Home » Viren, Trojaner & Malware Forum » "System Check" Virus » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2

Antworten

"System Check" Virus

15.02.2012, 15:12

kontor

Member

Beiträge: 50

#1 Hallo!

Habe mir diesen "System Check" Virus eingefangen. (Symptome: schwarzer Desktophintergrund, sämtliche Symbole am Desktop und in der Startleiste verschwunden, PC deutlich langsamer)
Habe daraufhin etwas in Google gestöbert und bin auf "Trojan-Killer" bzw. "Spyware Doctor" gestoßen, welche auch fündig wurden. Allerdings muss man sich zum Entfernen des Virus und der betroffenen Dateien kostenpflichtig registrieren was ich nicht wollte, da ich mir sicher bin, dass es hierfür auch eine kostenlose Lösung gibt. Habe daraufhin auch Malwarebytes drüberlaufen lassen mit einigen Funden, welche entfernt wurden. Bin mir jetzt aber nicht sicher, ob ich tatsächlich den Virus los bin oder nicht.

Habe immer noch einen schwarzen Desktophintergrund und es fehlen auf dem Desktop immer noch sämtliche Symbole der versch. Programme

Kann mir jemand weiterhelfen ?

Lg

15.02.2012, 15:27

sim0n86

...neu hier

Beiträge: 7

#2 Irgendwie hört sich das mit "Trojan-Killer" und "Spyware Doctor" nach scareware an. Spyware Doctor sollte aber OK sein.

Malwarebytes ist genau das richtige!

Wenn du mit Malwarebytes drüber gescannt hast, mach mal einen Hjt scan --> http://virus-protect.org/hjtkurz.html

15.02.2012, 15:33

kontor

Member

Themenstarter

Beiträge: 50

#3 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33:26, on 15.02.2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Pro\DTAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Mario\AppData\Local\Temp\Rar$EX02.044\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: RadarSync2 Toolbar - {6edc3889-b841-4127-a2bf-c5fc48f972c7} - C:\Program Files\RadarSync2\tbRada.dll
R3 - URLSearchHook: PC Tools Browser Defender - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: RadarSync2 Toolbar - {6edc3889-b841-4127-a2bf-c5fc48f972c7} - C:\Program Files\RadarSync2\tbRada.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: RadarSync2 Toolbar - {6edc3889-b841-4127-a2bf-c5fc48f972c7} - C:\Program Files\RadarSync2\tbRada.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: PC Tools Browser Defender - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\tb_eula\EULALauncher.NET.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Driver Updater] C:\Program Files\Carambis\Driver Updater\dupdater.exe /minimized
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mario\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 9816 bytes

15.02.2012, 15:52

sim0n86

...neu hier

Beiträge: 7

#4 hm... enferne bitte "C:\Program Files\pdfforge Toolbar\SearchSettings.exe"
(wird als kritisch eingestuft, adware)

- vorher den task im task-manager killen.
- in der systemsteuerung (programme & funktionen) danach suchen und deinstalieren.
- danach manuell löschen. (den ordner "pdfforge Toolbar" beseitigen).

lt. dem log sollte sonnst alles ok sein.

mach nach der eliminierung der pdfforge toolbar noch mal ein update mit avira und scanne nochmals.

15.02.2012, 17:12

Swisstreasure

Moderator

Beiträge: 5694

#5 Hallo SimOn86

Das posten in diesen Forenbereichen ist für einen Laien sehr gefährlich. Es Bedarf grosse Kenntnis in der Malwarebereinigung. Bist Du auf igrendwelchen Foren tätig welche ausweisen, dass Du auf dem Gebiet eine Ahnung hast? Bitte sende mir dazu die Links per PN. Es ist nicht gegen Dich, aber wenn Du hier bereinigst und etwas in die Hosen geht dann ist das Forum dadurch auch geschädigt.

@ KONTOR

Schritt 1

Abgesicherter Modus zur Bereinigung

• Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
• Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

Schritt 2

Rkill anwenden

• Download rkill.com auf den Desktop Desktop.
• Starte per Doppelklick rkill.com und führe das Programm aus (kann etwas dauern)…
• Am Ende wird das schwarze Fenster von rkill.com automatisch geschlossen.
• Wenn eine Meldung von Deiner Sicherheitslösung kommt rkill.com sei Malware, erlaube rkill.com als „Ausnahme“.
• Bitte poste mir das Logfile.

Schritt 3

• Dowloade Dir bitte TDSS Killer.zip und speichere es am Desktop.
• Extrahiere den Inhalt der Datei auf deinem Desktop.
Gehe sicher das die TDSSKiller.exe am Desktop ist. Nicht in einem Ordner.
• Schließe alle laufenden Programme.
• Trenne dich von Internet.
• Deaktiviere deine AntiViren Software.

• Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Drücke auf Start scan.
• Sollte die Meldung "Hidden service detected" schreiben keinesfalls irgendetwas hinein..Drücke nur ENTER !!!
• Wenn das Tool fertig ist, poppt ein Fenster mit den Funden auf.
Dieses bitte einfach schließen.
• Nun auf Report klicken.
• Bitte poste mir den Inhalt hier in deinen Thread.
(auch zu finden unter C:\TDSSKiller<time_date>.txt)

Schritt 4

Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.

Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

15.02.2012, 19:16

kontor

Member

Themenstarter

Beiträge: 50

Zitat

Schritt 2

Rkill anwenden

• Download rkill.com auf den Desktop Desktop.
• Starte per Doppelklick rkill.com und führe das Programm aus (kann etwas dauern)…
• Am Ende wird das schwarze Fenster von rkill.com automatisch geschlossen.
• Wenn eine Meldung von Deiner Sicherheitslösung kommt rkill.com sei Malware, erlaube rkill.com als „Ausnahme“.
• Bitte poste mir das Logfile.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 15.02.2012 at 19:03:37.
Operating System: Windows Vista (TM) Home Premium

Processes terminated by Rkill or while it was running:

Rkill completed on 15.02.2012 at 19:03:39.

Zitat

Schritt 3

• Dowloade Dir bitte TDSS Killer.zip und speichere es am Desktop.
• Extrahiere den Inhalt der Datei auf deinem Desktop.
Gehe sicher das die TDSSKiller.exe am Desktop ist. Nicht in einem Ordner.
• Schließe alle laufenden Programme.
• Trenne dich von Internet.
• Deaktiviere deine AntiViren Software.

• Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Drücke auf Start scan.
• Sollte die Meldung "Hidden service detected" schreiben keinesfalls irgendetwas hinein..Drücke nur ENTER !!!
• Wenn das Tool fertig ist, poppt ein Fenster mit den Funden auf.
Dieses bitte einfach schließen.
• Nun auf Report klicken.
• Bitte poste mir den Inhalt hier in deinen Thread.
(auch zu finden unter C:\TDSSKiller<time_date>.txt)

siehe Anhang

Anhang: TDSSKiller.2.7.12.0_15.02.2012_19.10.35_log.txt

15.02.2012, 19:57

Swisstreasure

Moderator

Beiträge: 5694

#7 Und unhide ausgeführt? Die Sachen wieder vorhanden?

15.02.2012, 20:08

kontor

Member

Themenstarter

Beiträge: 50

Zitat

Swisstreasure postete
Und unhide ausgeführt? Die Sachen wieder vorhanden?

Ja gerade ausgeführt und wieder alles da!

Vielen Dank!

15.02.2012, 20:10

Swisstreasure

Moderator

Beiträge: 5694

#9 Noch Probleme?

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die

Textbox.

Code

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

15.02.2012, 21:33

kontor

Member

Themenstarter

Beiträge: 50

#10 Extra.txt ----->

PS: Habe jz eigentlich auf dem 1. Blick keine Probleme mehr!

Anhang: Extras.Txt

15.02.2012, 21:34

kontor

Member

Themenstarter

Beiträge: 50

#11 OTL logfile created on: 15.02.2012 21:03:11 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mario\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 63,47% Memory free
4,23 Gb Paging File | 3,16 Gb Available in Paging File | 74,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,21 Gb Total Space | 10,70 Gb Free Space | 11,60% Space Free | Partition Type: NTFS
Drive D: | 45,12 Gb Total Space | 31,23 Gb Free Space | 69,22% Space Free | Partition Type: NTFS

Computer Name: MARIO-PC | User Name: Mario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012.02.15 20:58:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mario\Desktop\OTL.exe
PRC - [2011.08.17 08:29:20 | 004,527,424 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Pro\DTAgent.exe
PRC - [2011.07.28 21:10:35 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.30 17:37:09 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.17 12:41:07 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.01 17:37:06 | 000,037,888 | ---- | M] () -- C:\Programme\Winamp\winampa.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.18 23:33:32 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.04.10 15:01:32 | 004,431,872 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.02.12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.12.08 09:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006.11.22 17:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011.06.21 09:27:57 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011.06.21 09:27:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011.06.20 12:46:42 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011.06.20 12:45:17 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.06.20 12:44:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.06.20 12:39:36 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.06.20 12:37:56 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010.11.08 16:15:40 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2009.08.16 16:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.07.01 17:37:06 | 000,037,888 | ---- | M] () -- C:\Programme\Winamp\winampa.exe
MOD - [2008.07.27 19:03:15 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2008.07.27 19:03:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2008.07.27 19:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.08.31 15:13:26 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2657.36882__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2007.08.31 15:13:26 | 000,233,472 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2657.36859__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2007.08.31 15:13:26 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2657.36889__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2007.08.31 15:13:26 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2657.37006__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2007.08.31 15:13:26 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2657.37000__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2007.08.31 15:13:26 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2657.36975__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2007.08.31 15:13:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2657.36878__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2007.08.31 15:13:26 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2657.36888__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2007.08.31 15:13:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2657.36869__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2007.08.31 15:13:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2657.36937__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2007.08.31 15:13:25 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2657.37024__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2007.08.31 15:13:13 | 000,327,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2657.36982__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2007.08.31 15:13:13 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2657.37021__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2007.08.31 15:13:13 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2657.37027__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2007.08.31 15:13:13 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2657.36985__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2007.08.31 15:13:13 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2657.36867__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2007.08.31 15:13:13 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2657.36981__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2007.08.31 15:13:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2657.37020__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2007.08.31 15:13:12 | 000,913,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2657.37003__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2007.08.31 15:13:12 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2657.36945__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2007.08.31 15:13:12 | 000,577,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2657.36895__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2007.08.31 15:13:12 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2657.36939__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2007.08.31 15:13:12 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2657.36871__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2007.08.31 15:13:12 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2657.36992__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2007.08.31 15:13:12 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2657.36969__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2007.08.31 15:13:12 | 000,319,488 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2657.36935__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2007.08.31 15:13:12 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2657.36899__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2007.08.31 15:13:12 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2657.36892__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2007.08.31 15:13:12 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2657.36959__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2007.08.31 15:13:12 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2657.36938__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2007.08.31 15:13:12 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2657.36942__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2007.08.31 15:13:12 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2657.36898__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2007.08.31 15:13:12 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2657.36942__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2007.08.31 15:13:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2657.36958__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2007.08.31 15:13:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2657.36968__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2007.08.31 15:13:11 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2636.18430__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2007.08.31 15:13:11 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2636.18438__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2007.08.31 15:13:11 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2636.18451__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2007.08.31 15:13:11 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2007.08.31 15:13:11 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2636.18459__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2007.08.31 15:13:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2636.18428__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2007.08.31 15:13:11 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2636.18485__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2007.08.31 15:13:11 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2636.18430__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2007.08.31 15:13:11 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2636.18459__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2007.08.31 15:13:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2636.18442__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2007.08.31 15:13:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2636.18438__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2007.08.31 15:13:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2636.18437__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2007.08.31 15:13:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2636.18435__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2007.08.31 15:13:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2636.18437__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2007.08.31 15:13:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2636.18438__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2007.08.31 15:13:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2636.18443__90ba9c70f846762e\DEM.OS.dll
MOD - [2007.08.31 15:13:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2636.18441__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2007.08.31 15:13:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2007.08.31 15:13:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2636.18437__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2007.08.31 15:13:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2636.18442__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2007.08.31 15:13:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2636.18441__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2007.08.31 15:13:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2636.18458__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2007.08.31 15:13:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2636.18458__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2007.08.31 15:13:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2636.18438__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2007.08.31 15:13:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2636.18457__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2007.08.31 15:13:11 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2007.08.31 15:13:10 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2642.27815__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2007.08.31 15:13:10 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2636.18443__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2007.08.31 15:13:10 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2636.18449__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2007.08.31 15:13:10 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2636.18449__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2007.08.31 15:13:10 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2636.18451__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2007.08.31 15:13:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2636.18449__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2007.08.31 15:13:10 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2636.18443__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2007.08.31 15:13:10 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2636.18442__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2007.08.31 15:13:10 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2636.18450__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2007.08.31 15:13:10 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2636.18440__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2007.08.31 15:13:10 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2636.18440__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2007.08.31 15:13:10 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2636.18451__90ba9c70f846762e\APM.Foundation.dll
MOD - [2007.08.31 15:13:10 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2636.18429__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2007.08.31 15:13:10 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2007.08.31 15:13:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2636.18442__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2007.08.31 15:13:10 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2636.18437__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2007.08.31 15:13:08 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2657.37042__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2007.08.31 15:13:08 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2657.37009_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2007.08.31 15:13:07 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2657.36855__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2007.08.31 15:13:02 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2657.37014__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2007.08.31 15:13:01 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2636.18435__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2007.08.31 15:13:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2636.18440__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2007.08.31 15:13:00 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2657.37012__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2007.08.31 15:12:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2636.18433__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2007.08.31 15:12:58 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2657.36875__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2007.08.31 15:12:58 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2636.18458__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2007.08.31 15:12:57 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2657.37009__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2007.08.31 15:12:56 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2657.36858__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2007.08.31 15:12:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2636.18439__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2007.08.31 15:12:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2636.18439__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2007.08.31 15:12:47 | 001,404,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2657.36864__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2007.08.31 15:12:47 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2636.18437__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2007.08.31 15:12:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2657.37014__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2007.08.31 15:12:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2636.18452__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2007.08.31 15:12:45 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2657.36858__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2007.08.31 15:12:45 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2657.36856__90ba9c70f846762e\AEM.Server.dll
MOD - [2007.08.31 15:12:45 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2007.04.11 20:54:20 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007.03.02 10:44:34 | 000,073,728 | ---- | M] () -- c:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
MOD - [2006.12.10 20:51:08 | 000,077,824 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006.12.10 20:51:08 | 000,065,536 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2006.11.22 17:31:30 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56ita.dll
MOD - [2006.11.22 17:31:30 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56esp.dll
MOD - [2006.11.22 17:31:30 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56brz.dll
MOD - [2006.11.22 17:31:30 | 000,053,248 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56kor.dll
MOD - [2006.11.22 17:31:28 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56ger.dll
MOD - [2006.11.22 17:31:28 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56fra.dll
MOD - [2006.11.22 17:31:28 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56dnk.dll
MOD - [2006.11.22 17:31:28 | 000,057,344 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56jpn.dll
MOD - [2006.11.22 17:31:28 | 000,053,248 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56cht.dll
MOD - [2006.11.22 17:31:28 | 000,053,248 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56chs.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011.07.28 21:10:35 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.04.30 17:37:09 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.03 13:58:54 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.03.26 12:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.02.12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006.12.08 09:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011.09.15 16:24:17 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.09.15 16:24:17 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.08.29 22:12:40 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.07.28 21:10:38 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.28 21:10:38 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.03.09 16:37:30 | 001,389,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athur.sys -- (athur)
DRV - [2010.02.05 05:16:10 | 000,028,048 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009.03.25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009.03.25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009.03.25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009.03.25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009.03.25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009.03.25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.01.18 21:56:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2007.04.11 21:03:22 | 002,589,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.04 04:57:00 | 000,046,592 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.04.03 15:53:12 | 000,047,872 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.02.25 05:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.02.16 15:18:38 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.22 17:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.07.14 13:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006.02.07 18:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\jgogo.sys -- (JGOGO)
DRV - [2005.11.03 19:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dr71WU.sys -- (RT73)
DRV - [2004.03.09 11:18:09 | 000,065,504 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.03.09 10:45:49 | 000,077,184 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.09.06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {6edc3889-b841-4127-a2bf-c5fc48f972c7} - C:\Programme\RadarSync2\tbRada.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {6edc3889-b841-4127-a2bf-c5fc48f972c7} - C:\Programme\RadarSync2\tbRada.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.orf.at/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 53596
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 53596
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 53596
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 53596
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Mario\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007.08.31 15:18:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.12 20:24:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.31 17:07:43 | 000,000,000 | ---D | M]

[2009.09.21 14:08:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mario\AppData\Roaming\mozilla\Extensions
[2012.02.03 11:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mario\AppData\Roaming\mozilla\Firefox\Profiles\ymov932b.default\extensions
[2011.06.24 12:50:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Mario\AppData\Roaming\mozilla\Firefox\Profiles\ymov932b.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.02.24 17:32:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Mario\AppData\Roaming\mozilla\Firefox\Profiles\ymov932b.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.03.27 18:13:20 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Mario\AppData\Roaming\mozilla\Firefox\Profiles\ymov932b.default\extensions\firefox@tvunetworks.com
[2010.09.11 13:40:18 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Mario\AppData\Roaming\mozilla\Firefox\Profiles\ymov932b.default\extensions\vshare@toolbar
[2010.09.11 13:42:36 | 000,001,592 | ---- | M] () -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\ymov932b.default\searchplugins\web-search.xml
[2012.02.15 16:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.12 20:24:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.20 19:13:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.20 19:13:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.20 19:13:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.20 19:13:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.20 19:13:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.20 19:13:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

[color=#E56717]========== Chrome ==========[/color]

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (RadarSync2 Toolbar) - {6edc3889-b841-4127-a2bf-c5fc48f972c7} - C:\Programme\RadarSync2\tbRada.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll̀ File not found
O3 - HKLM\..\Toolbar: (RadarSync2 Toolbar) - {6edc3889-b841-4127-a2bf-c5fc48f972c7} - C:\Programme\RadarSync2\tbRada.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (RadarSync2 Toolbar) - {6EDC3889-B841-4127-A2BF-C5FC48F972C7} - C:\Programme\RadarSync2\tbRada.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\tb_eula\EULALauncher.NET.exe File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Driver Updater] C:\Program Files\Carambis\Driver Updater\dupdater.exe (Media Fog Ltd.)
O4 - HKCU..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mario\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 195.34.133.21 212.186.211.21 195.34.133.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0397D07A-B496-4F7F-BC57-2C0268A98038}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5154BF86-0BEB-433C-A317-1A60B3C3C8CE}: DhcpNameServer = 192.168.2.1 195.34.133.21 212.186.211.21 195.34.133.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C1B59EA-5754-49A5-9CCF-69DC2DDBF205}: DhcpNameServer = 192.168.2.1 195.34.133.21 212.186.211.21 195.34.133.22
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mario\Desktop\FOTOS\Zypern\RIMG0008.JPG
O24 - Desktop BackupWallPaper: C:\Users\Mario\Desktop\FOTOS\Zypern\RIMG0008.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5192bd4b-d281-11e0-809b-00030d70820f}\Shell - "" = AutoRun
O33 - MountPoints2\{5192bd4b-d281-11e0-809b-00030d70820f}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{5a530db1-c19c-11de-a2a5-00030d70820f}\Shell - "" = AutoRun
O33 - MountPoints2\{5a530db1-c19c-11de-a2a5-00030d70820f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5a530dcf-c19c-11de-a2a5-00030d70820f}\Shell - "" = AutoRun
O33 - MountPoints2\{5a530dcf-c19c-11de-a2a5-00030d70820f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9e48faa3-f6d7-11de-96b5-00195bcf6e1e}\Shell - "" = AutoRun
O33 - MountPoints2\{9e48faa3-f6d7-11de-96b5-00195bcf6e1e}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{d7f3752e-df90-11e0-a922-00030d70820f}\Shell - "" = AutoRun
O33 - MountPoints2\{d7f3752e-df90-11e0-a922-00030d70820f}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {444000F0-8F1F-160D-449E-F15696538A92} - Microsoft Windows Media Player
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4654501E-7408-0276-19BD-802E85D5AB46} - NetShow
ActiveX: {4E9254E3-FBFE-9FE9-1EF2-8B52492E3333} - Internet Explorer
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5127ED02-D5A4-A3A7-28B4-B7009A9266E5} - Microsoft Windows Media Player 11.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6A03D442-16FF-45C9-DE60-F21F7AB5E893} - .NET Framework
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {841F20C4-AB20-27FA-0D18-FC5F8D55EA02} - Internet Explorer
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: D-Link AirPlus G - hkey= - key= - File not found
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.02.15 20:58:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mario\Desktop\OTL.exe
[2012.02.15 19:08:01 | 002,061,360 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mario\Desktop\TDSSKiller.exe
[2012.02.15 13:10:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.02.15 12:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012.02.15 12:22:31 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012.02.15 12:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012.02.15 12:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012.02.15 12:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.02.15 12:21:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012.02.15 12:21:45 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Roaming\TestApp
[2012.02.15 12:03:20 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.02.11 12:32:23 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\Spotify
[2012.02.11 12:31:47 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Roaming\Spotify
[2012.01.30 12:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RTL Playtainment
[2012.01.30 12:40:15 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RTL Playtainment
[2012.01.30 12:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\Skispringen 2006 Demo
[2012.01.25 16:51:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.02.15 20:58:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mario\Desktop\OTL.exe
[2012.02.15 20:48:15 | 000,001,712 | ---- | M] () -- C:\Users\Mario\Desktop\CCleaner.lnk
[2012.02.15 20:47:35 | 000,000,930 | ---- | M] () -- C:\Users\Mario\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.15 20:47:08 | 000,001,877 | ---- | M] () -- C:\Users\Mario\Desktop\AntiVir starten.lnk
[2012.02.15 20:47:01 | 000,002,095 | ---- | M] () -- C:\Users\Mario\Desktop\Google Earth.lnk
[2012.02.15 20:21:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.15 19:37:22 | 000,000,864 | ---- | M] () -- C:\Users\Mario\Desktop\Mozilla Firefox.lnk
[2012.02.15 19:30:58 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.15 19:30:45 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.15 19:30:44 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.15 19:30:41 | 000,375,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.15 19:30:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.15 19:29:58 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.15 19:18:19 | 000,684,297 | ---- | M] () -- C:\Users\Mario\Desktop\unhide.exe
[2012.02.15 18:55:14 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.02.15 12:26:12 | 002,086,439 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012.02.15 12:05:24 | 000,000,312 | ---- | M] () -- C:\ProgramData\~V2nttlHiAwUKsm
[2012.02.15 12:05:23 | 000,000,216 | ---- | M] () -- C:\ProgramData\~V2nttlHiAwUKsmr
[2012.02.15 12:03:41 | 000,000,432 | ---- | M] () -- C:\ProgramData\V2nttlHiAwUKsm
[2012.02.15 12:01:04 | 000,007,592 | ---- | M] () -- C:\Users\Mario\AppData\Local\d3d9caps.dat
[2012.02.11 16:59:22 | 002,061,360 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mario\Desktop\TDSSKiller.exe
[2012.02.11 13:11:45 | 000,033,280 | ---- | M] () -- C:\Users\Mario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.11 12:32:21 | 000,001,757 | ---- | M] () -- C:\Users\Mario\Desktop\Spotify.lnk
[2012.01.30 12:40:22 | 000,000,988 | ---- | M] () -- C:\Users\Mario\Desktop\Skispringen 2006 Demo.lnk
[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.02.15 20:48:15 | 000,001,712 | ---- | C] () -- C:\Users\Mario\Desktop\CCleaner.lnk
[2012.02.15 20:47:35 | 000,000,930 | ---- | C] () -- C:\Users\Mario\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.15 20:47:08 | 000,001,877 | ---- | C] () -- C:\Users\Mario\Desktop\AntiVir starten.lnk
[2012.02.15 20:47:01 | 000,002,095 | ---- | C] () -- C:\Users\Mario\Desktop\Google Earth.lnk
[2012.02.15 19:37:22 | 000,000,864 | ---- | C] () -- C:\Users\Mario\Desktop\Mozilla Firefox.lnk
[2012.02.15 19:28:44 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.15 19:18:19 | 000,684,297 | ---- | C] () -- C:\Users\Mario\Desktop\unhide.exe
[2012.02.15 12:22:42 | 002,086,439 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012.02.15 12:05:23 | 000,000,312 | ---- | C] () -- C:\ProgramData\~V2nttlHiAwUKsm
[2012.02.15 12:05:23 | 000,000,216 | ---- | C] () -- C:\ProgramData\~V2nttlHiAwUKsmr
[2012.02.15 12:03:16 | 000,000,432 | ---- | C] () -- C:\ProgramData\V2nttlHiAwUKsm
[2012.02.11 12:32:21 | 000,001,757 | ---- | C] () -- C:\Users\Mario\Desktop\Spotify.lnk
[2012.02.11 12:32:21 | 000,001,743 | ---- | C] () -- C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012.01.30 12:40:22 | 000,000,988 | ---- | C] () -- C:\Users\Mario\Desktop\Skispringen 2006 Demo.lnk
[2011.09.16 10:33:30 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.08.20 13:10:57 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll
[2011.08.20 13:10:57 | 000,003,136 | ---- | C] () -- C:\Windows\Ade001.bin
[2011.08.20 13:10:57 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini
[2011.08.20 13:05:19 | 000,000,025 | ---- | C] () -- C:\Windows\CDE CX3600FGD.ini
[2011.07.23 14:56:12 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.06.15 17:01:56 | 000,009,672 | -HS- | C] () -- C:\Users\Mario\AppData\Local\fb61wus57260v123g6h31h0j424ryt5pbvc6e21gt6n83vb
[2011.06.15 17:01:56 | 000,009,672 | -HS- | C] () -- C:\ProgramData\fb61wus57260v123g6h31h0j424ryt5pbvc6e21gt6n83vb
[2011.06.15 17:01:33 | 000,003,660 | ---- | C] () -- C:\Users\Mario\AppData\Roaming\3A06.3E9
[2011.04.18 13:08:43 | 000,003,050 | -HS- | C] () -- C:\Users\Mario\AppData\Local\nv813465tbh34bo5k3323qe5f51ltcepcf8m05n21
[2011.04.18 13:08:43 | 000,003,050 | -HS- | C] () -- C:\ProgramData\nv813465tbh34bo5k3323qe5f51ltcepcf8m05n21
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.29 21:54:53 | 000,286,208 | ---- | C] () -- C:\Windows\System32\binkw32.dll
[2011.03.04 15:19:17 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.01.03 18:04:46 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010.12.22 13:37:17 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.12.22 13:37:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.05.23 18:33:22 | 000,000,600 | ---- | C] () -- C:\Users\Mario\AppData\Roaming\winscp.rnd
[2010.05.07 20:44:46 | 000,146,283 | ---- | C] () -- C:\Windows\hpoins18.dat.temp
[2010.05.07 20:44:46 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp
[2010.02.10 11:46:37 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.01.04 23:49:48 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.28 09:29:03 | 000,007,592 | ---- | C] () -- C:\Users\Mario\AppData\Local\d3d9caps.dat
[2009.10.12 19:43:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.09.21 14:29:16 | 000,028,915 | ---- | C] () -- C:\Users\Mario\AppData\Roaming\UserTile.png
[2009.09.21 12:48:15 | 000,036,626 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009.09.14 12:10:58 | 000,004,911 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.01.16 20:23:31 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2009.01.16 20:23:31 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2009.01.16 20:23:31 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2009.01.16 20:20:21 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009.01.16 20:20:21 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2008.05.14 17:15:17 | 000,146,254 | ---- | C] () -- C:\Windows\hpoins18.dat
[2008.02.16 21:36:19 | 000,033,280 | ---- | C] () -- C:\Users\Mario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.30 18:27:58 | 000,000,564 | ---- | C] () -- C:\Windows\eReg.dat
[2007.12.21 19:41:48 | 000,000,265 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007.08.31 15:09:36 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007.08.31 15:09:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.08.31 15:09:36 | 000,145,050 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007.08.31 14:53:11 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll
[2007.03.01 00:52:43 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2006.11.02 16:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,375,872 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 08:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[1997.06.25 15:24:16 | 000,040,448 | ---- | C] () -- C:\Windows\System32\RegObj.dll

[color=#E56717]========== LOP Check ==========[/color]

[2007.12.12 15:35:53 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Autodesk
[2011.07.23 14:56:20 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\avidemux
[2011.08.29 22:17:25 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\DAEMON Tools Pro
[2011.07.28 18:06:23 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Dropbox
[2011.02.24 17:32:49 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.05 19:10:21 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\ESRI
[2011.03.04 15:05:55 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\GetRightToGo
[2008.05.14 17:25:15 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Image Zone Express
[2011.08.29 22:35:45 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Leadertech
[2009.09.21 16:36:49 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\MessengerDiscovery 2
[2008.05.14 10:29:56 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Nokia
[2010.12.22 17:29:57 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Notepad++
[2009.06.03 22:12:06 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\OpenOffice.org
[2008.05.14 10:26:06 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\PC Suite
[2009.09.21 14:29:15 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\PeerNetworking
[2008.05.14 17:25:14 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Printer Info Cache
[2011.08.20 13:22:19 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Smart Panel
[2012.02.13 10:39:18 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Spotify
[2012.02.15 12:21:45 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\TestApp
[2011.09.26 14:38:09 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\X-Wave MP3 Cutter Joiner
[2010.10.27 15:05:56 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\XnView
[2012.02.15 18:55:18 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2011.03.29 22:45:04 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.04.01 00:54:19 | 000,000,000 | ---D | M] -- C:\$WINDOWS.~LS
[2010.12.20 17:00:43 | 000,000,000 | ---D | M] -- C:\AMD
[2011.07.28 18:06:44 | 000,000,000 | ---D | M] -- C:\Big Fish Games
[2011.03.30 08:31:38 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.07.28 18:05:54 | 000,000,000 | ---D | M] -- C:\botf
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.09.14 08:26:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2007.12.13 00:56:19 | 000,000,000 | R--D | M] -- C:\DRIVER
[2007.12.13 00:56:19 | 000,000,000 | ---D | M] -- C:\FirstSteps
[2011.06.12 18:58:40 | 000,000,000 | -HSD | M] -- C:\found.000
[2008.01.18 20:22:37 | 000,000,000 | ---D | M] -- C:\fsc.tmp
[2011.02.14 00:24:28 | 000,000,000 | ---D | M] -- C:\FSX
[2012.02.06 16:56:06 | 000,000,000 | ---D | M] -- C:\Games
[2007.08.31 15:19:43 | 000,000,000 | ---D | M] -- C:\Google
[2007.12.13 00:56:19 | 000,000,000 | R--D | M] -- C:\MANUAL
[2011.09.16 10:39:20 | 000,000,000 | ---D | M] -- C:\MP3Cutter
[2007.08.31 15:31:11 | 000,000,000 | R--D | M] -- C:\MSOCache
[2007.12.13 00:56:19 | 000,000,000 | ---D | M] -- C:\MSWorks
[2007.12.13 00:56:20 | 000,000,000 | ---D | M] -- C:\nero
[2007.08.31 15:35:10 | 000,000,000 | ---D | M] -- C:\Off2007HStTrial
[2010.12.20 15:01:22 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.02.15 16:09:22 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.02.15 14:55:04 | 000,000,000 | ---D | M] -- C:\ProgramData
[2007.09.14 08:26:16 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.03.02 21:45:18 | 000,000,000 | ---D | M] -- C:\Python25
[2011.04.03 13:32:43 | 000,000,000 | ---D | M] -- C:\Python26
[2008.01.14 15:26:58 | 000,000,000 | ---D | M] -- C:\SIERRA
[2012.02.15 21:08:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2007.08.31 14:54:41 | 000,000,000 | ---D | M] -- C:\tb_eula
[2007.12.13 00:56:20 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.15 20:49:01 | 000,000,000 | ---D | M] -- C:\Windows
[2007.08.31 14:26:38 | 000,000,000 | ---D | M] -- C:\x86

[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]

[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.01.17 10:57:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.01.17 10:57:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color]
[2008.01.18 23:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.18 23:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2006.11.02 10:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-02-15 10:43:07

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP

FC5A2B2

< End of report >

Anhang: OTL.Txt

15.02.2012, 21:42

Swisstreasure

Moderator

Beiträge: 5694

#12 Sagt Dir dieser Proxyeintrag etwas?

Zitat

FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 53596
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 53596
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 53596
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 53596
FF - prefs.js..network.proxy.type: 4

15.02.2012, 21:50

kontor

Member

Themenstarter

Beiträge: 50

#13 um ehrlich zu sein, habe ich darüber nur sehr wenig bis gar keine Ahnung *g*

15.02.2012, 21:53

Swisstreasure

Moderator

Beiträge: 5694

#14 Ist dies ein geschäftlich genutztes System?

15.02.2012, 21:58

kontor

Member

Themenstarter

Beiträge: 50

#15 habe ein kleines Heimnetzwerk über einen Router eingerichtet, kann das vl mit dem zusammen hängen?

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2