  

 01.02.2011 18:37     C:\Users\****\AppData\Local\Temp\~DF93F41D350AFD127D.TMP --------- 312320  

 01.02.2011 18:31     C:\Users\****\AppData\Local\Temp\~DFF0C3F4A7697D6F7D.TMP --------- 312320  

 01.02.2011 18:31     C:\Users\****\AppData\Local\Temp\~DFBAF1BE2FF1D1DD70.TMP --------- 312320  

 01.02.2011 18:28     C:\Users\****\AppData\Local\Temp\~DF3A012CCC0ACE269F.TMP --------- 312320  

 01.02.2011 18:28     C:\Users\****\AppData\Local\Temp\~DF3BF807243302B0DD.TMP --------- 312320  

 01.02.2011 18:21     C:\Users\****\AppData\Local\Temp\~DF07428197BEF441B1.TMP --------- 312320  

 01.02.2011 18:21     C:\Users\****\AppData\Local\Temp\~DF71D288B08E45E2BE.TMP --------- 312320  

 01.02.2011 18:07     C:\Users\****\AppData\Local\Temp\~DF97EBE29E81118BEC.TMP --------- 312320  

 01.02.2011 18:06     C:\Users\****\AppData\Local\Temp\~DFC353545C574F0BC9.TMP --------- 312320  

 01.02.2011 18:05     C:\Users\****\AppData\Local\Temp\~DF297DCC1462DBEE63.TMP --------- 312320  

 01.02.2011 18:05     C:\Users\****\AppData\Local\Temp\~DF6EBF12D6CD94FD5F.TMP --------- 312320  

 01.02.2011 18:05     C:\Users\****\AppData\Local\Temp\~DF179B9A1DF0042260.TMP --------- 312320  

 01.02.2011 18:05     C:\Users\****\AppData\Local\Temp\~DF68FF632EA938AD27.TMP --------- 312320  

 01.02.2011 18:03     C:\Users\****\AppData\Local\Temp\~DF6AEF3E5043A38F35.TMP --------- 312320  

 01.02.2011 18:03     C:\Users\****\AppData\Local\Temp\~DF6BCA6D4A314B6F0B.TMP --------- 312320  

 01.02.2011 17:39     C:\Users\****\AppData\Local\Temp\~DF16A2553C697394AC.TMP --------- 312320  

 01.02.2011 17:39     C:\Users\****\AppData\Local\Temp\~DFDC16E344EC92C847.TMP --------- 312320  

 01.02.2011 17:39     C:\Users\****\AppData\Local\Temp\~DFFE28CC9E194CBEE1.TMP --------- 312320  

 01.02.2011 17:39     C:\Users\****\AppData\Local\Temp\~DF5C3D7CD971CE4950.TMP --------- 312320  

 01.02.2011 17:39     C:\Users\****\AppData\Local\Temp\~DFA8A1ADFEF6F3CDAD.TMP --------- 312320  

 01.02.2011 17:38     C:\Users\****\AppData\Local\Temp\~DF72D0624DAA194DBB.TMP --------- 312320  

 01.02.2011 17:38     C:\Users\****\AppData\Local\Temp\~DFBCE06CEE4136C493.TMP --------- 312320  

 01.02.2011 17:38     C:\Users\****\AppData\Local\Temp\~DF6E63DEE40C10E570.TMP --------- 312320  

 01.02.2011 17:38     C:\Users\****\AppData\Local\Temp\~DF05C6BC5E7F22327B.TMP --------- 312320  

 01.02.2011 17:28     C:\Users\****\AppData\Local\Temp\~DFA295DBD77977820C.TMP --------- 312320  

 01.02.2011 17:28     C:\Users\****\AppData\Local\Temp\~DF088A9718C6542347.TMP --------- 312320  

 01.02.2011 11:19     C:\Users\****\AppData\Local\Temp\plugtmp-14 --------- 0  

 31.01.2011 19:08     C:\Users\****\AppData\Local\Temp\~DFE2C29827E46DC507.TMP --------- 312320  

 31.01.2011 19:06     C:\Users\****\AppData\Local\Temp\~DF82C098F923F7BD6A.TMP --------- 312320  

 31.01.2011 19:06     C:\Users\****\AppData\Local\Temp\~DF5D035BA293368A8B.TMP --------- 312320  

 31.01.2011 19:06     C:\Users\****\AppData\Local\Temp\~DFEFDC52046C372D44.TMP --------- 312320  

 31.01.2011 19:05     C:\Users\****\AppData\Local\Temp\~DF6E945AF7FB85C82F.TMP --------- 312320  

 31.01.2011 19:04     C:\Users\****\AppData\Local\Temp\~DF1F6B96097B7FA358.TMP --------- 312320  

 31.01.2011 19:04     C:\Users\****\AppData\Local\Temp\~DFC905CC2181ECD749.TMP --------- 312320  

 31.01.2011 19:03     C:\Users\****\AppData\Local\Temp\~DFB8A4A9F1F581D6C4.TMP --------- 312320  

 31.01.2011 19:03     C:\Users\****\AppData\Local\Temp\~DF2135DE223F512DA9.TMP --------- 312320  

 31.01.2011 18:49     C:\Users\****\AppData\Local\Temp\~DF2B78780C365FC5EA.TMP --------- 312320  

 31.01.2011 18:49     C:\Users\****\AppData\Local\Temp\~DF3A863B543CF9845F.TMP --------- 312320  

 31.01.2011 18:49     C:\Users\****\AppData\Local\Temp\~DFBAAB3A7A7975107B.TMP --------- 312320  

 31.01.2011 18:49     C:\Users\****\AppData\Local\Temp\~DFC333EEC49D1DD407.TMP --------- 312320  

 31.01.2011 18:48     C:\Users\****\AppData\Local\Temp\~DF0432410AA3F00C54.TMP --------- 312320  

 31.01.2011 18:48     C:\Users\****\AppData\Local\Temp\~DF8D9EA935CCA80244.TMP --------- 312320  

 31.01.2011 18:48     C:\Users\****\AppData\Local\Temp\~DF27F1A130E6F5A175.TMP --------- 312320  

 31.01.2011 18:48     C:\Users\****\AppData\Local\Temp\~DFFD8790AFF3822B1F.TMP --------- 312320  

 31.01.2011 18:32     C:\Users\****\AppData\Local\Temp\~DFD81B7C5E40C50850.TMP --------- 312320  

 31.01.2011 18:31     C:\Users\****\AppData\Local\Temp\~DF54CBC030CE978CBB.TMP --------- 312320  

 31.01.2011 18:31     C:\Users\****\AppData\Local\Temp\~DF54BCA14953B171A6.TMP --------- 312320  

 31.01.2011 18:31     C:\Users\****\AppData\Local\Temp\~DF09CC50856D291222.TMP --------- 312320  

 31.01.2011 18:31     C:\Users\****\AppData\Local\Temp\~DF336742A7ACF2D14E.TMP --------- 312320  

 31.01.2011 18:28     C:\Users\****\AppData\Local\Temp\~DF1161297BC75FE241.TMP --------- 312320  

 31.01.2011 18:28     C:\Users\****\AppData\Local\Temp\~DF80D38B02A04D12EB.TMP --------- 312320  

 31.01.2011 18:19     C:\Users\****\AppData\Local\Temp\~DF896EF0BDFD20BC05.TMP --------- 312320  

 31.01.2011 18:19     C:\Users\****\AppData\Local\Temp\~DFA1C05C90378907CC.TMP --------- 312320  

 31.01.2011 18:14     C:\Users\****\AppData\Local\Temp\~DFF66596AB38B0A7EE.TMP --------- 312320  

 31.01.2011 18:14     C:\Users\****\AppData\Local\Temp\~DFEFAA8B38BDEC8B04.TMP --------- 312320  

 31.01.2011 18:14     C:\Users\****\AppData\Local\Temp\~DF3CC6E58619D9EC37.TMP --------- 312320  

 31.01.2011 18:14     C:\Users\****\AppData\Local\Temp\~DF16A3FF07B9B0D7EA.TMP --------- 312320  

 31.01.2011 18:00     C:\Users\****\AppData\Local\Temp\~DFCE4E90EFF73B2F3D.TMP --------- 312320  

 31.01.2011 17:59     C:\Users\****\AppData\Local\Temp\~DFE90226801A33AE22.TMP --------- 312320  

 31.01.2011 17:59     C:\Users\****\AppData\Local\Temp\~DF83D71A8901AD8C22.TMP --------- 312320  

 31.01.2011 17:40     C:\Users\****\AppData\Local\Temp\~DF999C8636B5C865FD.TMP --------- 312320  

 31.01.2011 17:39     C:\Users\****\AppData\Local\Temp\~DFAD7FE2C65C830562.TMP --------- 312320  

 31.01.2011 10:30     C:\Users\****\AppData\Local\Temp\~DF6389B13308B87424.TMP --------- 32768  

 30.01.2011 23:22     C:\Users\****\AppData\Local\Temp\~DF83FD6F3E17467CD7.TMP --------- 32768  

 30.01.2011 15:40     C:\Users\****\AppData\Local\Temp\tmp7934.tmp --------- 0  

 30.01.2011 15:39     C:\Users\****\AppData\Local\Temp\CVR7F5C.tmp.cvr --------- 0  

 30.01.2011 15:39     C:\Users\****\AppData\Local\Temp\556892.od --------- 134  

 30.01.2011 15:26     C:\Users\****\AppData\Local\Temp\plugtmp-13 --------- 0  

 29.01.2011 21:55     C:\Users\****\AppData\Local\Temp\~DFDCE9AC150886A30E.TMP --------- 312320  

 29.01.2011 21:52     C:\Users\****\AppData\Local\Temp\~DFE2E6DB14591F8E28.TMP --------- 312320  

 29.01.2011 21:52     C:\Users\****\AppData\Local\Temp\~DFA24E3ACAC72AE330.TMP --------- 312320  

 29.01.2011 21:49     C:\Users\****\AppData\Local\Temp\~DFE7FC95ACCDBF1322.TMP --------- 312320  

 29.01.2011 21:49     C:\Users\****\AppData\Local\Temp\~DFCF5A3A7D84819A5F.TMP --------- 312320  

 29.01.2011 21:41     C:\Users\****\AppData\Local\Temp\~DF4A970EB00E7A659C.TMP --------- 312320  

 29.01.2011 21:41     C:\Users\****\AppData\Local\Temp\~DFBFCA8F75996A8DD1.TMP --------- 312320  

 29.01.2011 21:40     C:\Users\****\AppData\Local\Temp\~DF2798C7B4C20E708F.TMP --------- 312320  

 29.01.2011 21:40     C:\Users\****\AppData\Local\Temp\~DFFB11B7DCB62DAA45.TMP --------- 312320  

 29.01.2011 21:39     C:\Users\****\AppData\Local\Temp\~DF6ADAC6089E17B8EA.TMP --------- 312320  

 29.01.2011 21:39     C:\Users\****\AppData\Local\Temp\~DFECDE49A21A351151.TMP --------- 312320  

 29.01.2011 21:34     C:\Users\****\AppData\Local\Temp\~DF48C4235C7276AF84.TMP --------- 312320  

 29.01.2011 21:34     C:\Users\****\AppData\Local\Temp\~DF9512060AAD39496E.TMP --------- 312320  

 29.01.2011 21:31     C:\Users\****\AppData\Local\Temp\~DF81100E14045D57F3.TMP --------- 312320  

 29.01.2011 21:31     C:\Users\****\AppData\Local\Temp\~DF7E18D3B6769EB00E.TMP --------- 312320  

 29.01.2011 21:29     C:\Users\****\AppData\Local\Temp\~DF1111265CDF881F13.TMP --------- 312320  

 29.01.2011 21:29     C:\Users\****\AppData\Local\Temp\~DFCD6A1DDE127FB79D.TMP --------- 312320  

 29.01.2011 21:13     C:\Users\****\AppData\Local\Temp\~DF278C7F502A5633A4.TMP --------- 312320  

 29.01.2011 21:13     C:\Users\****\AppData\Local\Temp\~DF3D3B6433F8BDB5ED.TMP --------- 312320  

 29.01.2011 21:12     C:\Users\****\AppData\Local\Temp\~DF569CF788F354AB9B.TMP --------- 312320  

 29.01.2011 21:12     C:\Users\****\AppData\Local\Temp\~DFBDC1463847FCEE46.TMP --------- 312320  

 29.01.2011 21:02     C:\Users\****\AppData\Local\Temp\~DF26BFB4E104269923.TMP --------- 312320  

 29.01.2011 21:02     C:\Users\****\AppData\Local\Temp\~DFE8B23C86069838EC.TMP --------- 312320  

 29.01.2011 21:01     C:\Users\****\AppData\Local\Temp\~DF816AB436FED5C5B3.TMP --------- 312320  

 29.01.2011 21:01     C:\Users\****\AppData\Local\Temp\~DF5FA0C65A61AADA59.TMP --------- 312320  

 29.01.2011 20:55     C:\Users\****\AppData\Local\Temp\~DF90918A94735F89C8.TMP --------- 312320  

 29.01.2011 20:55     C:\Users\****\AppData\Local\Temp\~DF657A04EF8792FC84.TMP --------- 312320  

 29.01.2011 20:54     C:\Users\****\AppData\Local\Temp\~DFD027A70C3B23CB18.TMP --------- 312320  

 29.01.2011 20:54     C:\Users\****\AppData\Local\Temp\~DFCDCF9F667B6F1543.TMP --------- 312320  

 29.01.2011 20:51     C:\Users\****\AppData\Local\Temp\~DF0B0CF400F94E9B54.TMP --------- 312320  

 29.01.2011 20:51     C:\Users\****\AppData\Local\Temp\~DF70FF13E4358C4EAF.TMP --------- 312320  

 29.01.2011 20:48     C:\Users\****\AppData\Local\Temp\~DF653191AAA1C8EB45.TMP --------- 312320  

 29.01.2011 20:48     C:\Users\****\AppData\Local\Temp\~DF322E9F027486544E.TMP --------- 312320  

 29.01.2011 20:47     C:\Users\****\AppData\Local\Temp\~DF4706C58EB97C8DE1.TMP --------- 312320  

 29.01.2011 20:47     C:\Users\****\AppData\Local\Temp\~DFD2AB69E7B1B54A90.TMP --------- 312320  

 29.01.2011 20:45     C:\Users\****\AppData\Local\Temp\~DFFC98D16392C03DC8.TMP --------- 312320  

 29.01.2011 20:45     C:\Users\****\AppData\Local\Temp\~DF49C0239854390BB5.TMP --------- 312320  

 29.01.2011 20:37     C:\Users\****\AppData\Local\Temp\~DFF11452DE8D1F2D5C.TMP --------- 312320  

 29.01.2011 20:37     C:\Users\****\AppData\Local\Temp\~DF1FC54A726535DFD4.TMP --------- 312320  

 29.01.2011 20:35     C:\Users\****\AppData\Local\Temp\~DF03417AC20181A7BF.TMP --------- 312320  

 29.01.2011 20:35     C:\Users\****\AppData\Local\Temp\~DF9D8E9E92E963920B.TMP --------- 312320  

 29.01.2011 20:35     C:\Users\****\AppData\Local\Temp\~DFA024938497EC7431.TMP --------- 312320  

 29.01.2011 20:35     C:\Users\****\AppData\Local\Temp\~DFF1796D165450F000.TMP --------- 312320  

 29.01.2011 20:27     C:\Users\****\AppData\Local\Temp\~DF67B5E471CBA06DB6.TMP --------- 312320  

 29.01.2011 20:27     C:\Users\****\AppData\Local\Temp\~DF7E7212D1F52EBE48.TMP --------- 312320  

 29.01.2011 20:27     C:\Users\****\AppData\Local\Temp\~DF67ADE674E7312EB5.TMP --------- 312320  

 29.01.2011 20:26     C:\Users\****\AppData\Local\Temp\~DF3921BD67B4153C9F.TMP --------- 312320  

 29.01.2011 20:26     C:\Users\****\AppData\Local\Temp\~DF3722E8BA8249C23E.TMP --------- 312320  

 29.01.2011 20:26     C:\Users\****\AppData\Local\Temp\~DFB255E2772BC3FE43.TMP --------- 312320  

 29.01.2011 20:26     C:\Users\****\AppData\Local\Temp\~DF014FC96C534ACD94.TMP --------- 312320  

 29.01.2011 20:16     C:\Users\****\AppData\Local\Temp\~DFE46FCBA7AA90D074.TMP --------- 312320  

 29.01.2011 20:16     C:\Users\****\AppData\Local\Temp\~DF4788529A8E9B237B.TMP --------- 312320  

 29.01.2011 19:53     C:\Users\****\AppData\Local\Temp\~DF6062142FCA51A6F6.TMP --------- 312320  

 29.01.2011 19:35     C:\Users\****\AppData\Local\Temp\~DF134BB2C646F3ABF0.TMP --------- 312320  

 29.01.2011 19:35     C:\Users\****\AppData\Local\Temp\~DF879B3436551BFDF2.TMP --------- 312320  

 29.01.2011 19:33     C:\Users\****\AppData\Local\Temp\~DF23AAEAC8BDDDEDF1.TMP --------- 312320  

 29.01.2011 19:32     C:\Users\****\AppData\Local\Temp\~DFFE16A9D350598FDB.TMP --------- 312320  

 29.01.2011 19:27     C:\Users\****\AppData\Local\Temp\~DFC5A77DA4A491BEC0.TMP --------- 312320  

 29.01.2011 19:27     C:\Users\****\AppData\Local\Temp\~DFC2E8405B96B4FAB0.TMP --------- 312320  

 29.01.2011 19:27     C:\Users\****\AppData\Local\Temp\~DFBE6F3C1B80F1EDD2.TMP --------- 312320  

 29.01.2011 19:24     C:\Users\****\AppData\Local\Temp\~DFA302E9322E8C6893.TMP --------- 312320  

 29.01.2011 19:24     C:\Users\****\AppData\Local\Temp\~DF83204686B194080C.TMP --------- 312320  

 29.01.2011 09:38     C:\Users\****\AppData\Local\Temp\~DFBE4E7988430F253C.TMP --------- 312320  

 29.01.2011 09:13     C:\Users\****\AppData\Local\Temp\~DFBEA1B97798FA665D.TMP --------- 312320  

 29.01.2011 09:13     C:\Users\****\AppData\Local\Temp\~DF71EC5672271C2598.TMP --------- 312320  

 29.01.2011 09:13     C:\Users\****\AppData\Local\Temp\~DFDCB98C58A0028446.TMP --------- 312320  

 29.01.2011 09:11     C:\Users\****\AppData\Local\Temp\~DF9C2164BA7C5C91D8.TMP --------- 312320  

 29.01.2011 09:11     C:\Users\****\AppData\Local\Temp\~DF1DBE60999A61F7DA.TMP --------- 312320  

 28.01.2011 19:57     C:\Users\****\AppData\Local\Temp\~DF32979F5D7A03DE74.TMP --------- 312320  

 28.01.2011 19:14     C:\Users\****\AppData\Local\Temp\~DF07AD87D74D5A6829.TMP --------- 312320  

 28.01.2011 19:14     C:\Users\****\AppData\Local\Temp\~DF5ED6F3DED2FB8C95.TMP --------- 312320  

 28.01.2011 19:14     C:\Users\****\AppData\Local\Temp\~DFD9F89F700F3E8A4F.TMP --------- 312320  

 28.01.2011 19:14     C:\Users\****\AppData\Local\Temp\~DFDBC94BA15E0D2293.TMP --------- 312320  

 28.01.2011 19:14     C:\Users\****\AppData\Local\Temp\~DF1C875421B2D40E54.TMP --------- 312320  

 28.01.2011 19:12     C:\Users\****\AppData\Local\Temp\~DF535B465022665B22.TMP --------- 312320  

 28.01.2011 19:12     C:\Users\****\AppData\Local\Temp\~DFF07E63B8012965D8.TMP --------- 312320  

 28.01.2011 15:20     C:\Users\****\AppData\Local\Temp\plugtmp-12 --------- 0  

 27.01.2011 22:52     C:\Users\****\AppData\Local\Temp\~DF886C5DCA1D05DC90.TMP --------- 312320  

 27.01.2011 22:52     C:\Users\****\AppData\Local\Temp\~DFD7E3D8975A7EDB63.TMP --------- 312320  

 27.01.2011 22:52     C:\Users\****\AppData\Local\Temp\~DF226A3CE9AE4F4537.TMP --------- 312320  

 27.01.2011 22:52     C:\Users\****\AppData\Local\Temp\~DF97B2FAE564F4008B.TMP --------- 312320  

 27.01.2011 22:50     C:\Users\****\AppData\Local\Temp\~DFC1AD4130BAB871D0.TMP --------- 312320  

 27.01.2011 22:50     C:\Users\****\AppData\Local\Temp\~DFDDA7829AE221D0CE.TMP --------- 312320  

 27.01.2011 18:19     C:\Users\****\AppData\Local\Temp\~DF2401DD5EEBD61D7C.TMP --------- 312320  

 27.01.2011 18:19     C:\Users\****\AppData\Local\Temp\~DF425D33EB07A78438.TMP --------- 312320  

 27.01.2011 18:18     C:\Users\****\AppData\Local\Temp\~DF32B339AB9AF422E5.TMP --------- 312320  

 27.01.2011 18:18     C:\Users\****\AppData\Local\Temp\~DFC64CD224534BEB48.TMP --------- 312320  

 27.01.2011 18:07     C:\Users\****\AppData\Local\Temp\~DFF2003E84675AEDEB.TMP --------- 312320  

 27.01.2011 18:07     C:\Users\****\AppData\Local\Temp\~DF2EFEDD2EA3C1E920.TMP --------- 312320  

 27.01.2011 18:03     C:\Users\****\AppData\Local\Temp\~DF3CB74C2A9AEC4C8D.TMP --------- 312320  

 27.01.2011 18:03     C:\Users\****\AppData\Local\Temp\~DFAEF5DAAA91E8DE3E.TMP --------- 312320  

 27.01.2011 18:02     C:\Users\****\AppData\Local\Temp\~DF09AEE6E27DD8D1E0.TMP --------- 312320  

 27.01.2011 18:02     C:\Users\****\AppData\Local\Temp\~DFCD98AF43E7267753.TMP --------- 312320  

 27.01.2011 18:00     C:\Users\****\AppData\Local\Temp\~DFCEA90CF0C98DF48B.TMP --------- 312320  

 27.01.2011 18:00     C:\Users\****\AppData\Local\Temp\~DF5CE581F6297B20CC.TMP --------- 312320  

 27.01.2011 17:57     C:\Users\****\AppData\Local\Temp\~DF4FE7EF600C572821.TMP --------- 312320  

 27.01.2011 17:57     C:\Users\****\AppData\Local\Temp\~DF45936C2088EC336E.TMP --------- 312320  

 27.01.2011 17:55     C:\Users\****\AppData\Local\Temp\~DFB7B52931B2DBCE02.TMP --------- 312320  

 27.01.2011 17:55     C:\Users\****\AppData\Local\Temp\~DFDA0B4FD470F0FAD6.TMP --------- 312320  

 27.01.2011 17:54     C:\Users\****\AppData\Local\Temp\~DF2B9DEEEB808CABA7.TMP --------- 312320  

 27.01.2011 17:54     C:\Users\****\AppData\Local\Temp\~DF2FEC204107A7D47E.TMP --------- 312320  

 27.01.2011 17:53     C:\Users\****\AppData\Local\Temp\~DFF9937D1EA727C67B.TMP --------- 312320  

 27.01.2011 17:53     C:\Users\****\AppData\Local\Temp\~DFC1BC0A4486E6380C.TMP --------- 312320  

 27.01.2011 17:52     C:\Users\****\AppData\Local\Temp\~DF606858DACF49F966.TMP --------- 312320  

 27.01.2011 17:52     C:\Users\****\AppData\Local\Temp\~DF6311E1B8151E6B45.TMP --------- 312320  

 27.01.2011 17:50     C:\Users\****\AppData\Local\Temp\~DF43B74899196ABCAF.TMP --------- 312320  

 27.01.2011 17:50     C:\Users\****\AppData\Local\Temp\~DF740AE94E0397FC48.TMP --------- 312320  

 27.01.2011 17:49     C:\Users\****\AppData\Local\Temp\~DF19B1654592FEBED6.TMP --------- 312320  

 27.01.2011 17:49     C:\Users\****\AppData\Local\Temp\~DFF38717A0C8EA089C.TMP --------- 312320  

 27.01.2011 17:47     C:\Users\****\AppData\Local\Temp\~DF4A5830AEDEC8F14A.TMP --------- 312320  

 27.01.2011 17:47     C:\Users\****\AppData\Local\Temp\~DF000104A492926A1C.TMP --------- 312320  

 27.01.2011 17:46     C:\Users\****\AppData\Local\Temp\~DF7CA183AE86354B90.TMP --------- 312320  

 27.01.2011 17:46     C:\Users\****\AppData\Local\Temp\~DF774EF6C426A7410B.TMP --------- 312320  

 27.01.2011 17:45     C:\Users\****\AppData\Local\Temp\~DFC77C13ED098A74B7.TMP --------- 312320  

 27.01.2011 17:45     C:\Users\****\AppData\Local\Temp\~DF505DF4E0E0B72BBF.TMP --------- 312320  

 27.01.2011 17:44     C:\Users\****\AppData\Local\Temp\~DFAD6BB3393CED45D2.TMP --------- 312320  

 27.01.2011 17:44     C:\Users\****\AppData\Local\Temp\~DF3031CB2376356142.TMP --------- 312320  

 27.01.2011 17:41     C:\Users\****\AppData\Local\Temp\~DF84D50502D4F505D8.TMP --------- 312320  

 27.01.2011 17:41     C:\Users\****\AppData\Local\Temp\~DF18A11886242AA078.TMP --------- 312320  

 27.01.2011 17:40     C:\Users\****\AppData\Local\Temp\~DFD5D1A38CE7B5A0C3.TMP --------- 312320  

 27.01.2011 17:40     C:\Users\****\AppData\Local\Temp\~DF0598AC942B3AEFED.TMP --------- 312320  

 27.01.2011 17:35     C:\Users\****\AppData\Local\Temp\~DFA84A1383CAE0D92C.TMP --------- 312320  

 27.01.2011 17:35     C:\Users\****\AppData\Local\Temp\~DF59B28B6B6522D756.TMP --------- 312320  

 27.01.2011 17:34     C:\Users\****\AppData\Local\Temp\~DF83F01C189E1BAACD.TMP --------- 312320  

 27.01.2011 17:34     C:\Users\****\AppData\Local\Temp\~DFA58695C633DF6367.TMP --------- 312320  

 27.01.2011 17:33     C:\Users\****\AppData\Local\Temp\~DF63B19E5D7BEB6A12.TMP --------- 312320  

 27.01.2011 17:33     C:\Users\****\AppData\Local\Temp\~DFB1C44B398EF1A453.TMP --------- 312320  

 27.01.2011 17:24     C:\Users\****\AppData\Local\Temp\~DFA960E71BCE507408.TMP --------- 312320  

 27.01.2011 17:24     C:\Users\****\AppData\Local\Temp\~DF8470421899F3C3CE.TMP --------- 312320  

 27.01.2011 17:18     C:\Users\****\AppData\Local\Temp\~DF622B8BA3A7F46D4A.TMP --------- 312320  

 27.01.2011 17:18     C:\Users\****\AppData\Local\Temp\~DF73CFB0932CE04A23.TMP --------- 312320  

 27.01.2011 17:18     C:\Users\****\AppData\Local\Temp\~DF6BACB54BAE0832E7.TMP --------- 312320  

 27.01.2011 17:18     C:\Users\****\AppData\Local\Temp\~DFB51140521CC933DF.TMP --------- 312320  

 27.01.2011 17:13     C:\Users\****\AppData\Local\Temp\~DFC306ED5C953E32E2.TMP --------- 312320  

 27.01.2011 17:13     C:\Users\****\AppData\Local\Temp\~DF59F2D91B3CFA43C2.TMP --------- 312320  

 26.01.2011 21:28     C:\Users\****\AppData\Local\Temp\~DFEF82120BE69C23BE.TMP --------- 312320  

 26.01.2011 21:23     C:\Users\****\AppData\Local\Temp\~DFB12FF4A248E2CBEE.TMP --------- 312320  

 26.01.2011 21:23     C:\Users\****\AppData\Local\Temp\~DFA511275796D79801.TMP --------- 312320  

 26.01.2011 21:22     C:\Users\****\AppData\Local\Temp\~DF244CA8BFC4B95E71.TMP --------- 312320  

 26.01.2011 21:18     C:\Users\****\AppData\Local\Temp\~DFC08EC5D961F928A3.TMP --------- 312320  

 26.01.2011 21:18     C:\Users\****\AppData\Local\Temp\~DFF0DE061D4CA63F12.TMP --------- 312320  

 26.01.2011 20:37     C:\Users\****\AppData\Local\Temp\~DFC4AF57CB9A11BFB6.TMP --------- 312320  

 26.01.2011 20:37     C:\Users\****\AppData\Local\Temp\~DF29E1C7443759CB0F.TMP --------- 312320  

 26.01.2011 20:36     C:\Users\****\AppData\Local\Temp\~DF56FD0860CC2DAE3A.TMP --------- 312320  

 26.01.2011 20:36     C:\Users\****\AppData\Local\Temp\~DF117E9CADF761BF8F.TMP --------- 312320  

 26.01.2011 20:35     C:\Users\****\AppData\Local\Temp\~DFA0EB0CF818E6E43A.TMP --------- 312320  

 26.01.2011 20:35     C:\Users\****\AppData\Local\Temp\~DF9BEA1143556964EE.TMP --------- 312320  

 26.01.2011 20:23     C:\Users\****\AppData\Local\Temp\~DF3F48FAE5ED4E702B.TMP --------- 312320  

 26.01.2011 20:23     C:\Users\****\AppData\Local\Temp\~DF0B23F0497BB66A6B.TMP --------- 312320  

 26.01.2011 20:23     C:\Users\****\AppData\Local\Temp\~DFA39E37BB6F8FB016.TMP --------- 312320  

 26.01.2011 20:23     C:\Users\****\AppData\Local\Temp\~DF0AF1131780B3E8E3.TMP --------- 312320  

 26.01.2011 20:21     C:\Users\****\AppData\Local\Temp\~DF00D0BD10F73C7B9E.TMP --------- 312320  

 26.01.2011 20:21     C:\Users\****\AppData\Local\Temp\~DF44DB325922507935.TMP --------- 312320  

 26.01.2011 20:21     C:\Users\****\AppData\Local\Temp\~DF47F1E08A55F5404D.TMP --------- 312320  

 26.01.2011 20:21     C:\Users\****\AppData\Local\Temp\~DFF4F0D7281B3BE8ED.TMP --------- 312320  

 26.01.2011 20:19     C:\Users\****\AppData\Local\Temp\~DF2E88F747DFB8C07B.TMP --------- 312320  

 26.01.2011 20:19     C:\Users\****\AppData\Local\Temp\~DF0029E346C30AF2EE.TMP --------- 312320  

 26.01.2011 20:19     C:\Users\****\AppData\Local\Temp\~DFD7A025C3C7A64B9D.TMP --------- 312320  

 26.01.2011 20:19     C:\Users\****\AppData\Local\Temp\~DF63485484B67F5E79.TMP --------- 312320  

 26.01.2011 20:13     C:\Users\****\AppData\Local\Temp\~DFEB2E81FEA0CDB68B.TMP --------- 312320  

 26.01.2011 20:13     C:\Users\****\AppData\Local\Temp\~DF28A0F80848FFED94.TMP --------- 312320  

 26.01.2011 20:10     C:\Users\****\AppData\Local\Temp\~DF35BF0BCBE47EF93F.TMP --------- 312320  

 26.01.2011 20:10     C:\Users\****\AppData\Local\Temp\~DF4F43863CB1D60D76.TMP --------- 312320  

 26.01.2011 19:37     C:\Users\****\AppData\Local\Temp\~DF12F996E1EE0F317E.TMP --------- 312320  

 26.01.2011 19:10     C:\Users\****\AppData\Local\Temp\~DF0A97F8F8E0A738C3.TMP --------- 312320  

 26.01.2011 19:10     C:\Users\****\AppData\Local\Temp\~DFAE1E8A5B8DC9CA07.TMP --------- 312320  

 26.01.2011 19:09     C:\Users\****\AppData\Local\Temp\~DF0B51B7448322A513.TMP --------- 312320  

 26.01.2011 19:09     C:\Users\****\AppData\Local\Temp\~DF303FD28B89BA9AC4.TMP --------- 312320  

 26.01.2011 19:09     C:\Users\****\AppData\Local\Temp\~DFA8F76FFE8CBDDD5E.TMP --------- 312320  

 26.01.2011 19:08     C:\Users\****\AppData\Local\Temp\~DFB1324D2538B619E8.TMP --------- 312320  

 26.01.2011 19:08     C:\Users\****\AppData\Local\Temp\~DF7A83C564616429EE.TMP --------- 312320  

 26.01.2011 19:08     C:\Users\****\AppData\Local\Temp\~DF69FE924DC9F82D73.TMP --------- 312320  

 26.01.2011 19:06     C:\Users\****\AppData\Local\Temp\~DF3B5BD58030465EB9.TMP --------- 312320  

 26.01.2011 19:06     C:\Users\****\AppData\Local\Temp\~DF7D3A3FA70A599251.TMP --------- 312320  

 25.01.2011 19:16     C:\Users\****\AppData\Local\Temp\~DF7B47992CCEB59F20.TMP --------- 312320  

 25.01.2011 19:16     C:\Users\****\AppData\Local\Temp\~DFC16CD129684BF87E.TMP --------- 312320  

 25.01.2011 19:14     C:\Users\****\AppData\Local\Temp\~DFF2C7B65896DA312B.TMP --------- 312320  

 25.01.2011 19:14     C:\Users\****\AppData\Local\Temp\~DF073D30629DA547B1.TMP --------- 312320  

 25.01.2011 19:14     C:\Users\****\AppData\Local\Temp\~DFDFD8302E39565D23.TMP --------- 312320  

 25.01.2011 19:14     C:\Users\****\AppData\Local\Temp\~DF91B6968DBE3FCA01.TMP --------- 312320  

 25.01.2011 19:12     C:\Users\****\AppData\Local\Temp\~DFA5CDD2228616CBAB.TMP --------- 312320  

 25.01.2011 19:12     C:\Users\****\AppData\Local\Temp\~DFDC0A33111C2A7A88.TMP --------- 312320  

 25.01.2011 19:11     C:\Users\****\AppData\Local\Temp\~DFD2D6CBB265944216.TMP --------- 312320  

 25.01.2011 19:10     C:\Users\****\AppData\Local\Temp\~DF7AA62CA6C79CE90C.TMP --------- 312320  

 25.01.2011 19:03     C:\Users\****\AppData\Local\Temp\~DFD9967434B13D3575.TMP --------- 312320  

 25.01.2011 19:03     C:\Users\****\AppData\Local\Temp\~DFD7996B5D52E0433A.TMP --------- 312320  

 25.01.2011 19:02     C:\Users\****\AppData\Local\Temp\~DF8732FFD67BA93C9F.TMP --------- 312320  

 25.01.2011 19:02     C:\Users\****\AppData\Local\Temp\~DFCE8D2A058A5F4226.TMP --------- 312320  

 25.01.2011 19:02     C:\Users\****\AppData\Local\Temp\~DFD7F4722B91B9029F.TMP --------- 312320  

 25.01.2011 19:02     C:\Users\****\AppData\Local\Temp\~DFE2E524ADD9552F8C.TMP --------- 312320  

 25.01.2011 19:00     C:\Users\****\AppData\Local\Temp\~DF6E9261B5FE8D4465.TMP --------- 312320  

 25.01.2011 19:00     C:\Users\****\AppData\Local\Temp\~DF28C37F4486C73D37.TMP --------- 312320  

 25.01.2011 18:59     C:\Users\****\AppData\Local\Temp\~DF368BC1FDA0247340.TMP --------- 312320  

 25.01.2011 18:59     C:\Users\****\AppData\Local\Temp\~DF573915D3C76F8EB2.TMP --------- 312320  

 25.01.2011 18:56     C:\Users\****\AppData\Local\Temp\~DF15FD44BF3A3D167F.TMP --------- 312320  

 25.01.2011 18:56     C:\Users\****\AppData\Local\Temp\~DFA1C99D98F7F7A0DB.TMP --------- 312320  

 25.01.2011 18:48     C:\Users\****\AppData\Local\Temp\~DFD7ABCD8FFFB12FC2.TMP --------- 312320  

 25.01.2011 18:48     C:\Users\****\AppData\Local\Temp\~DF4B9F325DCEBC344A.TMP --------- 312320  

 25.01.2011 18:46     C:\Users\****\AppData\Local\Temp\~DFD1D66091996B7692.TMP --------- 312320  

 25.01.2011 18:46     C:\Users\****\AppData\Local\Temp\~DF37DB4975212E6767.TMP --------- 312320  

 25.01.2011 18:44     C:\Users\****\AppData\Local\Temp\~DF9ED92523D2ED1350.TMP --------- 312320  

 25.01.2011 18:44     C:\Users\****\AppData\Local\Temp\~DFCDC6B26C96B15231.TMP --------- 312320  

 25.01.2011 18:41     C:\Users\****\AppData\Local\Temp\~DFD92568932383CF35.TMP --------- 312320  

 25.01.2011 18:41     C:\Users\****\AppData\Local\Temp\~DF23BCF7C21EF6FFDE.TMP --------- 312320  

 25.01.2011 18:39     C:\Users\****\AppData\Local\Temp\~DFEC40012E0EB36DD9.TMP --------- 312320  

 25.01.2011 18:39     C:\Users\****\AppData\Local\Temp\~DF8E25207ACDCB6D45.TMP --------- 312320  

 25.01.2011 18:32     C:\Users\****\AppData\Local\Temp\~DF2A406AD6EABFF1AB.TMP --------- 312320  

 25.01.2011 18:32     C:\Users\****\AppData\Local\Temp\~DF2B3A056253A309DF.TMP --------- 312320  

 25.01.2011 18:28     C:\Users\****\AppData\Local\Temp\~DF7742E960108DC64D.TMP --------- 312320  

 25.01.2011 18:28     C:\Users\****\AppData\Local\Temp\~DF8ACCDAB984437E3E.TMP --------- 312320  

 25.01.2011 18:22     C:\Users\****\AppData\Local\Temp\~DFFF4C36278D9602F3.TMP --------- 312320  

 25.01.2011 18:22     C:\Users\****\AppData\Local\Temp\~DF65EDC9BF3AF07056.TMP --------- 312320  

 25.01.2011 18:21     C:\Users\****\AppData\Local\Temp\~DF2F83100764E8A541.TMP --------- 312320  

 25.01.2011 18:21     C:\Users\****\AppData\Local\Temp\~DFCB909CEFF023E5E4.TMP --------- 312320  

 25.01.2011 18:16     C:\Users\****\AppData\Local\Temp\~DF5FD5E189822C040E.TMP --------- 312320  

 25.01.2011 18:15     C:\Users\****\AppData\Local\Temp\~DF2C81EF705D704867.TMP --------- 312320  

 25.01.2011 18:13     C:\Users\****\AppData\Local\Temp\~DFCFD9B85C7CDD7E63.TMP --------- 312320  

 25.01.2011 18:13     C:\Users\****\AppData\Local\Temp\~DF53A126F597B39045.TMP --------- 312320  

 25.01.2011 18:08     C:\Users\****\AppData\Local\Temp\~DF5E80A8E88D50EDB4.TMP --------- 312320  

 25.01.2011 18:08     C:\Users\****\AppData\Local\Temp\~DFB0B5164A38ED26B5.TMP --------- 312320  

 25.01.2011 18:07     C:\Users\****\AppData\Local\Temp\~DF0CCC8259362CA2ED.TMP --------- 312320  

 25.01.2011 18:07     C:\Users\****\AppData\Local\Temp\~DF0DE73C3322AD55C2.TMP --------- 312320  

 25.01.2011 18:05     C:\Users\****\AppData\Local\Temp\~DF058D0D66502F7909.TMP --------- 312320  

 25.01.2011 18:05     C:\Users\****\AppData\Local\Temp\~DF9B7E905BC5D5EBF6.TMP --------- 312320  

 25.01.2011 17:48     C:\Users\****\AppData\Local\Temp\~DF24DA3FE4950F7BBB.TMP --------- 312320  

 25.01.2011 17:48     C:\Users\****\AppData\Local\Temp\~DF1EFCDA5B98D3D910.TMP --------- 312320  

 25.01.2011 17:26     C:\Users\****\AppData\Local\Temp\~DFD0F012AE2EF093F6.TMP --------- 312320  

 25.01.2011 17:25     C:\Users\****\AppData\Local\Temp\~DFC7768AE45996DA6F.TMP --------- 312320  

 25.01.2011 17:15     C:\Users\****\AppData\Local\Temp\~DFFF462C7AF37ED4F4.TMP --------- 312320  

 25.01.2011 17:14     C:\Users\****\AppData\Local\Temp\~DF6AAA8C04AA3E9FEF.TMP --------- 312320  

 25.01.2011 17:10     C:\Users\****\AppData\Local\Temp\~DFFCAA33FDB92FDF3A.TMP --------- 312320  

 25.01.2011 17:10     C:\Users\****\AppData\Local\Temp\~DF5C37D82142BDB1EB.TMP --------- 312320  

 25.01.2011 17:08     C:\Users\****\AppData\Local\Temp\~DF1EC9DDF02274FB59.TMP --------- 312320  

 25.01.2011 17:08     C:\Users\****\AppData\Local\Temp\~DF5FF16DEB0E91140B.TMP --------- 312320  

 25.01.2011 17:03     C:\Users\****\AppData\Local\Temp\~DF7F0A740B1DA1B7A1.TMP --------- 312320  

 25.01.2011 17:03     C:\Users\****\AppData\Local\Temp\~DF73DF6D2EFDCC3750.TMP --------- 312320  

 25.01.2011 17:03     C:\Users\****\AppData\Local\Temp\~DF20CC8FD028F1BDAE.TMP --------- 312320  

 25.01.2011 17:03     C:\Users\****\AppData\Local\Temp\~DFD4B3918E200992ED.TMP --------- 312320  

 25.01.2011 17:02     C:\Users\****\AppData\Local\Temp\~DFE8B092B73A295FFD.TMP --------- 312320  

 25.01.2011 17:02     C:\Users\****\AppData\Local\Temp\~DFDC4F430AA9C89DDB.TMP --------- 312320  

 24.01.2011 21:34     C:\Users\****\AppData\Local\Temp\~DF8C46D8B7C8E5073E.TMP --------- 312320  

 24.01.2011 21:34     C:\Users\****\AppData\Local\Temp\~DFE7EFCA07ECA4769C.TMP --------- 312320  

 24.01.2011 19:51     C:\Users\****\AppData\Local\Temp\~DFBC51E13D221AE86A.TMP --------- 312320  

 24.01.2011 19:51     C:\Users\****\AppData\Local\Temp\~DFB5C7521C3D731FC6.TMP --------- 312320  

 24.01.2011 19:49     C:\Users\****\AppData\Local\Temp\~DF59B965C3C45FEC32.TMP --------- 312320  

 24.01.2011 19:49     C:\Users\****\AppData\Local\Temp\~DF747A773D05E9BA7F.TMP --------- 312320  

 24.01.2011 19:49     C:\Users\****\AppData\Local\Temp\~DFA26C49B282747A95.TMP --------- 312320  

 24.01.2011 19:48     C:\Users\****\AppData\Local\Temp\~DF814645A8AE94EF8F.TMP --------- 312320  

 24.01.2011 19:47     C:\Users\****\AppData\Local\Temp\~DF5E220DDDA497607A.TMP --------- 312320  

 24.01.2011 19:47     C:\Users\****\AppData\Local\Temp\~DFE7A0F6CBE56889DD.TMP --------- 312320  

 24.01.2011 19:47     C:\Users\****\AppData\Local\Temp\~DF9BBC50E7DAF935E9.TMP --------- 312320  

 24.01.2011 19:42     C:\Users\****\AppData\Local\Temp\~DF191CB478496B08CD.TMP --------- 32768  

 24.01.2011 19:39     C:\Users\****\AppData\Local\Temp\~DF597BB352F544F063.TMP --------- 312320  

 24.01.2011 19:39     C:\Users\****\AppData\Local\Temp\~DF4D46D9A170E9D689.TMP --------- 312320  

 24.01.2011 19:39     C:\Users\****\AppData\Local\Temp\~DFAE9383FC3EC89FA7.TMP --------- 312320  

 24.01.2011 19:39     C:\Users\****\AppData\Local\Temp\~DF7AE6F4152B5EECA1.TMP --------- 312320  

 24.01.2011 19:39     C:\Users\****\AppData\Local\Temp\plugtmp-11 --------- 0  

 24.01.2011 19:36     C:\Users\****\AppData\Local\Temp\~DF678E7401C8A5E2D8.TMP --------- 312320  

 24.01.2011 19:36     C:\Users\****\AppData\Local\Temp\~DF834CDE7AA9AC2D81.TMP --------- 312320  

 24.01.2011 15:05     C:\Users\****\AppData\Local\Temp\WER-87048-0.sysdata.xml --------- 43270  

 24.01.2011 14:32     C:\Users\****\AppData\Local\Temp\~DF8BF461EFC2497693.TMP --------- 32768  

 24.01.2011 13:24     C:\Users\****\AppData\Local\Temp\~DFCD1E377018053D45.TMP --------- 312320  

 24.01.2011 13:24     C:\Users\****\AppData\Local\Temp\~DF08E1EAD29618BD81.TMP --------- 312320  

 24.01.2011 13:16     C:\Users\****\AppData\Local\Temp\~DFEB3ED49A43766CF4.TMP --------- 312320  

 24.01.2011 13:16     C:\Users\****\AppData\Local\Temp\~DF0777157F346F2909.TMP --------- 312320  

 24.01.2011 13:14     C:\Users\****\AppData\Local\Temp\~DF1B2A96058CB19819.TMP --------- 312320  

 24.01.2011 13:14     C:\Users\****\AppData\Local\Temp\~DF3123B547A762010E.TMP --------- 312320  

 24.01.2011 13:10     C:\Users\****\AppData\Local\Temp\~DF317BC99CAAEB71B3.TMP --------- 312320  

 24.01.2011 13:10     C:\Users\****\AppData\Local\Temp\~DFF2402F58051E4904.TMP --------- 312320  

 24.01.2011 13:10     C:\Users\****\AppData\Local\Temp\~DF05CB852854C80C95.TMP --------- 312320  

 24.01.2011 13:09     C:\Users\****\AppData\Local\Temp\~DF04E375E7A581D49E.TMP --------- 312320  

 24.01.2011 13:09     C:\Users\****\AppData\Local\Temp\~DF3D03B632E389ECB6.TMP --------- 312320  

 24.01.2011 13:09     C:\Users\****\AppData\Local\Temp\~DF99DA194EE16D7EE5.TMP --------- 312320  

 23.01.2011 20:05     C:\Users\****\AppData\Local\Temp\plugtmp-10 --------- 0  

 23.01.2011 12:46     C:\Users\****\AppData\Local\Temp\plugtmp-9 --------- 0  

 22.01.2011 19:18     C:\Users\****\AppData\Local\Temp\DMI4A6B.tmp --------- 0  

 22.01.2011 16:26     C:\Users\****\AppData\Local\Temp\2776942.od --------- 134  

 22.01.2011 16:26     C:\Users\****\AppData\Local\Temp\CVR5F5E.tmp.cvr --------- 0  

 22.01.2011 13:42     C:\Users\****\AppData\Local\Temp\~DF41595A8A0A9BDB97.TMP --------- 32768  

 22.01.2011 09:04     C:\Users\****\AppData\Local\Temp\~DFD542E495C3DEAABC.TMP --------- 32768  

 21.01.2011 22:37     C:\Users\****\AppData\Local\Temp\~DFAAFD70C543C1F79B.TMP --------- 32768  

 21.01.2011 21:05     C:\Users\****\AppData\Local\Temp\~DF4FCD2DC3BE5CE887.TMP --------- 32768  

 21.01.2011 00:17     C:\Users\****\AppData\Local\Temp\~DF85A15BAAB86D6FE6.TMP --------- 312320  

 21.01.2011 00:17     C:\Users\****\AppData\Local\Temp\~DF42184A85956EE197.TMP --------- 312320  

 21.01.2011 00:13     C:\Users\****\AppData\Local\Temp\~DFF381880EB1B102FA.TMP --------- 312320  

 20.01.2011 23:35     C:\Users\****\AppData\Local\Temp\~DF91E37D9A1D58158F.TMP --------- 32768  

 20.01.2011 18:49     C:\Users\****\AppData\Local\Temp\~DF2BBDBC2C7A4F6DFF.TMP --------- 32768  

 20.01.2011 17:43     C:\Users\****\AppData\Local\Temp\~DFB5479EFABE8C7A09.TMP --------- 32768  

 20.01.2011 16:23     C:\Users\****\AppData\Local\Temp\~DF18A11EBF56B37F1B.TMP --------- 32768  

 19.01.2011 20:56     C:\Users\****\AppData\Local\Temp\MSB1CACH.LEX --------- 36864  

 19.01.2011 20:26     C:\Users\****\AppData\Local\Temp\~DFAF284E686BA6D3CB.TMP --------- 312320  

 19.01.2011 20:25     C:\Users\****\AppData\Local\Temp\~DF72C66A861E4CDB08.TMP --------- 312320  

 19.01.2011 20:25     C:\Users\****\AppData\Local\Temp\~DF1C391AEA3C2849C7.TMP --------- 312320  

 19.01.2011 20:24     C:\Users\****\AppData\Local\Temp\~DF2CD0CF122E0EA985.TMP --------- 312320  

 19.01.2011 20:24     C:\Users\****\AppData\Local\Temp\~DF11DF4EA7E0ED985D.TMP --------- 312320  

 19.01.2011 20:19     C:\Users\****\AppData\Local\Temp\~DF7EC01DDEF88FBA12.TMP --------- 312320  

 19.01.2011 20:19     C:\Users\****\AppData\Local\Temp\~DF36CE86E725F6E182.TMP --------- 312320  

 19.01.2011 20:18     C:\Users\****\AppData\Local\Temp\~DF28C41A23046F06C6.TMP --------- 312320  

 19.01.2011 20:18     C:\Users\****\AppData\Local\Temp\~DF51A1750EB2488F15.TMP --------- 312320  

 19.01.2011 20:17     C:\Users\****\AppData\Local\Temp\~DFEA104931AA9CC3EF.TMP --------- 312320  

 19.01.2011 20:16     C:\Users\****\AppData\Local\Temp\CLWFF24.tmp --------- 2996  

 19.01.2011 20:16     C:\Users\****\AppData\Local\Temp\WCFF23.tmp --------- 0  

 19.01.2011 20:16     C:\Users\****\AppData\Local\Temp\~DF71D817A36E2E0744.TMP --------- 312320  

 19.01.2011 20:16     C:\Users\****\AppData\Local\Temp\~DF768906D6F139C0DC.TMP --------- 312320  

 19.01.2011 20:16     C:\Users\****\AppData\Local\Temp\~DF0D2C5E616C0318E1.TMP --------- 312320  

 19.01.2011 20:16     C:\Users\****\AppData\Local\Temp\~DF536F15E7C4815BCE.TMP --------- 312320  

 19.01.2011 20:16     C:\Users\****\AppData\Local\Temp\~DF24211CB84116482F.TMP --------- 312320  

 19.01.2011 17:31     C:\Users\****\AppData\Local\Temp\~DF05D434C87D720B2E.TMP --------- 32768  

 19.01.2011 17:26     C:\Users\****\AppData\Local\Temp\~DF509970BF7984073B.TMP --------- 312320  

 19.01.2011 17:25     C:\Users\****\AppData\Local\Temp\~DFE142AEFB92062888.TMP --------- 312320  

 19.01.2011 17:25     C:\Users\****\AppData\Local\Temp\~DFAB9D351529522FAB.TMP --------- 312320  

 19.01.2011 17:24     C:\Users\****\AppData\Local\Temp\~DF554340C9280B2F90.TMP --------- 312320  

 19.01.2011 17:24     C:\Users\****\AppData\Local\Temp\~DF4F32B513A43D9752.TMP --------- 312320  

 19.01.2011 17:24     C:\Users\****\AppData\Local\Temp\~DF88BAF318C12F69BE.TMP --------- 312320  

 19.01.2011 10:54     C:\Users\****\AppData\Local\Temp\~DF486B5A151E62046D.TMP --------- 32768  

 19.01.2011 10:24     C:\Users\****\AppData\Local\Temp\TempWinSAT-wsk-2011-01-19-09-24-43-08.tmp --------- 4194304  

 19.01.2011 10:24     C:\Users\****\AppData\Local\Temp\TempWinSAT-wse-2011-01-19-09-24-43-11.tmp --------- 3145728  

 19.01.2011 10:24     C:\Users\****\AppData\Local\Temp\TempWinSAT-wsk-2011-01-19-09-24-38-67.tmp --------- 5242880  

 19.01.2011 10:24     C:\Users\****\AppData\Local\Temp\TempWinSAT-wse-2011-01-19-09-24-38-70.tmp --------- 3145728  

 19.01.2011 10:24     C:\Users\****\AppData\Local\Temp\TempWinSAT-wsk-2011-01-19-09-24-18-42.tmp --------- 4194304  

 19.01.2011 10:24     C:\Users\****\AppData\Local\Temp\TempWinSAT-wse-2011-01-19-09-24-18-42.tmp --------- 3145728  

 18.01.2011 22:42     C:\Users\****\AppData\Local\Temp\~DF93629C549F9210C9.TMP --------- 312320  

 18.01.2011 22:41     C:\Users\****\AppData\Local\Temp\~DF2A3308002BE291F0.TMP --------- 312320  

 18.01.2011 22:41     C:\Users\****\AppData\Local\Temp\~DF43384ECF474A2AF9.TMP --------- 312320  

 18.01.2011 22:41     C:\Users\****\AppData\Local\Temp\~DF8E77B210541A3D7E.TMP --------- 312320  

 18.01.2011 22:40     C:\Users\****\AppData\Local\Temp\~DF82B32C4A42956FBD.TMP --------- 312320  

 18.01.2011 22:24     C:\Users\****\AppData\Local\Temp\~DFF6FD27A86CB95540.TMP --------- 312320  

 18.01.2011 17:09     C:\Users\****\AppData\Local\Temp\~DF6B105C7AAC78FC28.TMP --------- 32768  

 18.01.2011 16:19     C:\Users\****\AppData\Local\Temp\~DFF1BFB75E4A9F3239.TMP --------- 32768  

 17.01.2011 14:03     C:\Users\****\AppData\Local\Temp\11075119.od --------- 134  

 17.01.2011 14:03     C:\Users\****\AppData\Local\Temp\CVRFE1F.tmp.cvr --------- 0  

 17.01.2011 13:48     C:\Users\****\AppData\Local\Temp\plugtmp-8 --------- 0  

 17.01.2011 13:11     C:\Users\****\AppData\Local\Temp\vastat.out --------- 115  

 17.01.2011 13:09     C:\Users\****\AppData\Local\Temp\_21E247D4_5E27_4BEA_AA4D_19A81203FE2A_.TMP --------- 1280  

 16.01.2011 21:39     C:\Users\****\AppData\Local\Temp\~DF99E5E6640E34F481.TMP --------- 312320  

 16.01.2011 21:36     C:\Users\****\AppData\Local\Temp\~DFF05750F31684BD83.TMP --------- 312320  

 16.01.2011 21:36     C:\Users\****\AppData\Local\Temp\~DF99972290A2A6EDA3.TMP --------- 312320  

 16.01.2011 21:35     C:\Users\****\AppData\Local\Temp\~DF19149EC68D2952F6.TMP --------- 312320  

 16.01.2011 21:35     C:\Users\****\AppData\Local\Temp\~DF1D6CE419F7E92C2D.TMP --------- 312320  

 16.01.2011 21:35     C:\Users\****\AppData\Local\Temp\~DFDB0F00FE6C43C0CE.TMP --------- 312320  

 16.01.2011 21:35     C:\Users\****\AppData\Local\Temp\~DF967D5FE59FEEC947.TMP --------- 312320  

 16.01.2011 21:34     C:\Users\****\AppData\Local\Temp\~DF05D64586EAB3D222.TMP --------- 312320  

 16.01.2011 20:00     C:\Users\****\AppData\Local\Temp\~DF9CF3B288B62A3628.TMP --------- 312320  

 16.01.2011 19:59     C:\Users\****\AppData\Local\Temp\~DF9660EB3CDD1A9A35.TMP --------- 312320  

 16.01.2011 19:59     C:\Users\****\AppData\Local\Temp\~DFF0968F842B2A9B89.TMP --------- 312320  

 16.01.2011 19:59     C:\Users\****\AppData\Local\Temp\~DF77BCFA51710D8282.TMP --------- 312320  

 16.01.2011 19:59     C:\Users\****\AppData\Local\Temp\~DF857029AB7B404C26.TMP --------- 312320  

 16.01.2011 19:58     C:\Users\****\AppData\Local\Temp\~DFD2D99EA9F4E4E662.TMP --------- 312320  

 16.01.2011 19:58     C:\Users\****\AppData\Local\Temp\~DF05D349ADEF9A1CAC.TMP --------- 312320  

 16.01.2011 19:57     C:\Users\****\AppData\Local\Temp\~DF9F73751E717A60C1.TMP --------- 312320  

 15.01.2011 15:30     C:\Users\****\AppData\Local\Temp\plugtmp-7 --------- 0  

 15.01.2011 12:46     C:\Users\****\AppData\Local\Temp\div5B7B.tmp --------- 0  

 15.01.2011 11:09     C:\Users\****\AppData\Local\Temp\div7CFD.tmp --------- 0  

 15.01.2011 11:03     C:\Users\****\AppData\Local\Temp\divFDEF.tmp --------- 0  

 14.01.2011 17:18     C:\Users\****\AppData\Local\Temp\~DFA5CC9BC88570A63A.TMP --------- 32768  

 14.01.2011 11:06     C:\Users\****\AppData\Local\Temp\~DF0EF8865E2EB8828D.TMP --------- 32768  

 14.01.2011 00:50     C:\Users\****\AppData\Local\Temp\~DF9260DF888EB2324C.TMP --------- 32768  

 13.01.2011 23:18     C:\Users\****\AppData\Local\Temp\~DF003D77A52DC82191.TMP --------- 312320  

 13.01.2011 23:13     C:\Users\****\AppData\Local\Temp\~DFF7BA76E690951692.TMP --------- 312320  

 13.01.2011 23:12     C:\Users\****\AppData\Local\Temp\~DF61431D2A5875F96F.TMP --------- 312320  

 13.01.2011 23:11     C:\Users\****\AppData\Local\Temp\~DFEB7EF89542CB336D.TMP --------- 312320  

 13.01.2011 23:11     C:\Users\****\AppData\Local\Temp\~DF74D67545E0626D4D.TMP --------- 312320  

 13.01.2011 23:09     C:\Users\****\AppData\Local\Temp\~DFD5F5B11DBDF1C2D8.TMP --------- 312320  

 13.01.2011 21:14     C:\Users\****\AppData\Local\Temp\~DF0E62549BBEC55CB5.TMP --------- 32768  

 13.01.2011 15:19     C:\Users\****\AppData\Local\Temp\~DFDCEA6BCFD0944957.TMP --------- 32768  

 13.01.2011 15:16     C:\Users\****\AppData\Local\Temp\~DFAFA78CE64F97827C.TMP --------- 32768  

 13.01.2011 15:14     C:\Users\****\AppData\Local\Temp\~DFD3766B739EBBF186.TMP --------- 32768  

 13.01.2011 12:57     C:\Users\****\AppData\Local\Temp\~DFC89EAC96CD418446.TMP --------- 32768  

 13.01.2011 10:23     C:\Users\****\AppData\Local\Temp\~DF64FC7BD0BBF706C3.TMP --------- 32768  

 13.01.2011 09:32     C:\Users\****\AppData\Local\Temp\~DF0C63886A3E2FE713.TMP --------- 32768  

 12.01.2011 21:17     C:\Users\****\AppData\Local\Temp\~DF7CA27F353127BA8C.TMP --------- 32768  

 12.01.2011 17:44     C:\Users\****\AppData\Local\Temp\E220AutoRunLog.tmp --------- 36045  

 12.01.2011 17:42     C:\Users\****\AppData\Local\Temp\UTPSDLL --------- 0  

 12.01.2011 17:37     C:\Users\****\AppData\Local\Temp\{35d38792-1305-465e-957c-862cea9bb68a} --------- 0  

 12.01.2011 17:30     C:\Users\****\AppData\Local\Temp\~DF3F7DD2C47AC5BC1B.TMP --------- 32768  

 12.01.2011 17:02     C:\Users\****\AppData\Local\Temp\~DF7158944B1FB5FD66.TMP --------- 32768  

 11.01.2011 15:54     C:\Users\****\AppData\Local\Temp\~DF4D74CCDE9990060C.TMP --------- 312320  

 11.01.2011 09:55     C:\Users\****\AppData\Local\Temp\History --------- 0  

 11.01.2011 09:55     C:\Users\****\AppData\Local\Temp\Temporary Internet Files --------- 0  

 10.01.2011 16:31     C:\Users\****\AppData\Local\Temp\VSDDBC.tmp --------- 0  

 10.01.2011 00:36     C:\Users\****\AppData\Local\Temp\jar_cache1040864645541930.tmp --------- 20957  

 09.01.2011 01:39     C:\Users\****\AppData\Local\Temp\plugtmp-6 --------- 0  

 08.01.2011 04:19     C:\Users\****\AppData\Local\Temp\plugtmp-5 --------- 0  

 08.01.2011 04:08     C:\Users\****\AppData\Local\Temp\958797.od --------- 134  

 08.01.2011 04:08     C:\Users\****\AppData\Local\Temp\CVRA11E.tmp.cvr --------- 0  

 07.01.2011 18:04     C:\Users\****\AppData\Local\Temp\Temp1_freebie-notes-de_3.41.zip --------- 0  

 06.01.2011 17:41     C:\Users\****\AppData\Local\Temp\Word8.0 --------- 0  

 06.01.2011 17:33     C:\Users\****\AppData\Local\Temp\msohtmlclip --------- 0  

 06.01.2011 11:33     C:\Users\****\AppData\Local\Temp\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A} --------- 0  

 06.01.2011 11:14     C:\Users\****\AppData\Local\Temp\Temp1_SecureW2_EAP_Suite_204_GA.zip --------- 0  

 06.01.2011 10:28     C:\Users\****\AppData\Local\Temp\Leitfaden B.A..pdf --------- 1002455  

 06.01.2011 10:27     C:\Users\****\AppData\Local\Temp\Adobe --------- 0  

 06.01.2011 00:20     C:\Users\****\AppData\Local\Temp\OIS --------- 0  

 06.01.2011 00:20     C:\Users\****\AppData\Local\Temp\24805391.od --------- 134  

 06.01.2011 00:20     C:\Users\****\AppData\Local\Temp\CVR7FFF.tmp.cvr --------- 0  

 06.01.2011 00:20     C:\Users\****\AppData\Local\Temp\24804517.manifest --------- 2960  

 06.01.2011 00:20     C:\Users\****\AppData\Local\Temp\24804314.cvr --------- 2184  

 06.01.2011 00:20     C:\Users\****\AppData\Local\Temp\OneNote_MigrationLog.txt --------- 62  

 05.01.2011 14:47     C:\Users\****\AppData\Local\Temp\CVHBootstrapper(2011010513445814D4).log --------- 179  

 05.01.2011 14:46     C:\Users\****\AppData\Local\Temp\mavcperf-setup.log --------- 7618  

 05.01.2011 14:41     C:\Users\****\AppData\Local\Temp\VBE --------- 0  

 05.01.2011 14:40     C:\Users\****\AppData\Local\Temp\SetupExe(2011010513313816E0).log --------- 71109  

 05.01.2011 13:21     C:\Users\****\AppData\Local\Temp\****.bmp --------- 49208  

 05.01.2011 13:17     C:\Users\****\AppData\Local\Temp\plugtmp-4 --------- 0  

 04.01.2011 13:28     C:\Users\****\AppData\Local\Temp\plugtmp-3 --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD9F24.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD9ED4.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD9E26.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD9DE6.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD9DA6.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD9D47.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD9410.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD9288.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD914E.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD90FE.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD908F.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD8F55.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD8ED6.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD8E57.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD8E07.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD8D69.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD8BB3.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD877C.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD8623.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD8537.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD846A.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD82E2.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD8199.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD807E.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD7FB1.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD7727.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD72E1.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD7224.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD71F4.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD70A8.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD70E8.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD6FBB.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD6F8C.tmp --------- 0  

 04.01.2011 11:15     C:\Users\****\AppData\Local\Temp\TCD6DB5.tmp --------- 0  

 04.01.2011 11:14     C:\Users\****\AppData\Local\Temp\VirtualizationBootstrapper(201101041011489EC).log --------- 2950  

 04.01.2011 11:13     C:\Users\****\AppData\Local\Temp\OOBE(20110104100910334).log --------- 5328  

 04.01.2011 11:11     C:\Users\****\AppData\Local\Temp\Commands.xml --------- 4374  

 03.01.2011 18:01     C:\Users\****\AppData\Local\Temp\plugtmp-2 --------- 0  

 02.01.2011 23:58     C:\Users\****\AppData\Local\Temp\java_install.log --------- 28534  

 02.01.2011 23:53     C:\Users\****\AppData\Local\Temp\MSI1a818.LOG --------- 404  

 02.01.2011 22:56     C:\Users\****\AppData\Local\Temp\OOBE(20110102215623D04).log --------- 4572  

 31.12.2010 17:39     C:\Users\****\AppData\Local\Temp\plugtmp-1 --------- 0  

 31.12.2010 09:17     C:\Users\****\AppData\Local\Temp\~DF06B6DF042B3D14A3.TMP --------- 312320  

 31.12.2010 09:17     C:\Users\****\AppData\Local\Temp\CLWEFB.tmp --------- 2996  

 31.12.2010 09:17     C:\Users\****\AppData\Local\Temp\WCEEA.tmp --------- 0  

 31.12.2010 09:17     C:\Users\****\AppData\Local\Temp\~DFE4BEB4EC477E6FD0.TMP --------- 312320  

 31.12.2010 09:17     C:\Users\****\AppData\Local\Temp\~DF37C074751390F0BC.TMP --------- 312320  

 27.12.2010 18:24     C:\Users\****\AppData\Local\Temp\~DF2C87EE2043180D31.TMP --------- 312320  

 27.12.2010 18:24     C:\Users\****\AppData\Local\Temp\~DF636D5A8D78B5C847.TMP --------- 312320  

 27.12.2010 18:23     C:\Users\****\AppData\Local\Temp\~DF4C0F70E0EBED9EBC.TMP --------- 312320  

 27.12.2010 18:23     C:\Users\****\AppData\Local\Temp\~DFECA41C4697338DA0.TMP --------- 312320  

 27.12.2010 18:23     C:\Users\****\AppData\Local\Temp\~DF041ABD285178D6AB.TMP --------- 312320  

 27.12.2010 18:22     C:\Users\****\AppData\Local\Temp\~DF0B4FAFDF30FD411C.TMP --------- 312320  

 27.12.2010 14:25     C:\Users\****\AppData\Local\Temp\tmp67137.WMC --------- 0  

 26.12.2010 20:44     C:\Users\****\AppData\Local\Temp\YouCam --------- 0  

 26.12.2010 20:44     C:\Users\****\AppData\Local\Temp\~DF5954EE925F649A95.TMP --------- 312320  

 26.12.2010 13:13     C:\Users\****\AppData\Local\Temp\msdtadmin --------- 0  

 25.12.2010 11:49     C:\Users\****\AppData\Local\Temp\BTN%Copy%1 --------- 0  

 25.12.2010 00:40     C:\Users\****\AppData\Local\Temp\plugtmp --------- 0  

 24.12.2010 21:30     C:\Users\****\AppData\Local\Temp\SYMEVENT.LOG --------- 2343  

 24.12.2010 21:14     C:\Users\****\AppData\Local\Temp\OOBE(201012242014501620).log --------- 5104  

 24.12.2010 21:12     C:\Users\****\AppData\Local\Temp\{188E16EF-024E-4062-9B2B-485186C6D4BD} --------- 0  

 24.12.2010 20:54     C:\Users\****\AppData\Local\Temp\StructuredQuery.log --------- 3322  

 24.12.2010 20:52     C:\Users\****\AppData\Local\Temp\BingBarInstallerLogs --------- 0  

 24.12.2010 20:52     C:\Users\****\AppData\Local\Temp\MSN9484.tmp --------- 0  

 24.12.2010 20:48     C:\Users\****\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0  

 24.12.2010 20:48     C:\Users\****\AppData\Local\Temp\MUI --------- 0  

 24.12.2010 20:25     C:\Users\****\AppData\Local\Temp\btwinlog.txt --------- 31142  

 24.12.2010 20:17     C:\Users\****\AppData\Local\Temp\_is7DD6 --------- 0  

 25.06.2010 21:11     C:\Users\****\AppData\Local\Temp\MSN9484.exe --------- 467720  

 02.03.2010 17:46     C:\Users\****\AppData\Local\Temp\SysConfig.dat --------- 1350  

 17.11.2009 13:09     C:\Users\****\AppData\Local\Temp\sig.dat --------- 1073  

 17.11.2009 13:09     C:\Users\****\AppData\Local\Temp\vpnclient_jp.mst --------- 51712  

 17.11.2009 13:09     C:\Users\****\AppData\Local\Temp\vpnclient_setup.msi --------- 10529792  

 17.11.2009 13:09     C:\Users\****\AppData\Local\Temp\instmsi.exe --------- 1708856  

 17.11.2009 13:09     C:\Users\****\AppData\Local\Temp\vpnclient_setup.ini --------- 1055  

 17.11.2009 13:09     C:\Users\****\AppData\Local\Temp\vpnclient_fc.mst --------- 51200  

 17.11.2009 13:09     C:\Users\****\AppData\Local\Temp\vpnclient_setup.pdf --------- 640  

 17.11.2009 13:09     C:\Users\****\AppData\Local\Temp\vpnclient_setup.sms --------- 819  

 17.11.2009 13:09     C:\Users\****\AppData\Local\Temp\instmsiw.exe --------- 1822520  

 17.11.2009 13:09     C:\Users\****\AppData\Local\Temp\vpnclient_setup.exe --------- 56832  

 17.11.2009 13:07     C:\Users\****\AppData\Local\Temp\installservice.exe --------- 221315  

 17.11.2009 13:07     C:\Users\****\AppData\Local\Temp\DelayInst.exe --------- 16505  

 26.08.2009 04:42     C:\Users\****\AppData\Local\Temp\DataCard_Setup.exe --------- 143360  

 15.06.2009 11:12     C:\Users\****\AppData\Local\Temp\WZCPlugin_VISTA.exe --------- 127704  

 23.02.2008 23:16     C:\Users\****\AppData\Local\Temp\ResetDevice.exe --------- 7168  

----------------------------------------
 

 

C:\Program Files
 

 05.07.2011 16:29     C:\Program Files\Microsoft Silverlight --------- 4096  

 05.07.2011 06:58     C:\Program Files\Internet Explorer --------- 4096  

 05.07.2011 06:25     C:\Program Files\Mozilla Firefox --------- 40960  

 04.07.2011 18:57     C:\Program Files\Malwarebytes' Anti-Malware --------- 4096  

 02.07.2011 13:51     C:\Program Files\ICQ7.5 --------- 16384  

 03.06.2011 20:32     C:\Program Files\InstallShield Installation Information --------- 0  

 03.06.2011 20:31     C:\Program Files\ICQ7.4 --------- 0  

 20.03.2011 15:57     C:\Program Files\Common Files --------- 4096  

 14.03.2011 14:23     C:\Program Files\Java --------- 0  

 21.02.2011 22:47     C:\Program Files\Mobile Partner --------- 0  

 17.02.2011 14:13     C:\Program Files\gs --------- 0  

 02.02.2011 08:55     C:\Program Files\ICQ7.2 --------- 0  

 21.01.2011 00:17     C:\Program Files\Skype --------- 0  

 19.01.2011 13:22     C:\Program Files\Windows Sidebar --------- 4096  

 19.01.2011 13:22     C:\Program Files\Windows Mail --------- 4096  

 19.01.2011 13:22     C:\Program Files\DVD Maker --------- 4096  

 19.01.2011 13:22     C:\Program Files\Windows Media Player --------- 4096  

 19.01.2011 13:22     C:\Program Files\Windows Photo Viewer --------- 4096  

 19.01.2011 13:22     C:\Program Files\Windows Defender --------- 4096  

 15.01.2011 12:47     C:\Program Files\DivX --------- 0  

 11.01.2011 10:01     C:\Program Files\Adobe --------- 0  

 10.01.2011 16:33     C:\Program Files\RUB --------- 0  

 06.01.2011 11:34     C:\Program Files\Cisco Systems --------- 0  

 06.01.2011 11:15     C:\Program Files\SecureW2 --------- 0  

 06.01.2011 00:24     C:\Program Files\Microsoft Works --------- 0  

 05.01.2011 14:53     C:\Program Files\Microsoft Office --------- 4096  

 05.01.2011 14:37     C:\Program Files\Microsoft.NET --------- 0  

 24.12.2010 21:11     C:\Program Files\Avira --------- 0  

 24.12.2010 20:44     C:\Program Files\CyberLink --------- 0  

 24.12.2010 20:41     C:\Program Files\Windows Live --------- 4096  

 24.12.2010 20:38     C:\Program Files\Microsoft SQL Server Compact Edition --------- 0  

 24.12.2010 20:37     C:\Program Files\Windows Live SkyDrive --------- 0  

 24.12.2010 20:32     C:\Program Files\Game Pack --------- 4096  

 24.12.2010 20:17     C:\Program Files\WIDCOMM --------- 0  

 14.08.2010 10:24     C:\Program Files\Microsoft --------- 0  

 14.08.2010 10:11     C:\Program Files\Samsung --------- 4096  

 14.08.2010 09:18     C:\Program Files\Elantech --------- 4096  

 14.08.2010 09:18     C:\Program Files\Atheros Client Installation Program --------- 0  

 14.08.2010 09:15     C:\Program Files\Broadcom --------- 0  

 14.08.2010 09:14     C:\Program Files\REALTEK PCIE Wireless LAN Software --------- 0  

 14.08.2010 09:12     C:\Program Files\Marvell --------- 0  

 14.08.2010 09:12     C:\Program Files\Temp --------- 0  

 14.08.2010 09:11     C:\Program Files\Realtek --------- 0  

 14.08.2010 09:10     C:\Program Files\Intel --------- 0  

 14.07.2009 06:53     C:\Program Files\Uninstall Information --------- 0  

 14.07.2009 06:52     C:\Program Files\Windows Portable Devices --------- 0  

 14.07.2009 06:52     C:\Program Files\Windows NT --------- 0  

 14.07.2009 06:52     C:\Program Files\Microsoft Games --------- 4096  

 14.07.2009 06:52     C:\Program Files\Reference Assemblies --------- 0  

 14.07.2009 06:52     C:\Program Files\MSBuild --------- 0  

 14.07.2009 06:41     C:\Program Files\desktop.ini --------- 174  

----------------------------------------
 

 

C:\ProgramData\.. 
 

Public    

****    

Administrator    

Default    

Default User    

All Users    

desktop.ini    

----------------------------------------
 

 

C:\windows\system32\drivers\etc\hosts
 
 

----------------------------------------
 

 
 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung

========================= ======== ================ =========== ===============

System Idle Process              0 Services                   0            24 K

System                           4 Services                   0         4.540 K

smss.exe                       296 Services                   0           652 K

csrss.exe                      436 Services                   0         7.060 K

wininit.exe                    500 Services                   0         3.000 K

csrss.exe                      512 Console                    1        10.124 K

winlogon.exe                   556 Console                    1         3.652 K

services.exe                   600 Services                   0         6.072 K

lsass.exe                      616 Services                   0         6.776 K

lsm.exe                        624 Services                   0         2.712 K

svchost.exe                    728 Services                   0         5.812 K

svchost.exe                    816 Services                   0         5.304 K

svchost.exe                    880 Services                   0        13.728 K

svchost.exe                    956 Services                   0        61.060 K

svchost.exe                   1008 Services                   0        32.848 K

TrustedInstaller.exe          1120 Services                   0        13.044 K

svchost.exe                   1140 Services                   0        11.260 K

svchost.exe                   1244 Services                   0        16.916 K

wlanext.exe                   1336 Services                   0         3.276 K

conhost.exe                   1344 Services                   0         1.800 K

svchost.exe                   1404 Services                   0        17.636 K

spoolsv.exe                   1488 Services                   0         8.020 K

svchost.exe                   1560 Services                   0         9.668 K

sched.exe                     1596 Services                   0         1.784 K

avguard.exe                   1780 Services                   0        15.024 K

btwdins.exe                   1808 Services                   0         4.080 K

cvpnd.exe                     1840 Services                   0         4.612 K

avshadow.exe                  1896 Services                   0         2.936 K

conhost.exe                   1904 Services                   0         1.828 K

svchost.exe                   1964 Services                   0         3.452 K

WLIDSVC.EXE                   2008 Services                   0         6.904 K

WLIDSVCM.EXE                  1232 Services                   0         2.068 K

SearchIndexer.exe             2084 Services                   0        53.484 K

svchost.exe                   2296 Services                   0         3.548 K

mscorsvw.exe                  2368 Services                   0         7.716 K

taskhost.exe                  2712 Console                    1         5.320 K

taskeng.exe                   2768 Console                    1         4.444 K

dwm.exe                       2796 Console                    1         3.780 K

explorer.exe                  2840 Console                    1        49.140 K

dmhkcore.exe                  2900 Console                    1         1.300 K

WCScheduler.exe               2908 Console                    1         1.356 K

SSCKbdHk.exe                  2924 Console                    1           892 K

SmartRestarter.exe            2988 Console                    1           804 K

igfxtray.exe                  3184 Console                    1         4.404 K

hkcmd.exe                     3224 Console                    1         4.376 K

igfxpers.exe                  3248 Console                    1         4.288 K

igfxsrvc.exe                  3272 Console                    1         4.684 K

RtHDVCpl.exe                  3284 Console                    1         8.420 K

ETDCtrl.exe                   3316 Console                    1         8.668 K

avgnt.exe                     3472 Console                    1         4.620 K

igfxext.exe                   3524 Console                    1         3.768 K

AdobeARM.exe                  3588 Console                    1         9.456 K

igfxsrvc.exe                  3620 Console                    1         4.244 K

SearchProtocolHost.exe        3664 Services                   0         5.984 K

jusched.exe                   3692 Console                    1         3.532 K

mbamgui.exe                   3804 Console                    1         6.272 K

sidebar.exe                   3844 Console                    1        23.240 K

BTTray.exe                    4032 Console                    1        10.100 K

ONENOTEM.EXE                  2400 Console                    1           824 K

ETDCtrlHelper.exe             1616 Console                    1         5.624 K

wmpnetwk.exe                  2756 Services                   0         2.032 K

BTStackServer.exe             3124 Console                    1        17.588 K

mbamservice.exe               1060 Services                   0        32.896 K

svchost.exe                   2204 Services                   0        31.240 K

EasySpeedUpManager.exe        2256 Console                    1           996 K

firefox.exe                   3208 Console                    1        75.364 K

SearchFilterHost.exe          1820 Services                   0        24.888 K

cmd.exe                       3504 Console                    1         3.164 K

conhost.exe                   3752 Console                    1         5.284 K

dllhost.exe                   3300 Console                    1         4.052 K

tasklist.exe                  1608 Console                    1         4.240 K

WmiPrvSE.exe                  2460 Services                   0         4.916 K
 

 

***** Ende des Scans 05.07.2011 um 16:50:38,81 ***

hier nun noch der 7. Scan:

Code:

Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        13.08.2010                10.0.42.34

Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        02.07.2011        6,00MB        10.3.181.26

Adobe Reader 9.4.4 - Deutsch        Adobe Systems Incorporated        30.04.2011        167,9MB        9.4.4

Alice Greenfingers        Oberon Media        23.12.2010                

Atheros Client Installation Program        Atheros        13.08.2010                1.0.2.1119

Avira AntiVir Personal - Free Antivirus        Avira GmbH        01.07.2011        76,9MB        10.2.0.696

BatteryLifeExtender        Samsung        13.08.2010        31,5MB        1.0.5

Bonbon Quest        Oberon Media        23.12.2010                

Broadcom 802.11 Network Adapter        Broadcom Corporation        14.08.2010                5.60.48.44

Cake Mania        Oberon Media        23.12.2010                

CCleaner        Piriform        04.07.2011                3.08

ChargeableUSB        SAMSUNG        13.08.2010                1.0.0.0

Cisco Systems VPN Client 5.0.06.0160        Cisco Systems, Inc.        16.01.2011        12,3MB        5.0.6

CyberLink YouCam        CyberLink Corp.        23.12.2010        77,6MB        2.0.3911

Daycare Nightmare        Oberon Media        23.12.2010                

Easy Content Share        Samsung Electronics Co., LTD        13.08.2010        12,4MB        1.0.0.13

Easy Display Manager        Samsung Electronics Co., Ltd.        13.08.2010                3.2

Easy Network Manager        Samsung        13.08.2010        34,9MB        4.3.3

Easy Resolution Manager        Samsung        13.08.2010        6,98MB        1.0.9

Easy SpeedUp Manager        Samsung Electronics Co.,Ltd.        13.08.2010                2.1.0.10

EasyBatteryManager        Samsung        13.08.2010                4.0.0.4

EasyFileShare        Samsung        13.08.2010        29,5MB        1.0.2

ETDWare PS/2-x86 7.0.7.0_WHQL        ELAN Microelectronics Corp.        13.08.2010                7.0.7.0

Fast Booting SW        SAMSUNG        13.08.2010                1.8.0.0

Flip Words        Oberon Media        23.12.2010                

Galapago        Oberon Media        23.12.2010                

Game Pack        Oberon Media, Inc.        23.12.2010                6.3.1.1

Gem Shop        Oberon Media        23.12.2010                

GPL Ghostscript 9.00                16.02.2011                

ICQ7.5        ICQ        02.06.2011                7.5

Insaniquarium Deluxe        Oberon Media        23.12.2010                

Intel(R) Graphics Media Accelerator Driver        Intel Corporation        13.08.2010        54,3MB        8.14.10.2108

Intel® Matrix Storage Manager        Intel Corporation        13.08.2010                

Java(TM) 6 Update 24        Oracle        01.01.2011        95,0MB        6.0.240

Mahjong Escape Ancient China        Oberon Media        23.12.2010                

Malwarebytes' Anti-Malware Version 1.51.0.1200        Malwarebytes Corporation        03.07.2011        13,8MB        1.51.0.1200

Marvell Miniport Driver        Marvell        13.08.2010                11.24.27.3

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        25.12.2010        38,8MB        4.0.30319

Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        25.12.2010        2,94MB        4.0.30319

Microsoft Office Home and Student 2007        Microsoft Corporation        05.01.2011                12.0.6425.1000

Microsoft Silverlight        Microsoft Corporation        04.07.2011        120,1MB        4.0.60531.0

Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        23.12.2010        1,72MB        3.1.0000

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        13.08.2010        0,58MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        04.07.2011        0,59MB        9.0.30729.6161

Mozilla Firefox 5.0 (x86 de)        Mozilla        04.07.2011        31,9MB        5.0

Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        13.08.2010                6.0.1.6083

REALTEK PCIE Wireless LAN Software        REALTEK Semiconductor Corp.        13.08.2010                0136.10.0325

RUBICon        RUB        09.01.2011        11,7MB        2.0.24

Samsung Recovery Solution 4        Samsung        13.08.2010                4.0.0.6

Samsung Support Center        Samsung        13.08.2010        45,8MB        1.0.2

Samsung Update Plus        Samsung Electronics Co., Ltd.        13.08.2010                2.0

SecureW2 EAP Suite 2.0.4 for Windows                05.01.2011                

Skype™ 5.1        Skype Technologies S.A.        19.03.2011        22,7MB        5.1.112

Slingo        Oberon Media        23.12.2010                

User Guide                13.08.2010                1.0

WIDCOMM Bluetooth Software        Broadcom Corporation        23.12.2010        118,4MB        6.3.0.4500

Windows Live Essentials        Microsoft Corporation        23.12.2010                14.0.8117.0416

Windows Live ID Sign-in Assistant        Microsoft Corporation        13.08.2010        5,52MB        6.500.3165.0

Windows Live Sync        Microsoft Corporation        23.12.2010        2,79MB        14.0.8117.416

Windows Live-Uploadtool        Microsoft Corporation        23.12.2010        0,22MB        14.0.8014.1029

Nun die Log-Datei nach dem Fix:

Code:

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c2fb66a-1e62-11e0-8640-001bb1d07f6c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c2fb66a-1e62-11e0-8640-001bb1d07f6c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c2fb66a-1e62-11e0-8640-001bb1d07f6c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c2fb66a-1e62-11e0-8640-001bb1d07f6c}\ not found.

File E:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c2fb67b-1e62-11e0-8640-001bb1d07f6c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c2fb67b-1e62-11e0-8640-001bb1d07f6c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c2fb67b-1e62-11e0-8640-001bb1d07f6c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c2fb67b-1e62-11e0-8640-001bb1d07f6c}\ not found.

File E:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c2fb6b0-1e62-11e0-8640-001bb1d07f6c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c2fb6b0-1e62-11e0-8640-001bb1d07f6c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c2fb6b0-1e62-11e0-8640-001bb1d07f6c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c2fb6b0-1e62-11e0-8640-001bb1d07f6c}\ not found.

File E:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c2fb6cb-1e62-11e0-8640-001bb1d07f6c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c2fb6cb-1e62-11e0-8640-001bb1d07f6c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c2fb6cb-1e62-11e0-8640-001bb1d07f6c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c2fb6cb-1e62-11e0-8640-001bb1d07f6c}\ not found.

File E:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf441eab-1e5b-11e0-b900-001bb1d07f6c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf441eab-1e5b-11e0-b900-001bb1d07f6c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf441eab-1e5b-11e0-b900-001bb1d07f6c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf441eab-1e5b-11e0-b900-001bb1d07f6c}\ not found.

File E:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf441eb9-1e5b-11e0-b900-001bb1d07f6c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf441eb9-1e5b-11e0-b900-001bb1d07f6c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf441eb9-1e5b-11e0-b900-001bb1d07f6c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf441eb9-1e5b-11e0-b900-001bb1d07f6c}\ not found.

File E:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.

File E:\AutoRun.exe not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: ****

->Temp folder emptied: 277759953 bytes

->Temporary Internet Files folder emptied: 98589180 bytes

->Java cache emptied: 7591399 bytes

->FireFox cache emptied: 596691498 bytes

->Flash cache emptied: 23810 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 28803910 bytes

RecycleBin emptied: 277389 bytes

 

Total Files Cleaned = 963.00 mb

 

 

OTL by OldTimer - Version 3.2.26.0 log created on 07052011_171000
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

OTL:

Code:

OTL logfile created on: 7/5/2011 5:37:00 PM - Run 2

OTL by OldTimer - Version 3.2.26.0     Folder = C:\Users\****\Desktop

 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1.99 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.82% Memory free

3.98 Gb Paging File | 2.85 Gb Available in Paging File | 71.54% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 85.00 Gb Total Space | 52.16 Gb Free Space | 61.36% Space Free | Partition Type: NTFS

Drive D: | 127.79 Gb Total Space | 127.69 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

 

Computer Name: ****-PC | User Name: **** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011/07/05 06:27:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe

PRC - [2011/07/05 06:25:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011/07/02 13:47:26 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/05/01 21:05:32 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/12/13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/06/08 09:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

PRC - [2010/06/03 04:42:28 | 002,203,136 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\SFB\SmartRestarter.exe

PRC - [2010/05/06 08:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe

PRC - [2010/04/20 07:31:56 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe

PRC - [2010/04/07 20:30:32 | 002,835,744 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

PRC - [2010/04/07 20:30:32 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2010/04/07 20:30:32 | 000,636,192 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

PRC - [2010/03/25 21:44:26 | 001,891,720 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe

PRC - [2010/03/24 06:12:58 | 001,599,880 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe

PRC - [2010/02/10 16:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe

PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

PRC - [2010/01/14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/11/17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2009/09/30 08:59:26 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2011/07/05 06:27:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe

MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

MOD - [2010/02/12 01:14:38 | 000,271,752 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDApix.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011/07/02 13:47:26 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/05/01 21:05:32 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/04/07 20:30:32 | 000,636,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV - [2009/11/17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011/07/02 13:47:28 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/07/02 13:47:28 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/11/12 21:13:48 | 000,015,656 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport)

DRV - [2010/07/08 10:28:46 | 000,322,336 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2010/06/17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/01/07 00:19:00 | 000,057,856 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)

DRV - [2009/11/17 13:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2008/11/16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2007/01/18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..network.proxy.type: 4

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

 

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/05 06:25:03 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 21:15:30 | 000,000,000 | ---D | M]

FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/05 06:25:03 | 000,000,000 | ---D | M]

FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 21:15:30 | 000,000,000 | ---D | M]

 

[2010/12/24 21:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions

[2011/01/15 16:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ijfj9lck.default\extensions

[2011/06/09 21:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/01/02 23:58:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/03/14 14:23:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

File not found (No name found) -- 

[2011/07/05 06:25:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [DivX Download Manager]  File not found

O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011/07/05 17:07:30 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/05 17:01:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2011/07/05 06:27:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe

[2011/07/04 18:57:40 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes

[2011/07/04 18:57:30 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys

[2011/07/04 18:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/04 18:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/07/04 18:57:23 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2011/07/04 18:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/04 17:05:55 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders

[2011/07/02 14:07:29 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll

[2011/07/02 14:07:27 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll

[2011/07/02 14:07:27 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll

[2011/07/02 14:07:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll

[2011/07/02 14:07:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll

[2011/07/02 14:07:26 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll

[2011/07/02 14:07:26 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll

[2011/07/02 14:07:26 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll

[2011/07/02 14:07:25 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec

[2011/07/02 14:07:25 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe

[2011/07/02 14:07:24 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb

[2011/07/02 14:05:58 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll

[2011/07/02 14:05:50 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tquery.dll

[2011/07/02 14:05:50 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssrch.dll

[2011/07/02 14:05:48 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssvp.dll

[2011/07/02 14:05:48 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssph.dll

[2011/07/02 14:05:48 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssphtb.dll

[2011/07/02 14:05:47 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msscntrs.dll

[2011/06/08 22:09:54 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\BA-Prüfung - Linguistik

[2011/06/07 07:49:29 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl

 
 ========== Files - Modified Within 30 Days ==========

 

[2011/07/05 17:37:44 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/05 17:37:44 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/05 17:29:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2011/07/05 17:29:24 | 2136,260,608 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/05 17:01:56 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011/07/05 16:48:00 | 000,030,259 | ---- | M] () -- C:\Users\****\Desktop\hjtscanlist.bat

[2011/07/05 16:29:28 | 000,302,352 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2011/07/05 06:29:12 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2011/07/05 06:29:12 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2011/07/05 06:29:12 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2011/07/05 06:29:12 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2011/07/05 06:27:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe

[2011/07/04 18:57:30 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/04 18:47:22 | 000,089,088 | ---- | M] () -- C:\windows\System32\mbr.exe

[2011/07/04 17:13:48 | 000,302,592 | ---- | M] () -- C:\Users\****\Desktop\gmer.exe

[2011/07/03 13:49:42 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl

[2011/07/02 13:47:28 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys

[2011/07/02 13:47:28 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys

[2011/06/09 21:59:32 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

 
 ========== Files Created - No Company Name ==========

 

[2011/07/05 17:01:56 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011/07/04 18:57:30 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/04 18:47:20 | 000,089,088 | ---- | C] () -- C:\windows\System32\mbr.exe

[2011/06/09 21:59:32 | 000,001,072 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2011/06/09 21:59:32 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/12/27 18:23:02 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/12/24 20:27:44 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2010/08/15 01:36:21 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat

[2010/08/15 01:36:21 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat

[2010/08/15 01:36:21 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat

[2010/08/15 01:36:21 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat

[2010/08/14 09:22:30 | 000,002,018 | ---- | C] () -- C:\windows\HotFixList.ini

[2010/08/14 09:15:18 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll

[2009/11/17 13:08:34 | 000,197,424 | ---- | C] () -- C:\windows\System32\vpnapi.dll

[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2009/07/14 06:33:53 | 000,302,352 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT

[2009/07/14 04:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat

[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat

[2009/07/14 04:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat

[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat

[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT

[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat

[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll

[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

[2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin

[2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin

[2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin

[2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin

[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

 
 ========== LOP Check ==========

 

[2011/07/03 16:14:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ

[2011/01/07 17:48:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\KlebezettelNG

[2011/01/15 11:07:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Local

[2011/01/05 14:45:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SoftGrid Client

[2011/01/04 11:14:05 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TP

[2011/03/10 19:10:17 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

Extras:

Code:

OTL Extras logfile created on: 7/5/2011 5:37:00 PM - Run 2

OTL by OldTimer - Version 3.2.26.0     Folder = C:\Users\****\Desktop

 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1.99 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.82% Memory free

3.98 Gb Paging File | 2.85 Gb Available in Paging File | 71.54% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 85.00 Gb Total Space | 52.16 Gb Free Space | 61.36% Space Free | Partition Type: NTFS

Drive D: | 127.79 Gb Total Space | 127.69 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

 

Computer Name: ****-PC | User Name: **** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4

"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager

"{18AA278D-E0B9-4F99-ACCC-070978A38453}" = Easy Resolution Manager

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24

"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync

"{5A1084A3-79B7-480C-9275-D8AA0CCEFA52}" = RUBICon

"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager

"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender

"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5

"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare

"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software

"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker

"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch

"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger

"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials

"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program

"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack

"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call

"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus

"{DDF38EE7-3A53-4B4C-8924-CFFDF906091A}" = EasyFileShare

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager

"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter

"CCleaner" = CCleaner

"Elantech" = ETDWare PS/2-x86 7.0.7.0_WHQL

"GPL Ghostscript 9.00" = GPL Ghostscript 9.00

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200

"Marvell Miniport Driver" = Marvell Miniport Driver

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)

"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.4 for Windows

"WinLiveSuite_Wave3" = Windows Live Essentials

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 6/2/2011 12:14:57 PM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 11:54:34 AM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung

 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 

"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 11:54:36 AM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 11:55:18 AM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 12:14:17 PM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung

 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 

"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 12:14:18 PM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 12:14:41 PM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 12:16:33 PM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\easy

 display manager\RunGfxUI64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 12:17:22 PM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 12:17:24 PM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

[ System Events ]

Error - 5/3/2011 8:58:30 AM | Computer Name = ****-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   cdrom

 

Error - 5/4/2011 3:10:41 PM | Computer Name = ****-PC | Source = NetBT | ID = 4321

Description = Der Name "****-PC        :0" konnte nicht auf der Schnittstelle mit

 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.103

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 5/4/2011 3:10:50 PM | Computer Name = ****-PC | Source = Server | ID = 2505

Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht

 \Device\NetBT_Tcpip_{7C17894E-AAAD-4E18-A9E6-E5FFDFE25919} vom Serverdienst nicht

 gebunden werden. Der Serverdienst konnte nicht gestartet werden.

 

Error - 5/4/2011 3:10:50 PM | Computer Name = ****-PC | Source = NetBT | ID = 4321

Description = Der Name "****-PC        :20" konnte nicht auf der Schnittstelle mit

 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.103

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 5/4/2011 3:11:13 PM | Computer Name = ****-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   cdrom

 

Error - 5/4/2011 3:12:52 PM | Computer Name = ****-PC | Source = NetBT | ID = 4321

Description = Der Name "****-PC        :0" konnte nicht auf der Schnittstelle mit

 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.103

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 5/5/2011 9:00:53 AM | Computer Name = ****-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   cdrom

 

Error - 5/5/2011 9:23:45 AM | Computer Name = ****-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   cdrom

 

Error - 5/5/2011 10:10:16 AM | Computer Name = ****-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   cdrom

 

Error - 5/5/2011 10:19:24 AM | Computer Name = ****-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst ShellHWDetection erreicht.

 

 

< End of report >

1.
Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

:OTL

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com

FF - prefs.js..browser.startup.homepage: "http://www.web.de/"

FF - prefs.js..network.proxy.type: 4

[2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 

:Commands

[purity]

[emptytemp]

und füge es hier ein: http://image.hijackthis.eu/upload/hjt1-021.jpg
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

3.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch

- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

OTL-Log nach dem Fix:

Code:

All processes killed

========== OTL ==========

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Prefs.js: "hxxp://www.web.de/" removed from browser.startup.homepage

Prefs.js: 4 removed from network.proxy.type

C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: ****

->Temp folder emptied: 150928 bytes

->Temporary Internet Files folder emptied: 37294 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 22164265 bytes

->Flash cache emptied: 645 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 207562 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 22,00 mb

 

 

OTL by OldTimer - Version 3.2.26.0 log created on 07062011_170039
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Hier nun die OTL-Datei nach dem ich den CCleaner-Vorgang durchgeführt habe:

Code:

OTL logfile created on: 7/6/2011 5:12:29 PM - Run 3

OTL by OldTimer - Version 3.2.26.0     Folder = C:\Users\****\Desktop

 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1.99 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.59% Memory free

3.98 Gb Paging File | 2.94 Gb Available in Paging File | 73.77% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 85.00 Gb Total Space | 52.01 Gb Free Space | 61.19% Space Free | Partition Type: NTFS

Drive D: | 127.79 Gb Total Space | 127.69 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

 

Computer Name: ****-PC | User Name: **** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011/07/05 06:27:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe

PRC - [2011/07/05 06:25:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011/07/02 13:47:26 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/05/01 21:05:32 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/12/13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/06/08 09:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

PRC - [2010/06/03 04:42:28 | 002,203,136 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\SFB\SmartRestarter.exe

PRC - [2010/05/06 08:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe

PRC - [2010/04/20 07:31:56 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe

PRC - [2010/04/07 20:30:32 | 002,835,744 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

PRC - [2010/04/07 20:30:32 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2010/04/07 20:30:32 | 000,636,192 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

PRC - [2010/03/25 21:44:26 | 001,891,720 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe

PRC - [2010/03/24 06:12:58 | 001,599,880 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe

PRC - [2010/02/10 16:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe

PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

PRC - [2010/01/14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/11/17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2009/09/30 08:59:26 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2011/07/05 06:27:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe

MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

MOD - [2010/02/12 01:14:38 | 000,271,752 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDApix.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011/07/02 13:47:26 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/05/01 21:05:32 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/04/07 20:30:32 | 000,636,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV - [2009/11/17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011/07/02 13:47:28 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/07/02 13:47:28 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/11/12 21:13:48 | 000,015,656 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport)

DRV - [2010/07/08 10:28:46 | 000,322,336 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2010/06/17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/01/07 00:19:00 | 000,057,856 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)

DRV - [2009/11/17 13:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2008/11/16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2007/01/18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

 

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/05 06:25:03 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 21:15:30 | 000,000,000 | ---D | M]

FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/05 06:25:03 | 000,000,000 | ---D | M]

FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 21:15:30 | 000,000,000 | ---D | M]

 

[2010/12/24 21:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions

[2011/01/15 16:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ijfj9lck.default\extensions

[2011/06/09 21:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/01/02 23:58:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/03/14 14:23:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

File not found (No name found) -- 

[2011/07/05 06:25:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

 

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011/07/05 17:07:30 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/05 17:01:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2011/07/05 06:27:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe

[2011/07/04 18:57:40 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes

[2011/07/04 18:57:30 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys

[2011/07/04 18:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/04 18:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/07/04 18:57:23 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2011/07/04 18:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/04 17:05:55 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders

[2011/07/02 14:07:29 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll

[2011/07/02 14:07:27 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll

[2011/07/02 14:07:27 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll

[2011/07/02 14:07:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll

[2011/07/02 14:07:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll

[2011/07/02 14:07:26 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll

[2011/07/02 14:07:26 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll

[2011/07/02 14:07:26 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll

[2011/07/02 14:07:25 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec

[2011/07/02 14:07:25 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe

[2011/07/02 14:07:24 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb

[2011/07/02 14:05:58 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll

[2011/07/02 14:05:50 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tquery.dll

[2011/07/02 14:05:50 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssrch.dll

[2011/07/02 14:05:48 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssvp.dll

[2011/07/02 14:05:48 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssph.dll

[2011/07/02 14:05:48 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssphtb.dll

[2011/07/02 14:05:47 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msscntrs.dll

[2011/06/08 22:09:54 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\BA-Prüfung - Linguistik

[2011/06/07 07:49:29 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl

 
 ========== Files - Modified Within 30 Days ==========

 

[2011/07/06 17:10:08 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/06 17:10:08 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/06 17:02:23 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2011/07/06 17:02:18 | 2136,260,608 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/05 17:01:56 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011/07/05 16:48:00 | 000,030,259 | ---- | M] () -- C:\Users\****\Desktop\hjtscanlist.bat

[2011/07/05 16:29:28 | 000,302,352 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2011/07/05 06:29:12 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2011/07/05 06:29:12 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2011/07/05 06:29:12 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2011/07/05 06:29:12 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2011/07/05 06:27:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe

[2011/07/04 18:57:30 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/04 18:47:22 | 000,089,088 | ---- | M] () -- C:\windows\System32\mbr.exe

[2011/07/04 17:13:48 | 000,302,592 | ---- | M] () -- C:\Users\****\Desktop\gmer.exe

[2011/07/03 13:49:42 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl

[2011/07/02 13:47:28 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys

[2011/07/02 13:47:28 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys

[2011/06/09 21:59:32 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

 
 ========== Files Created - No Company Name ==========

 

[2011/07/05 17:01:56 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011/07/04 18:57:30 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/04 18:47:20 | 000,089,088 | ---- | C] () -- C:\windows\System32\mbr.exe

[2011/06/09 21:59:32 | 000,001,072 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2011/06/09 21:59:32 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/12/27 18:23:02 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/12/24 20:27:44 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2010/08/15 01:36:21 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat

[2010/08/15 01:36:21 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat

[2010/08/15 01:36:21 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat

[2010/08/15 01:36:21 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat

[2010/08/14 09:22:30 | 000,002,018 | ---- | C] () -- C:\windows\HotFixList.ini

[2010/08/14 09:15:18 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll

[2009/11/17 13:08:34 | 000,197,424 | ---- | C] () -- C:\windows\System32\vpnapi.dll

[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2009/07/14 06:33:53 | 000,302,352 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT

[2009/07/14 04:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat

[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat

[2009/07/14 04:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat

[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat

[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT

[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat

[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll

[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

[2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin

[2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin

[2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin

[2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin

[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

 
 ========== LOP Check ==========

 

[2011/07/03 16:14:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ

[2011/01/07 17:48:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\KlebezettelNG

[2011/01/15 11:07:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Local

[2011/01/05 14:45:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SoftGrid Client

[2011/01/04 11:14:05 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TP

[2011/03/10 19:10:17 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

und Extras:

Code:

OTL Extras logfile created on: 7/6/2011 5:12:29 PM - Run 3

OTL by OldTimer - Version 3.2.26.0     Folder = C:\Users\****\Desktop

 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1.99 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.59% Memory free

3.98 Gb Paging File | 2.94 Gb Available in Paging File | 73.77% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 85.00 Gb Total Space | 52.01 Gb Free Space | 61.19% Space Free | Partition Type: NTFS

Drive D: | 127.79 Gb Total Space | 127.69 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

 

Computer Name: ****-PC | User Name: **** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4

"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager

"{18AA278D-E0B9-4F99-ACCC-070978A38453}" = Easy Resolution Manager

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24

"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync

"{5A1084A3-79B7-480C-9275-D8AA0CCEFA52}" = RUBICon

"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager

"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender

"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5

"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare

"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software

"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker

"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch

"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger

"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials

"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program

"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack

"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call

"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus

"{DDF38EE7-3A53-4B4C-8924-CFFDF906091A}" = EasyFileShare

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager

"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter

"CCleaner" = CCleaner

"Elantech" = ETDWare PS/2-x86 7.0.7.0_WHQL

"GPL Ghostscript 9.00" = GPL Ghostscript 9.00

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200

"Marvell Miniport Driver" = Marvell Miniport Driver

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)

"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.4 for Windows

"WinLiveSuite_Wave3" = Windows Live Essentials

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 6/2/2011 12:14:57 PM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 11:54:34 AM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung

 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 

"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 11:54:36 AM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 11:55:18 AM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 12:14:17 PM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung

 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 

"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 12:14:18 PM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 12:14:41 PM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 12:16:33 PM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\easy

 display manager\RunGfxUI64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 12:17:22 PM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 6/5/2011 12:17:24 PM | Computer Name = ****-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

[ System Events ]

Error - 5/4/2011 3:11:13 PM | Computer Name = ****-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   cdrom

 

Error - 5/4/2011 3:12:52 PM | Computer Name = ****-PC | Source = NetBT | ID = 4321

Description = Der Name "****-PC        :0" konnte nicht auf der Schnittstelle mit

 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.103

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 5/5/2011 9:00:53 AM | Computer Name = ****-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   cdrom

 

Error - 5/5/2011 9:23:45 AM | Computer Name = ****-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   cdrom

 

Error - 5/5/2011 10:10:16 AM | Computer Name = ****-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   cdrom

 

Error - 5/5/2011 10:19:24 AM | Computer Name = ****-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst ShellHWDetection erreicht.

 

Error - 5/5/2011 5:30:07 PM | Computer Name = ****-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst ShellHWDetection erreicht.

 

Error - 5/5/2011 5:30:18 PM | Computer Name = ****-PC | Source = Server | ID = 2505

Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht

 \Device\NetBT_Tcpip_{7C17894E-AAAD-4E18-A9E6-E5FFDFE25919} vom Serverdienst nicht

 gebunden werden. Der Serverdienst konnte nicht gestartet werden.

 

Error - 5/5/2011 5:30:18 PM | Computer Name = ****-PC | Source = NetBT | ID = 4321

Description = Der Name "****-PC        :0" konnte nicht auf der Schnittstelle mit

 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.103

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 5/5/2011 5:30:18 PM | Computer Name = ****-PC | Source = NetBT | ID = 4321

Description = Der Name "****-PC        :20" konnte nicht auf der Schnittstelle mit

 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.103

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

 

< End of report >

Hier der Scan mit SUPERAntiSpyware:

Code:

SUPERAntiSpyware Scann-Protokoll

hxxp://www.superantispyware.com
 

Generiert 07/06/2011 bei 06:30 PM
 

Version der Applikation : 4.55.1000
 

Version der Kern-Datenbank : 7377

Version der Spur-Datenbank : 5189
 

Scan Art       : kompletter Scann

Totale Scann-Zeit : 00:56:32
 

Gescannte Speicherelemente  : 693

Erfasste Speicher-Bedrohungen  : 0

Gescannte Register-Elemente  : 8734

Erfasste Register-Bedrohungen  : 0

Gescannte Datei-Elemente     : 23030

Erfasste Datei-Elemente   : 0