Ellerex net Virus

#16 Schritt 5 hat nicht funktioniert weil das Programm mitten im Scan abgestürzt ist.

Schritt 6 :

Code

OTL logfile created on: 13.07.2010 00:34:11 - Run 2
OTL by OldTimer - Version 3.2.9.0     Folder = C:\Users\Christian\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 29,29 Gb Free Space | 20,33% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 143,91 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CHRISTIAN-PC
Current User Name: Christian
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
PRC - C:\Programme\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Orbitdownloader\orbitnet.exe (Orbitdownloader.com)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\SAMSUNG\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (drhard) -- C:\Windows\System32\drivers\drhard.sys (Licensed for Gebhard Software)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.23.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.10 13:00:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.28 10:01:53 | 000,000,000 | ---D | M]
 
[2010.06.15 19:50:19 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2010.07.12 18:42:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\da73w346.default\extensions
[2010.06.17 13:42:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\da73w346.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.19 15:20:07 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\da73w346.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010.06.18 21:59:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\da73w346.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.07.08 12:19:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\da73w346.default\extensions\battlefieldheroespatcher@ea.com
[2010.06.15 20:13:47 | 000,001,819 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\FireFox\Profiles\da73w346.default\searchplugins\bing.xml
[2010.06.11 02:08:24 | 000,000,917 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\FireFox\Profiles\da73w346.default\searchplugins\conduit.xml
[2010.06.15 19:50:10 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Programme\Xfire\Xfire.exe (Xfire Inc.)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.1 217.0.43.193
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.07.13 00:17:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.07.12 22:40:45 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2010.07.12 22:30:41 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.07.12 22:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.07.10 22:30:32 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Spyware Terminator
[2010.07.10 22:30:31 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Terminator
[2010.07.10 22:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2010.07.10 22:23:50 | 000,665,016 | ---- | C] (Crawler Inc.                                                ) -- C:\Users\Christian\Desktop\SpywareTerminator_SFTSetup_2.7.2.125.exe
[2010.07.10 18:48:06 | 000,000,000 | ---D | C] -- C:\Programme\AxBx
[2010.07.10 18:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.07.10 18:44:43 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Simply Super Software
[2010.07.10 18:44:36 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover
[2010.07.10 15:01:05 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2010.07.10 13:53:32 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2010.07.10 13:53:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.10 13:53:19 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.10 13:53:19 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.10 13:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.10 13:52:28 | 005,918,720 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Christian\Desktop\mbam-setup-1.45.exe
[2010.07.10 12:58:08 | 000,000,000 | ---D | C] -- C:\Users\Christian\Neuer Ordner
[2010.07.06 15:36:02 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Games for Windows - LIVE Demos
[2010.07.06 15:34:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.07.06 11:05:54 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Rockstar Games
[2010.07.06 11:04:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010.07.06 11:03:39 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Rockstar Games
[2010.07.06 11:03:33 | 000,000,000 | RH-D | C] -- C:\Users\Christian\AppData\Roaming\SecuROM
[2010.07.06 11:03:32 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010.07.06 01:03:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2010.07.06 01:03:07 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Games for Windows - LIVE
[2010.07.05 14:56:57 | 000,023,600 | ---- | C] (Licensed for Gebhard Software) -- C:\Windows\System32\drivers\drhard.sys
[2010.07.05 14:56:55 | 000,000,000 | ---D | C] -- C:\Programme\Dr. Hardware 2010
[2010.07.05 13:52:34 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\PunkBuster+Problem+FIX%2822%29
[2010.07.02 23:48:00 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Notepad++
[2010.07.02 23:48:00 | 000,000,000 | ---D | C] -- C:\Programme\Notepad++
[2010.07.02 23:40:46 | 000,000,000 | ---D | C] -- C:\Programme\XProfan91
[2010.07.02 23:33:44 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\XLEHRBUCH
[2010.07.02 23:33:20 | 000,000,000 | ---D | C] -- C:\Programme\XLehrbuch
[2010.07.02 23:29:19 | 000,000,000 | ---D | C] -- C:\Programme\Profan2Cpp
[2010.07.01 09:44:36 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\ICQ
[2010.07.01 01:41:19 | 000,000,000 | ---D | C] -- C:\Users\Christian\Battlefield Bad Company 2
[2010.06.30 18:29:01 | 000,000,000 | ---D | C] -- C:\Programme\SpeedFan
[2010.06.30 18:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Mender
[2010.06.30 17:54:27 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\GlarySoft
[2010.06.30 17:44:38 | 000,000,000 | ---D | C] -- C:\Programme\Glary Utilities
[2010.06.30 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\BFBC2
[2010.06.29 23:23:17 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010.06.29 23:23:16 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010.06.29 23:23:16 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010.06.29 23:23:16 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010.06.29 23:23:16 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010.06.29 23:23:16 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010.06.29 23:23:15 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010.06.29 23:23:15 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010.06.29 23:23:15 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010.06.29 23:23:15 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010.06.29 23:23:14 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010.06.29 23:23:14 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010.06.29 23:23:14 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010.06.29 23:23:14 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010.06.29 23:23:14 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010.06.29 23:23:14 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010.06.29 23:23:13 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010.06.29 23:23:13 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010.06.29 23:23:13 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010.06.29 23:23:13 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010.06.29 23:23:13 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010.06.29 23:23:13 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010.06.29 23:23:12 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010.06.29 23:23:12 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010.06.29 23:23:10 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010.06.29 23:23:10 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010.06.29 23:23:10 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010.06.29 23:23:09 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010.06.29 23:23:09 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010.06.29 23:23:09 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010.06.29 23:23:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010.06.29 23:23:09 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010.06.29 23:23:09 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010.06.29 23:23:08 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010.06.29 23:23:08 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2010.06.29 23:23:07 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010.06.29 23:23:07 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010.06.29 23:23:07 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010.06.29 23:23:07 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010.06.29 23:23:07 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2010.06.29 23:23:07 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2010.06.29 23:23:06 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010.06.29 23:23:06 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010.06.29 23:23:06 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010.06.29 23:23:05 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010.06.29 23:23:05 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010.06.29 23:23:05 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010.06.29 23:23:05 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010.06.29 23:23:05 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010.06.29 23:23:05 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010.06.29 23:23:04 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010.06.29 23:23:04 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010.06.29 23:23:04 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010.06.29 23:23:04 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010.06.29 23:23:04 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010.06.29 23:23:04 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010.06.29 23:23:04 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010.06.29 23:23:03 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010.06.29 23:23:03 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2010.06.29 23:23:03 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2010.06.29 23:23:03 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2010.06.29 23:23:02 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2010.06.29 23:23:02 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010.06.29 23:23:01 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010.06.29 23:23:01 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2010.06.29 23:23:01 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2010.06.29 23:23:01 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2010.06.29 23:23:00 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2010.06.29 23:23:00 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2010.06.29 23:22:45 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010.06.29 23:22:45 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2010.06.29 23:22:45 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2010.06.29 23:22:44 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2010.06.29 23:22:44 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2010.06.29 23:22:44 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2010.06.29 23:22:43 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2010.06.29 23:22:43 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2010.06.29 23:22:43 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2010.06.29 20:24:29 | 000,000,000 | ---D | C] -- C:\Programme\Auskalo Interactive
[2010.06.29 20:24:28 | 000,537,294 | ---- | C] (Axialis Software) -- C:\Windows\System32\Kukuxumusu ANTfermin.scr
[2010.06.29 20:24:19 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Axialis
[2010.06.29 13:52:19 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Avira
[2010.06.24 20:35:47 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Steam
[2010.06.24 20:35:43 | 000,000,000 | ---D | C] -- C:\Programme\Steam
[2010.06.24 10:04:22 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.06.24 10:04:22 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.06.24 10:04:17 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.06.24 10:04:16 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010.06.24 10:04:16 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010.06.24 10:03:39 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.06.24 10:03:39 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.06.24 10:03:39 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.06.23 14:21:17 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.06.23 14:21:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.06.22 14:54:25 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\TS3Client
[2010.06.22 14:53:51 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client
[2010.06.22 11:47:02 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\FreeVideoConverter
[2010.06.22 11:33:39 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Converted Videos
[2010.06.22 11:33:38 | 000,000,000 | ---D | C] -- C:\Programme\Red Kawa
[2010.06.21 19:22:42 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\ImTOO
[2010.06.21 19:06:39 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\GrabPro
[2010.06.21 19:06:26 | 000,000,000 | ---D | C] -- C:\Programme\Orbitdownloader
[2010.06.21 19:06:26 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Orbit
[2010.06.21 19:02:12 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\FlashGet
[2010.06.21 19:02:08 | 000,000,000 | ---D | C] -- C:\Programme\FlashGet
[2010.06.21 18:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AppSnap
[2010.06.21 18:51:41 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\PuchisoftDispatcher
[2010.06.21 18:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Appupdater
[2010.06.21 18:51:37 | 000,000,000 | ---D | C] -- C:\Programme\GNU
[2010.06.21 18:51:35 | 000,000,000 | ---D | C] -- C:\Programme\Appupdater
[2010.06.21 18:50:56 | 000,000,000 | ---D | C] -- C:\Programme\AppSnap
[2010.06.21 18:50:36 | 000,000,000 | ---D | C] -- C:\Programme\Puchisoft
[2010.06.19 15:20:09 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.06.19 15:20:08 | 000,000,000 | ---D | C] -- C:\Programme\XfireXO
[2010.06.19 15:19:57 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Xfire
[2010.06.19 15:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2010.06.19 15:19:53 | 000,000,000 | ---D | C] -- C:\Programme\Xfire
[2010.06.18 21:59:47 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.18 21:55:39 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\DVDVideoSoft
[2010.06.18 21:55:33 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.06.18 21:55:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.06.18 16:05:46 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\PunkBuster
[2010.06.16 19:31:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010.06.16 19:30:18 | 000,230,912 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLM9G.DLL
[2010.06.16 15:13:13 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2010.06.16 15:13:13 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2010.06.16 15:13:12 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2010.06.16 15:13:12 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2010.06.16 15:13:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.06.16 15:13:12 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2010.06.16 15:13:12 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2010.06.16 15:13:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2010.06.16 15:13:12 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2010.06.16 15:13:12 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2010.06.16 15:13:11 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2010.06.16 15:13:11 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2010.06.16 15:13:11 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2010.06.16 15:13:11 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2010.06.16 15:13:11 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2010.06.16 15:13:11 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2010.06.16 15:13:11 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2010.06.16 15:13:11 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2010.06.16 15:13:11 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2010.06.16 15:13:11 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2010.06.16 15:13:10 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2010.06.16 15:13:10 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2010.06.16 15:13:10 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2010.06.16 15:13:10 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2010.06.16 15:01:40 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.06.16 14:48:13 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010.06.16 14:48:13 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010.06.16 14:48:12 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010.06.16 14:48:12 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010.06.16 14:48:12 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010.06.16 14:48:11 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010.06.16 14:43:21 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010.06.16 14:43:13 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010.06.16 14:41:14 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.06.16 14:41:12 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010.06.16 14:35:25 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\NOS
[2010.06.16 14:35:25 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Adobe
[2010.06.16 14:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.06.16 14:26:02 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Battlefield Heroes
[2010.06.16 14:15:23 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010.06.16 14:15:21 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010.06.16 14:15:05 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010.06.16 14:11:43 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2010.06.16 14:10:58 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.06.16 14:10:58 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Sync Framework
[2010.06.16 14:10:00 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 8
[2010.06.16 14:08:24 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services
[2010.06.16 14:07:08 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Microsoft Help
[2010.06.16 14:06:52 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010.06.16 14:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.06.16 14:04:01 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010.06.16 14:04:01 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010.06.16 14:04:01 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010.06.16 14:04:01 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010.06.16 14:04:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010.06.16 14:04:01 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010.06.16 14:04:01 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2010.06.16 14:03:58 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.06.16 14:03:51 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010.06.16 14:03:26 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010.06.16 14:03:25 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010.06.16 14:03:25 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010.06.16 14:03:25 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010.06.16 14:03:25 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010.06.16 14:03:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010.06.16 14:03:25 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2010.06.16 14:03:25 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010.06.16 14:03:24 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.06.16 14:02:18 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010.06.16 14:02:18 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010.06.16 14:02:17 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010.06.16 14:02:12 | 001,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.06.16 14:02:07 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2010.06.16 14:01:58 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010.06.16 14:01:57 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010.06.16 14:01:51 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.06.16 14:01:51 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.06.16 14:01:41 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.06.16 14:01:40 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.06.16 14:01:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.06.16 14:01:27 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010.06.16 14:01:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010.06.16 14:01:24 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010.06.16 14:01:17 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010.06.16 14:01:15 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.06.16 14:01:15 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.06.16 14:01:14 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.06.16 14:01:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010.06.16 14:00:57 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2010.06.16 14:00:15 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010.06.16 14:00:10 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.06.16 13:59:54 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.06.16 13:59:52 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.06.16 13:59:46 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010.06.16 13:59:43 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.06.16 13:59:43 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.06.16 13:59:42 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.06.16 13:59:42 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.06.16 13:59:42 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.06.16 13:59:42 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.06.16 13:59:42 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.06.16 13:59:42 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.06.16 13:59:42 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.06.16 13:59:42 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.06.16 13:59:42 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.06.16 13:59:38 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.06.16 13:59:36 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010.06.16 13:59:36 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010.06.16 13:59:25 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010.06.16 13:59:25 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010.06.16 13:59:25 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010.06.16 13:58:38 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2010.06.16 13:58:06 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010.06.16 13:58:05 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2010.06.16 13:58:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010.06.16 13:57:07 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010.06.16 13:57:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010.06.16 13:57:01 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010.06.16 13:56:49 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.06.16 13:56:49 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.06.16 13:56:48 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.06.16 13:56:48 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.06.16 13:56:48 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.06.16 13:56:48 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.06.16 13:56:48 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010.06.16 13:56:48 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.06.16 13:56:48 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.06.16 13:56:11 | 001,695,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010.06.16 13:55:11 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010.06.16 13:55:11 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010.06.16 13:55:04 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2010.06.16 13:55:04 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2010.06.16 13:55:04 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2010.06.16 13:55:03 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010.06.16 13:54:54 | 002,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.06.16 13:54:37 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010.06.16 13:54:37 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010.06.16 13:54:36 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010.06.16 13:54:32 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010.06.16 13:54:32 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.06.16 13:54:32 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.06.16 13:54:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010.06.16 13:54:30 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010.06.16 13:54:20 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010.06.16 13:54:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010.06.16 13:54:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010.06.16 13:54:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010.06.16 13:54:18 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.06.16 13:31:23 | 000,000,000 | ---D | C] -- C:\Programme\EA Games
[2010.06.16 13:31:21 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.06.15 20:11:33 | 000,000,000 | R-SD | C] -- C:\Users\Christian\Documents\My Stationery
[2010.06.15 20:09:18 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2010.06.15 20:08:55 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2010.06.15 20:07:58 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
[2010.06.15 20:07:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.06.15 20:07:30 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive
[2010.06.15 20:07:21 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live
[2010.06.15 20:07:07 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.06.15 20:02:05 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Windows Live
[2010.06.15 19:54:23 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Adobe
[2010.06.15 19:50:13 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Mozilla
[2010.06.15 19:50:09 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2010.06.15 19:49:35 | 000,000,000 | ---D | C] -- C:\Programme\ICQ6Toolbar
[2010.06.15 19:49:32 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Mozilla
[2010.06.15 19:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.06.15 19:49:23 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\ICQ
[2010.06.15 19:49:22 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\AOL
[2010.06.15 19:49:17 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2
[2010.06.15 16:07:54 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.06.15 16:07:53 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.06.15 16:07:53 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.06.15 16:07:53 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.06.15 16:07:53 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.06.15 16:07:52 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.06.15 16:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.06.15 16:03:47 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Macromedia
[2010.06.15 16:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010.06.15 15:57:14 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2010.06.15 15:57:14 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2010.06.15 15:56:40 | 000,223,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010.06.15 15:53:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2010.06.15 15:52:57 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010.06.15 15:52:57 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2010.06.15 15:52:56 | 000,615,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010.06.15 15:52:55 | 000,988,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010.06.15 15:52:55 | 000,927,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010.06.15 15:52:55 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010.06.15 15:52:55 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2010.06.15 15:52:55 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2010.06.15 15:51:06 | 000,000,000 | ---D | C] -- C:\Windows\WinClon
[2010.06.15 15:50:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010.06.15 15:49:34 | 000,013,312 | ---- | C] (SAMSUNG ELECTRONICS CO., LTD.) -- C:\Windows\System32\drivers\KMDFMEMIO.sys
[2010.06.15 15:49:30 | 000,000,000 | ---D | C] -- C:\Programme\SAMSUNG
[2010.06.15 15:48:41 | 000,318,488 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys
[2010.06.15 15:47:58 | 001,034,776 | ---- | C] (Intel Corporation) -- C:\Windows\System32\imsmudlg.exe
[2010.06.15 15:47:58 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\difxapi.dll
[2010.06.15 15:47:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2010.06.15 15:46:23 | 000,293,392 | ---- | C] (Syntek Corporation) -- C:\Windows\VideoView.exe
[2010.06.15 15:46:23 | 000,113,168 | ---- | C] (Syntek America Inc.) -- C:\Windows\StkC112X.exe
[2010.06.15 15:46:23 | 000,100,880 | ---- | C] (Syntek America Inc.) -- C:\Windows\System32\StkCProp.ax
[2010.06.15 15:46:23 | 000,076,304 | ---- | C] (Syntek America Inc.) -- C:\Windows\System32\StkCWIA.dll
[2010.06.15 15:46:23 | 000,055,824 | ---- | C] (Syntek America Inc.) -- C:\Windows\System32\StkSSrv.dll
[2010.06.15 15:46:23 | 000,031,248 | ---- | C] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe
[2010.06.15 15:46:22 | 012,940,048 | ---- | C] (Syntek America Inc.) -- C:\Windows\System32\drivers\StkCPipe.sys
[2010.06.15 15:46:22 | 001,363,088 | ---- | C] (Syntek) -- C:\Windows\System32\drivers\StkCMini.sys
[2010.06.15 15:46:04 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\InstallShield
[2010.06.15 15:45:46 | 000,000,000 | ---D | C] -- C:\Programme\Synaptics
[2010.06.15 15:45:32 | 000,196,608 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynCtrl.dll
[2010.06.15 15:45:32 | 000,193,456 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\drivers\SynTP.sys
[2010.06.15 15:45:32 | 000,163,840 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynCOM.dll
[2010.06.15 15:45:32 | 000,147,456 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynTPAPI.dll
[2010.06.15 15:45:32 | 000,110,592 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynTPCo4.dll
[2010.06.15 15:44:55 | 000,000,000 | ---D | C] -- C:\Users\Christian\Roaming
[2010.06.15 15:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2010.06.15 15:43:50 | 000,000,000 | ---D | C] -- C:\Programme\Cisco
[2010.06.15 15:43:47 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Intel
[2010.06.15 15:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2010.06.15 15:43:25 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.06.15 15:43:03 | 000,298,496 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\yk60x86.sys
[2010.06.15 15:42:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2010.06.15 15:42:15 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010.06.15 15:42:13 | 001,196,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2010.06.15 15:42:12 | 006,111,232 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2010.06.15 15:42:12 | 000,532,480 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2010.06.15 15:42:11 | 002,098,904 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2010.06.15 15:42:10 | 000,971,264 | ---- | C] (Samsung Electronics Co., LTD) -- C:\Windows\System32\EDSPropPageExt.dll
[2010.06.15 15:42:10 | 000,088,064 | ---- | C] (Samsung Electronics Co,. LTD) -- C:\Windows\System32\EDSAPODll.dll
[2010.06.15 15:42:10 | 000,000,000 | -H-D | C] -- C:\Programme\InstallShield Installation Information
[2010.06.15 15:42:10 | 000,000,000 | ---D | C] -- C:\Programme\Realtek
[2010.06.15 15:42:09 | 000,520,192 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010.06.15 15:42:09 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2010.06.15 15:41:29 | 001,079,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpluir.dll
[2010.06.15 15:41:29 | 000,768,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe
[2010.06.15 15:41:29 | 000,420,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl
[2010.06.15 15:41:29 | 000,313,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvexpbar.dll
[2010.06.15 15:40:59 | 000,446,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvudisp.exe
[2010.06.15 15:40:29 | 000,592,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE
[2010.06.15 15:40:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InstallShield
[2010.06.15 15:38:36 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2010.06.15 15:38:36 | 000,000,000 | ---D | C] -- C:\Programme\Intel
[2010.06.15 15:33:22 | 000,000,000 | R--D | C] -- C:\Users\Christian\Searches
[2010.06.15 15:33:14 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Identities
[2010.06.15 15:33:11 | 000,000,000 | R--D | C] -- C:\Users\Christian\Contacts
[2010.06.15 15:33:10 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\VirtualStore
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Vorlagen
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\AppData\Local\Verlauf
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\AppData\Local\Temporary Internet Files
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Startmenü
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\SendTo
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Recent
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Netzwerkumgebung
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Lokale Einstellungen
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Documents\Eigene Videos
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Documents\Eigene Musik
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Eigene Dateien
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Documents\Eigene Bilder
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Druckumgebung
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Cookies
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\AppData\Local\Anwendungsdaten
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Anwendungsdaten
[2010.06.15 15:33:07 | 000,000,000 | --SD | C] -- C:\Users\Christian\AppData\Roaming\Microsoft
[2010.06.15 15:33:07 | 000,000,000 | R--D | C] -- C:\Users\Christian\Videos
[2010.06.15 15:33:07 | 000,000,000 | R--D | C] -- C:\Users\Christian\Saved Games
[2010.06.15 15:33:07 | 000,000,000 | R--D | C] -- C:\Users\Christian\Pictures
[2010.06.15 15:33:07 | 000,000,000 | R--D | C] -- C:\Users\Christian\Music
[2010.06.15 15:33:07 | 000,000,000 | R--D | C] -- C:\Users\Christian\Links
[2010.06.15 15:33:07 | 000,000,000 | R--D | C] -- C:\Users\Christian\Favorites
[2010.06.15 15:33:07 | 000,000,000 | R--D | C] -- C:\Users\Christian\Downloads
[2010.06.15 15:33:07 | 000,000,000 | R--D | C] -- C:\Users\Christian\Documents
[2010.06.15 15:33:07 | 000,000,000 | R--D | C] -- C:\Users\Christian\Desktop
[2010.06.15 15:33:07 | 000,000,000 | -H-D | C] -- C:\Users\Christian\AppData
[2010.06.15 15:33:07 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Temp
[2010.06.15 15:33:07 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Microsoft
[2010.06.15 15:33:07 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Media Center Programs
[2010.06.15 15:18:01 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.06.15 15:17:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2010.06.15 15:02:31 | 000,000,000 | ---D | C] -- C:\Windows.old
[2010.06.15 14:34:59 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010.06.15 14:34:59 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010.06.15 14:34:34 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010.06.15 14:34:34 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010.06.15 14:34:34 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010.06.15 14:34:03 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010.06.15 14:34:03 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010.06.15 14:32:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.06.15 14:32:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.06.15 14:32:53 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.06.15 14:32:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.06.15 14:32:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.06.15 14:32:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.06.15 14:32:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.06.15 14:32:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.06.15 14:32:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.06.15 14:32:20 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2010.06.15 14:26:26 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.06.15 14:18:41 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.07.13 00:35:24 | 001,572,864 | ---- | M] () -- C:\Users\Christian\NTUSER.DAT
[2010.07.13 00:30:11 | 000,293,376 | ---- | M] () -- C:\Users\Christian\Desktop\6dk6k3y6.exe
[2010.07.13 00:29:35 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable
[2010.07.13 00:28:52 | 000,050,477 | ---- | M] () -- C:\Users\Christian\Desktop\Defogger.exe
[2010.07.13 00:26:39 | 000,600,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.13 00:26:38 | 001,458,986 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.13 00:26:38 | 000,633,580 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.13 00:26:38 | 000,128,990 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.13 00:26:38 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.13 00:25:29 | 000,028,219 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.07.13 00:25:16 | 000,028,219 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.07.13 00:25:14 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010.07.13 00:19:48 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.13 00:19:48 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.13 00:19:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.13 00:19:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.13 00:19:35 | 3215,577,088 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.13 00:18:00 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{0596113e-85d1-11df-9e31-001377aa2182}.TMContainer00000000000000000001.regtrans-ms
[2010.07.13 00:18:00 | 000,065,536 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{0596113e-85d1-11df-9e31-001377aa2182}.TM.blf
[2010.07.13 00:05:45 | 002,601,709 | -H-- | M] () -- C:\Users\Christian\AppData\Local\IconCache.db
[2010.07.12 22:40:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2010.07.12 22:30:47 | 000,001,055 | ---- | M] () -- C:\Users\Christian\Desktop\Spybot - Search & Destroy.lnk
[2010.07.12 22:04:58 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.07.12 22:04:41 | 000,215,016 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.07.10 22:30:33 | 000,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010.07.10 22:23:55 | 000,665,016 | ---- | M] (Crawler Inc.                                                ) -- C:\Users\Christian\Desktop\SpywareTerminator_SFTSetup_2.7.2.125.exe
[2010.07.10 14:11:36 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.07.10 14:08:08 | 000,001,682 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
[2010.07.10 13:53:03 | 005,918,720 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Christian\Desktop\mbam-setup-1.45.exe
[2010.07.06 11:03:32 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010.07.05 13:52:32 | 000,139,152 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\PnkBstrK.sys
[2010.07.02 23:48:02 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010.07.02 23:33:41 | 000,000,811 | ---- | M] () -- C:\Users\Christian\Desktop\XProfan-Lehrbuch.lnk
[2010.07.02 23:29:21 | 000,000,772 | ---- | M] () -- C:\Users\Christian\Desktop\Profan2Cpp.lnk
[2010.07.02 23:29:21 | 000,000,060 | ---- | M] () -- C:\Windows\p2cpp.ini
[2010.07.02 14:56:43 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{0596113e-85d1-11df-9e31-001377aa2182}.TMContainer00000000000000000002.regtrans-ms
[2010.07.02 14:44:25 | 001,572,864 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT.gbck
[2010.07.02 14:44:24 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.07.02 14:44:24 | 000,065,536 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.06.30 18:29:01 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2010.06.30 17:44:43 | 000,000,797 | ---- | M] () -- C:\Users\Christian\Desktop\Glary Utilities.lnk
[2010.06.30 17:26:45 | 000,000,215 | ---- | M] () -- C:\Users\Christian\Desktop\Battlefield Bad Company 2.url
[2010.06.29 23:23:29 | 002,434,856 | ---- | M] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.06.29 20:24:28 | 000,537,294 | ---- | M] (Axialis Software) -- C:\Windows\System32\Kukuxumusu ANTfermin.scr
[2010.06.24 20:42:43 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.06.22 14:53:52 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.06.22 13:43:06 | 000,000,310 | ---- | M] () -- C:\Users\Christian\Desktop\ramplus.bat
[2010.06.21 19:22:54 | 000,004,608 | ---- | M] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.21 19:06:28 | 000,000,848 | ---- | M] () -- C:\Users\Christian\Desktop\Orbit.lnk
[2010.06.19 15:19:55 | 000,000,796 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2010.06.19 15:19:55 | 000,000,760 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2010.06.18 21:55:40 | 000,001,032 | ---- | M] () -- C:\Users\Christian\Desktop\DVDVideoSoft Free Studio.lnk
[2010.06.17 20:13:40 | 000,132,675 | ---- | M] () -- C:\Users\Christian\Documents\Praktikumsmappe.docx
[2010.06.16 19:25:39 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010.06.16 17:16:47 | 000,100,824 | ---- | M] () -- C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.16 17:15:03 | 000,370,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.16 14:25:17 | 002,427,248 | ---- | M] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.06.16 14:09:16 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010.06.15 19:50:12 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.06.15 16:07:59 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.06.15 15:59:47 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.06.15 15:57:34 | 000,000,684 | ---- | M] () -- C:\Windows\HotFixList.ini
[2010.06.15 15:51:15 | 000,000,733 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Recovery Solution III.lnk
[2010.06.15 15:49:48 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_KMDFMEMIO_01000.Wdf
[2010.06.15 15:45:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010.06.15 15:42:16 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010.06.15 15:42:09 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2010.06.15 15:35:46 | 000,000,680 | ---- | M] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
[2010.06.15 15:33:08 | 000,000,020 | -HS- | M] () -- C:\Users\Christian\ntuser.ini
[2010.06.15 15:17:49 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010.06.15 14:27:45 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.07.13 00:30:10 | 000,293,376 | ---- | C] () -- C:\Users\Christian\Desktop\6dk6k3y6.exe
[2010.07.13 00:29:35 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable
[2010.07.13 00:28:51 | 000,050,477 | ---- | C] () -- C:\Users\Christian\Desktop\Defogger.exe
[2010.07.12 22:30:47 | 000,001,055 | ---- | C] () -- C:\Users\Christian\Desktop\Spybot - Search & Destroy.lnk
[2010.07.10 22:30:33 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010.07.10 14:11:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.07.09 21:46:32 | 000,001,682 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
[2010.07.05 14:56:57 | 000,020,651 | ---- | C] () -- C:\Windows\System32\drivers\DRHARD.VXD
[2010.07.02 23:48:02 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010.07.02 23:33:41 | 000,000,811 | ---- | C] () -- C:\Users\Christian\Desktop\XProfan-Lehrbuch.lnk
[2010.07.02 23:29:21 | 000,000,772 | ---- | C] () -- C:\Users\Christian\Desktop\Profan2Cpp.lnk
[2010.07.02 23:29:21 | 000,000,060 | ---- | C] () -- C:\Windows\p2cpp.ini
[2010.07.02 14:45:11 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\NTUSER.DAT{0596113e-85d1-11df-9e31-001377aa2182}.TMContainer00000000000000000002.regtrans-ms
[2010.07.02 14:45:11 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\NTUSER.DAT{0596113e-85d1-11df-9e31-001377aa2182}.TMContainer00000000000000000001.regtrans-ms
[2010.07.02 14:45:10 | 000,065,536 | -HS- | C] () -- C:\Users\Christian\NTUSER.DAT{0596113e-85d1-11df-9e31-001377aa2182}.TM.blf
[2010.06.30 18:29:00 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2010.06.30 17:44:45 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2010.06.30 17:44:43 | 000,000,797 | ---- | C] () -- C:\Users\Christian\Desktop\Glary Utilities.lnk
[2010.06.30 17:26:45 | 000,000,215 | ---- | C] () -- C:\Users\Christian\Desktop\Battlefield Bad Company 2.url
[2010.06.29 23:23:29 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.06.24 20:35:45 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.06.22 14:53:52 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.06.22 13:43:05 | 000,000,310 | ---- | C] () -- C:\Users\Christian\Desktop\ramplus.bat
[2010.06.21 19:22:53 | 000,004,608 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.21 19:06:28 | 000,000,848 | ---- | C] () -- C:\Users\Christian\Desktop\Orbit.lnk
[2010.06.19 15:19:55 | 000,000,796 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2010.06.19 15:19:55 | 000,000,760 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2010.06.18 21:55:40 | 000,001,032 | ---- | C] () -- C:\Users\Christian\Desktop\DVDVideoSoft Free Studio.lnk
[2010.06.18 16:06:14 | 000,215,016 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.06.16 19:25:39 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010.06.16 15:13:13 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.06.16 15:13:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.06.16 15:13:11 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2010.06.16 14:25:34 | 000,139,152 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\PnkBstrK.sys
[2010.06.16 14:25:34 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.06.16 14:25:19 | 000,215,016 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.06.16 14:25:18 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.06.16 14:25:17 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.06.16 14:02:18 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010.06.15 19:50:12 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.06.15 16:07:59 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.06.15 16:02:45 | 000,028,219 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.06.15 16:02:42 | 000,028,219 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.06.15 15:52:19 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
[2010.06.15 15:51:28 | 000,009,550 | ---- | C] () -- C:\Windows\System32\SetAutoFailover.cmd
[2010.06.15 15:51:28 | 000,000,151 | ---- | C] () -- C:\Windows\System32\SamsungSetAutoFailover.cmd
[2010.06.15 15:51:15 | 000,000,733 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Recovery Solution III.lnk
[2010.06.15 15:50:24 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2010.06.15 15:50:24 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2010.06.15 15:49:48 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_KMDFMEMIO_01000.Wdf
[2010.06.15 15:46:23 | 000,197,648 | ---- | C] () -- C:\Windows\System32\drivers\StkCSF.sys
[2010.06.15 15:46:23 | 000,080,400 | ---- | C] () -- C:\Windows\StkUnist.exe
[2010.06.15 15:45:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010.06.15 15:45:32 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2010.06.15 15:42:46 | 000,000,553 | R--- | C] () -- C:\Windows\USetup.iss
[2010.06.15 15:40:58 | 000,008,429 | ---- | C] () -- C:\Windows\System32\nvdisp.nvu
[2010.06.15 15:33:08 | 000,000,680 | ---- | C] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
[2010.06.15 15:33:08 | 000,000,020 | -HS- | C] () -- C:\Users\Christian\ntuser.ini
[2010.06.15 15:33:07 | 001,572,864 | -HS- | C] () -- C:\Users\Christian\NTUSER.DAT.gbck
[2010.06.15 15:33:07 | 001,572,864 | ---- | C] () -- C:\Users\Christian\NTUSER.DAT
[2010.06.15 15:33:07 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.06.15 15:33:07 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.06.15 15:33:07 | 000,262,144 | -H-- | C] () -- C:\Users\Christian\ntuser.dat.LOG1
[2010.06.15 15:33:07 | 000,065,536 | -HS- | C] () -- C:\Users\Christian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.06.15 15:33:07 | 000,000,000 | -H-- | C] () -- C:\Users\Christian\ntuser.dat.LOG2
[2010.06.15 14:31:09 | 3215,577,088 | -HS- | C] () -- C:\hiberfil.sys
[2010.05.28 02:04:46 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.06.18 21:59:48 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.21 19:02:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FlashGet
[2010.06.22 11:47:08 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FreeVideoConverter
[2010.06.30 17:54:27 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\GlarySoft
[2010.07.09 21:27:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\GrabPro
[2010.07.13 00:25:45 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ICQ
[2010.06.21 19:22:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ImTOO
[2010.07.02 23:49:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Notepad++
[2010.07.13 00:25:28 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Orbit
[2010.06.21 18:51:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PuchisoftDispatcher
[2010.07.10 22:31:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Spyware Terminator
[2010.06.22 14:58:06 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TS3Client
[2010.07.02 23:34:29 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\XLEHRBUCH
[2010.07.13 00:25:14 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010.07.13 00:17:55 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
< End of report >

Code

OTL Extras logfile created on: 13.07.2010 00:34:11 - Run 2
OTL by OldTimer - Version 3.2.9.0     Folder = C:\Users\Christian\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 29,29 Gb Free Space | 20,33% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 143,91 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CHRISTIAN-PC
Current User Name: Christian
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8A8BDB-E0D4-41A5-8E9B-A8337DF6564C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28543677-6928-4BF1-948A-C2E1A4190EED}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{34365105-5AB5-4AF6-8DED-8EEAF95B7DE7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{34A4C411-BE11-406E-8C3D-5B3819539B27}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{3608F2DB-A4A2-4BAF-8D13-5C5729E46F1A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{3A3462A5-FD44-452A-A00A-388D82B42141}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"{3D4EA5B9-434A-46B4-B4FF-16B0079A1ADE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{3F87B529-69C8-4353-9CE6-221627B66B00}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{4A5ECFEC-AB56-476B-BCAC-D61CC6620E0B}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{4D13AE73-5A0E-4316-86CA-7270A05EC240}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{5D31DE87-B9E2-4BD7-8CD2-9C80B36704DC}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{63B2AAE2-25E2-418E-92EE-142FB3F2FA78}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{7476A63C-F88E-442D-B6BD-23D84ECECB46}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{78930B2D-4BA6-42E5-A667-FE4BC5EA059F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{A8E4A7A5-6931-409D-BF96-CD6D606DE3D2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{B3B0E515-2453-4017-891A-6A546FE4D611}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{B3BE73B1-624E-4859-9B35-AFAC0FDDE207}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | 
"{B754CC8B-850F-41C7-8282-66A6B521D499}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | 
"{C735D2A5-B68F-44CA-9D93-2153EDB41B46}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"{D976037C-62B7-498D-9E8F-06AC7FABA32E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{DC12DCCB-5E06-4627-BAF3-E87B5854894E}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{DDD4DAC5-0081-4CD2-ACF8-E7FBDCA58796}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{DFA766F7-65CB-48C5-80CB-2065E8901738}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{EE309638-9DD6-492B-9245-6944FE2E260B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{F2950E9C-67C1-4BAB-B7A3-D7A2CC4C36F4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{FC26E6D4-3356-4AFB-9EDC-658079E07DDB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"TCP Query User{20195466-531F-4AFE-888E-8408BF6BE6A2}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{2597A4EA-DEAB-456B-B775-304D807FBC67}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{4959CF94-DAF4-4035-B42A-57295E1B6A46}C:\program files\steam\steamapps\kek5c2\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\kek5c2\team fortress 2\hl2.exe | 
"TCP Query User{4ACEF9BE-A95F-4539-87A6-3DA5A68F9E20}C:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{56742EFD-8282-4E56-91C8-7C8C183D5EDF}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe | 
"TCP Query User{6428B7C7-AC79-467B-9F06-13E73F010973}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{6E8E5B7D-5D5C-4B7C-8D83-56EAE67307FF}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{6F4CCF1C-5607-44B8-A085-FD37E84C9775}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"TCP Query User{9DCBE52D-B95E-4313-A6C2-A19409F0E4BD}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{BEF02007-D99B-44A8-8FB6-FA59DF5E3EC7}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{EFAF39E6-640C-42C0-8B9F-8B7AFF1160F6}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"UDP Query User{23FD7059-8B58-4226-B551-02BCC1B131E2}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{2BD60B68-843F-4BDF-85F2-3627CC34C8BC}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{35204D69-1CEC-44C4-9E2A-A4687DA7DC6D}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{4CEBC7B0-F385-48D8-BA85-57D29D345450}C:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{4F6A5534-876F-4EE0-9D9E-0FF0B65B14E8}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{679A49DB-E881-4332-8104-F28F43BB84EC}C:\program files\steam\steamapps\kek5c2\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\kek5c2\team fortress 2\hl2.exe | 
"UDP Query User{9B94F2EC-3350-496A-A1BD-39D910F06CBF}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe | 
"UDP Query User{A4961E00-0BDC-4994-9950-31375DF30F67}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{C244BFE9-25CC-43FB-B63F-942FCF461CF7}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"UDP Query User{D1BC21A4-DD55-4EFD-864F-948D517594EC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{F03F5C3C-B74D-41B7-801B-6805600FAFEC}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Dr. Hardware 2010_is1" = Dr. Hardware 2010 10.2d
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"Glary Utilities_is1" = Glary Utilities 2.26.0.956
"GnuPG" = GNU Privacy Guard
"HijackThis" = HijackThis 2.0.2
"Kukuxumusu ANTfermin Screensaver" = Kukuxumusu ANTfermin Screensaver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Multi Virus Cleaner 2009_is1" = Multi Virus Cleaner 2009
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Orbit_is1" = Orbit Downloader
"Profan2Cpp (Testversion)_is1" = Profan2Cpp (Testversion) 2.0b
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spyware Terminator_is1" = Spyware Terminator
"Steam App 12210" = Grand Theft Auto IV
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 440" = Team Fortress 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
"XProfan 9.1 - Testversion" = XProfan 9.1 - Testversion
"XProfan-Lehrbuch_is1" = XProfan-Lehrbuch
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 12.07.2010 06:02:24 | Computer Name = Christian-PC | Source = VSS | ID = 8194
Description = 
 
Error - 12.07.2010 12:31:05 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.07.2010 12:34:13 | Computer Name = Christian-PC | Source = VSS | ID = 8194
Description = 
 
Error - 12.07.2010 15:37:38 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.07.2010 15:40:25 | Computer Name = Christian-PC | Source = VSS | ID = 8194
Description = 
 
Error - 12.07.2010 17:14:55 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.07.2010 17:17:46 | Computer Name = Christian-PC | Source = VSS | ID = 8194
Description = 
 
Error - 12.07.2010 18:06:58 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.07.2010 18:09:07 | Computer Name = Christian-PC | Source = VSS | ID = 8194
Description = 
 
Error - 12.07.2010 18:19:57 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 12.07.2010 05:57:42 | Computer Name = Christian-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 12.07.2010 05:58:04 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.07.2010 12:30:52 | Computer Name = Christian-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 12.07.2010 12:31:06 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.07.2010 15:37:27 | Computer Name = Christian-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 12.07.2010 15:37:39 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.07.2010 15:43:05 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 12.07.2010 17:14:41 | Computer Name = Christian-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 12.07.2010 17:14:53 | Computer Name = Christian-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 12.07.2010 17:14:55 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

#17 Schritt 7:

Code

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll win32k.sys 
kernel: MBR read successfully
user & kernel MBR OK 

#18 Schritt 1

Rootkitscan mit RootRepeal
• Gehe hierhin, scrolle runter und downloade RootRepeal.zip.
• Entpacke die Datei auf Deinen Desktop.
• Doppelklicke die RootRepeal.exe, um den Scanner zu starten.
• Klicke auf den Reiter Report und dann auf den Button Scan.
• Mache einen Haken bei den folgenden Elementen und klicke Ok.
.
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Shadow SSDT
.
• Im Anschluss wirst Du gefragt, welche Laufwerke gescannt werden sollen.
• Wähle C:\ und klicke wieder Ok.
• Der Suchlauf beginnt automatisch, es wird eine Weile dauern, bitte Geduld.
• Wenn der Suchlauf beendet ist, klicke auf Save Report.
• Speichere das Logfile als RootRepeal.txt auf dem Desktop.
• Kopiere den Inhalt hier in den Thread.

Schritt 2

Wirst Du noch umgeleitet?

#19 Es hat geklappt!
Der Virus ist weg und mein computer läuft sogar noch schneller.

Danke

#20 Denoch mach bitte noch Schritt 1 von oben.