OTL

OTL logfile created on: 26.10.
2011 18:11:09 - Run 1

OTL by OldTimer - Version 3.2.31.0
Folder = C:\Users\simon\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyy
y
3,00 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 63,84% Memor
y free
6,00 Gb Paging File | 4,22 Gb Available in Paging File | 70,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Fil
es
Drive C: | 488,38 Gb Total Space | 139,39 Gb Free Space | 28,54% Space Free | Pa
rtition Type: NTFS
Drive K: | 931,51 Gb Total Space | 552,36 Gb Free Space | 59,30% Space Free | Pa
rtition Type: NTFS
Drive L: | 5,49 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partiti
on Type: UDF
Computer Name: SIMON-PC | User Name: simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelis
t: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2011.10.26 18:08:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\User
s\simon\Desktop\OTL.exe
PRC - [2011.10.05 10:18:07 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co
. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.02 00:39:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:
\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation)
-- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Progra
mme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.07.13 21:57:18 | 008,155,648 | ---- | M] () -- C:\Programme\MySQL\My
SQL Server 5.5\bin\mysqld.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -C:\Windows\System32\conhost.exe
PRC - [2011.06.08 22:51:38 | 000,736,504 | ---- | M] (Tunngle.net GmbH) -- C:\Pr
ogramme\Tunngle\TnglCtrl.exe
PRC - [2011.06.04 23:08:36 | 000,025,088 | ---- | M] () -- C:\Programme\VPNTunne
l\bin\ConnGuardManager.exe
PRC - [2011.05.25 22:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users
\simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.05.07 11:12:25 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System3
2\atiesrxx.exe
PRC - [2011.05.07 11:09:27 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System3
2\atieclxx.exe
PRC - [2011.04.25 23:59:05 | 004,505,600 | ---- | M] (PostgreSQL Global Developm
ent Group) -- C:\Programme\Rapid7\framework\postgresql\bin\postgres.exe
PRC - [2011.04.25 23:59:05 | 000,066,048 | ---- | M] (PostgreSQL Global Developm
ent Group) -- C:\Programme\Rapid7\framework\postgresql\bin\pg_ctl.exe
PRC - [2011.03.01 16:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) -- C:\Pro

gramme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -C:\Windows\explorer.exe
PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -C:\Windows\System32\taskhost.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2007.09.06 22:38:57 | 000,450,560 | ---- | M] () -- C:\Programme\Lexmark
9500 Series\lxdomon.exe
PRC - [2007.08.10 08:11:54 | 000,020,480 | ---- | M] () -- C:\Programme\Lexmark
9500 Series\lxdoamon.exe
PRC - [2007.04.11 10:30:34 | 000,030,800 | ---- | M] () -- C:\Windows\System32\s
pool\drivers\w32x86\3\WrtProc.exe
PRC - [2007.04.11 10:30:06 | 000,026,704 | ---- | M] () -- C:\Windows\System32\s
pool\drivers\w32x86\3\WrtMon.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2011.10.20 17:37:53 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\N
ativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\
WindowsFormsIntegration.ni.dll
ativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Co
re.ni.dll
ativeImages_v2.0.50727_32\PresentationFramewo#\7b57fb7ab01951581394186c32cd278b\
PresentationFramework.Classic.ni.dll
ativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\
PresentationFramework.ni.dll
ativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\
UIAutomationProvider.ni.dll
ativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\Pres
entationCore.ni.dll
ativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBa
se.ni.dll
ativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessi
bility.ni.dll
ativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\
System.Windows.Forms.ni.dll
ativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\
System.Runtime.Remoting.ni.dll

ativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web
.ni.dll
ativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System
.Drawing.ni.dll
ativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml
.ni.dll
ativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\
System.Configuration.ni.dll
ativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
ativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.
dll
MOD - [2011.06.25 12:30:55 | 000,043,520 | ---- | M] () -- C:\Windows\System32\C
mdLineExt03.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common F
iles\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common F
iles\Apple\Apple Application Support\libxml2.dll
MOD - [2011.06.04 23:08:36 | 000,025,088 | ---- | M] () -- C:\Programme\VPNTunne
l\bin\ConnGuardManager.exe
MOD - [2011.06.04 23:08:28 | 000,122,368 | ---- | M] () -- C:\Programme\VPNTunne
l\bin\ConnGuard.dll
MOD - [2011.04.05 22:16:56 | 000,243,712 | ---- | M] () -- C:\Programme\ATI Tech
nologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.02.09 02:56:38 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad+
+\NppShell_04.dll
MOD - [2010.11.21 16:54:34 | 000,094,208 | ---- | M] () -- C:\Programme\FileZill
a FTP Client\fzshellext.dll
MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\G
AC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\R
arExt.dll
MOD - [2007.10.08 10:59:24 | 000,036,864 | ---- | M] () -- C:\Programme\Lexmark
9500 Series\app4r.monitor.core.dll
9500 Series\app4r.monitor.common.dll
9500 Series\app4r.devmons.mcmdevmon.dll
9500 Series\lxdomon.exe
9500 Series\lxdoscw.dll
9500 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
9500 Series\lxdoamon.exe
MOD - [2007.05.03 17:39:31 | 000,589,824 | ---- | M] () -- C:\Windows\System32\s
pool\drivers\w32x86\3\lxdodatr.dll
pool\drivers\w32x86\3\WrtProc.exe
pool\drivers\w32x86\3\WrtMon.exe
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2011.10.22 10:05:41 | 000,419,624 | ---- | M] (Valve Corporation) [On_Dem

and | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam
Client Service)
SRV - [2011.10.20 15:08:50 | 003,552,856 | ---- | M] () [Auto | Running] -- c:\P
rogramme\Common Files\Akamai\netsession_win_807ba95.dll -- (Akamai)
SRV - [2011.10.05 10:18:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co
. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (A
ntiVirSchedulerService)
SRV - [2011.10.05 10:17:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co
. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -(AntiVirService)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation)
[Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
-- (MBAMService)
SRV - [2011.08.04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Runn
ing] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.07.15 17:06:56 | 001,526,592 | ---- | M] (TuneUp Software) [Auto | S
topped] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe - (TuneUp.UtilitiesSvc)
SRV - [2011.07.15 17:01:04 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | R
unning] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.07.13 21:57:18 | 008,155,648 | ---- | M] () [Auto | Running] -- C:\P
rogram Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL55)
SRV - [2011.06.08 22:51:38 | 000,736,504 | ---- | M] (Tunngle.net GmbH) [Auto |
Running] -- C:\Programme\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011.05.07 11:12:25 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C
:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.04.25 23:59:05 | 000,066,048 | ---- | M] (PostgreSQL Global Developm
ent Group) [Auto | Running] -- C:\Programme\Rapid7\framework\postgresql\bin\pg_c
tl.exe -- (frameworkPostgreSQL)
SRV - [2011.03.27 19:51:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [Un
known | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.03.22 08:36:20 | 002,421,384 | ---- | M] (mobile concepts GmbH) [On_
Demand | Stopped] -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (C
GVPNCliSrvc)
SRV - [2011.03.14 17:00:08 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On
_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet P
ublisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.03.01 16:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) [Auto | R
unning] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewe
r6)
SRV - [2010.12.08 01:25:00 | 004,159,984 | ---- | M] (INCA Internet Co., Ltd.) [
On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On
_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Au
to | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.11.02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto |
Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -(AVP)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated
) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\Switc
hBoard.exe -- (SwitchBoard)
_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Au
to | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.20 22:05:06 | 000,589,824 | ---- | M] ( ) [Auto | Stopped] -- C:\

Windows\System32\lxdocoms.exe -- (lxdo_device)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2011.10.23 20:08:47 | 000,061,096 | ---- | M] (Eugene V. Muzychenko) [Ker
nel | On_Demand | Running] -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMus
DesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - [2011.09.18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | Syst
em | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
em | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System |
Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation)
[File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (
MBAMProtector)
DRV - [2011.06.06 16:03:54 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel |
On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDrive
r32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.05.07 11:12:51 | 007,774,208 | ---- | M] (ATI Technologies Inc.) [Ke
rnel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atik
mdag)
DRV - [2011.05.07 11:12:51 | 007,774,208 | ---- | M] (ATI Technologies Inc.) [Ke
rnel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdk
mdag)
DRV - [2011.05.07 11:08:50 | 000,242,176 | ---- | M] (Advanced Micro Devices, In
c.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys - (amdkmdap)
DRV - [2011.04.26 11:21:06 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kern
el | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901
)
DRV - [2011.03.06 16:04:47 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | Sys
tem | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.02.24 14:30:56 | 000,101,392 | ---- | M] (Advanced Micro Devices) [K
ernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (Ati
HDAudioService)
DRV - [2011.02.20 12:21:10 | 000,552,960 | ---- | M] (Ralink Technology, Corp.)
[Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (net
r73)
DRV - [2011.02.17 19:06:10 | 000,160,560 | ---- | M] (Oracle Corporation) [Kerne
l | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
l | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxN
etFlt)
l | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxN
etAdp)
l | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBM
on)
l | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2011.02.12 15:11:52 | 000,174,530 | ---- | M] (OmniVision Technologies, I
nc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ov519vid.sys
-- (ovt519)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Ke
rnel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUs
bFlt)

rnel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb
)
DRV - [2010.10.01 10:37:42 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_Syste
m | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010.07.01 14:21:14 | 000,034,896 | ---- | M] (Screaming Bee LLC) [Kernel
| On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (S
CREAMINGBDRIVER)
em | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel
| System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
| Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (Kl1)
| System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | O
n_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
rnel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb
)
rnel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbu
s)
DRV - [2009.09.16 07:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_
Demand | Stopped] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAPWin32 Adapter V9 (Tunngle)
rnel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDP
rintDevice)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | O
n_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.01.14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On
_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2005.01.04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [
Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://s
tart.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.d
e/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache Ac
ceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TI
MESTAMP = A9 F1 EB A9 68 F8 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEna
ble" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOve
rride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0
.6.12
FF - prefs.js..extensions.enabledItems: linky@gemal.dk:3.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6
.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6
.0.24
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1
.0.1
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 4444
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 4445
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Ma
cromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program File
s\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jr
e6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wa
t\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program
Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PR
OGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PRO
GRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program
Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\
Users\simon\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google In
c.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\
Users\simon\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google In
c.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users
\simon\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (
Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program F
iles\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Compo
nents: C:\Program Files\Mozilla Firefox\components [2011.10.02 00:39:29 | 000,00
0,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugi
ns: C:\Program Files\Mozilla Firefox\plugins [2011.07.27 20:02:05 | 000,000,000
| ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\C
omponents: C:\Program Files\Mozilla Thunderbird\components [2011.09.12 14:16:13
| 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\P
lugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 201

1\THBExt
[2011.07.28 20:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\simon
\AppData\Roaming\mozilla\Extensions
\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable
\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f9b0e-13a3a9e97384}
\AppData\Roaming\mozilla\Firefox\Profiles\0z9vuhaw.default\extensions
[2011.09.16 13:30:57 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\User
s\simon\AppData\Roaming\mozilla\Firefox\Profiles\0z9vuhaw.default\extensions\ant
toolbar@ant.com
[2011.10.03 22:03:26 | 000,000,000 | ---D | M] (FDislike) -- C:\Users\simon\AppD
ata\Roaming\mozilla\Firefox\Profiles\0z9vuhaw.default\extensions\fbdislike@doweb
.fr
[2011.10.06 20:10:26 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\
simon\AppData\Roaming\mozilla\Firefox\Profiles\0z9vuhaw.default\extensions\foxyp
roxy@eric.h.jung
[2011.02.14 14:59:49 | 000,000,000 | ---D | M] (Linky) -- C:\Users\simon\AppData
\Roaming\mozilla\Firefox\Profiles\0z9vuhaw.default\extensions\linky@gemal.dk
[2011.10.23 20:44:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\M
ozilla Firefox\extensions
[2011.10.23 20:44:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Progr
amme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.02.14 15:18:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mo
zilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.21 22:14:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mo
zilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.20 20:09:32 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Moz
illa Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2011.07.10 10:30:08 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2011.10.23 20:44:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGR
AM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\SIMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Z
9VUHAW.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
9VUHAW.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
9VUHAW.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
9VUHAW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
9VUHAW.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI
9VUHAW.DEFAULT\EXTENSIONS\{F36C6CD1-DA73-491D-B290-8FC9115BFA55}.XPI
9VUHAW.DEFAULT\EXTENSIONS\{F5DDF39C-9293-4D5E-9AA8-E04E6DD5E9B4}.XPI
9VUHAW.DEFAULT\EXTENSIONS\ELEMHIDEHELPER@ADBLOCKPLUS.ORG.XPI
[2011.10.02 00:39:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Progra
m Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Pr
ogram Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.02 00:39:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla fi
refox\searchplugins\amazondotcom-de.xml
[2011.10.02 00:39:27 | 000,002,252 |

refox\searchplugins\bing.xml
[2011.10.02 00:39:27 | 000,001,153 |
refox\searchplugins\eBay-de.xml
[2011.05.20 21:20:34 | 000,002,048 |
refox\searchplugins\fcmdSrch.xml
[2011.10.02 00:39:27 | 000,006,805 |
refox\searchplugins\leo_ende_de.xml
[2011.10.02 00:39:27 | 000,001,178 |
refox\searchplugins\wikipedia-de.xml
[2011.10.02 00:39:27 | 000,001,105 |
refox\searchplugins\yahoo-de.xml
---- | M] () -- C:\Program Files\mozilla fi

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{
google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchField
trialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={input
Encoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{goog
le:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chro
me&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\simon\AppData\Local\Google\Ch
rome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPS
WF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firef
ox\plugins\npqtplugin.dll
ox\plugins\npqtplugin2.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Jav
a\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\
bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:
\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\simon\AppData\Local\Google\Chro
me\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\simon\AppData\Local\Google\
Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media
Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mo
zilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\simon\AppData\Local\Google\Upda
te\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\simon\AppDat
a\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wa

t\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_OP = C:\Users\simon\AppData\Local\Google\Chrome\User Data\De
fault\Extensions\ecaabliejjdikjnkahhikeelbblahgoi\3_0\
O1 HOSTS File: ([2011.09.09 15:53:43 | 000,000,782 | ---- | M]) - C:\Windows\Sys
tem32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1
activate.adobe.com
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Progra
mme\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {64182481-4F71-486b-A045-B233BD0DA8FC} - No CLSID value fo
und.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863
C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.d
ll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\P
rogramme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies
S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02F
F} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Progra
mme\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CL
SID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D81274
40} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Applicati
on Support\APSDaemon.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira
Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\
avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Lexmark 9500 Series Fax Server] C:\Program Files\Lexmark 9500
Series\fm3032.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2
-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [lxdoamon] C:\Program Files\Lexmark 9500 Series\lxdoamon.exe ()
O4 - HKLM..\Run: [lxdomon.exe] C:\Program Files\Lexmark 9500 Series\lxdomon.exe
()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Ant
i-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwareb
ytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Stati
c\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.
exe ()
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.ex
e (Binary Fortress Software)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Micr
osoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\simon\AppData\Roaming\Microsoft\Windows\Start Menu\Progra
ms\Startup\Dropbox.lnk = C:\Users\simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.)
O4 - Startup: C:\Users\simon\AppData\Roaming\Microsoft\Windows\Start Menu\Progra
ms\Startup\Sperre.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTy
peAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentProm
ptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA =
0
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\
Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36
D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110}
- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky L
ab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
- C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technol
ogies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC
46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Sk
ype Technologies S.A.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky La
b ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common F
iles\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common F
iles\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\
mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6
.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.
com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{046C2B54-0589-4818-9
107-9F2E94A65FB3}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4D8C0B3-5031-4503-B
553-601F9E846CAA}: DhcpNameServer = 80.67.0.2 91.213.246.2
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Progr
amme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Use
rs\simon\Downloads\Ant Videos\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8
} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Techn
ologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Progr
amme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) -C:\Programme\Ka
spersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft
Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\S
ystem32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\Sy
stem32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Wi
ndows\System32\klogon.dll (Kaspersky Lab ZAO)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value
found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows Drea
mScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\auto
exec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.12.12 15:10:36 | 000,000,000 | RH-D | M] - K:\autorun
-- [ NTFS ]
O32 - Unable to obtain root file information for disk K:\
O32 - AutoRun File - [2011.09.06 09:15:22 | 000,000,051 | R--- | M] () - L:\auto
run.inf -- [ UDF ]
O33 - MountPoints2\{54545165-7d92-11e0-a57f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{54545165-7d92-11e0-a57f-806e6f6e6963}\Shell\AutoRun\command
- "" = E:\wubi.exe --cdmenu
O33 - MountPoints2\{93908d14-b835-11e0-b321-4061862922a7}\Shell - "" = AutoRun
O33 - MountPoints2\{93908d14-b835-11e0-b321-4061862922a7}\Shell\AutoRun\command
- "" = J:\FrameworkCheck.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C5E9DCF-612C-1BA1-1D88-14F3C318DC89} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32
.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\W
inMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell3
2.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.e
xe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.e
xe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C2F036C5-8146-243A-D4FE-1FFB2547B123} - Java (Sun)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Inter
face
ActiveX: {FFE93E98-7AF9-ACC9-5BDD-5E2AE5E68C81} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp
2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.

exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32
.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs:
NetSvcs:
NetSvcs:
NetSvcs:
NetSvcs:
NetSvcs:
NetSvcs:
NetSvcs:
NetSvcs:
NetSvcs:
NetSvcs:
NetSvcs:
NetSvcs:
FastUserSwitchingCompatibility - File not found

Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
Nla - File not found
Ntmssvc - File not found
NWCWorkstation - File not found
Nwsapagent - File not found
SRService - File not found
UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
WmdmPmSp - File not found
LogonHours - File not found
PCAudit - File not found
helpsvc - File not found
uploadmgr - File not found
MsConfig - StartUpReg: [b]iTunesHelper[/b] - hkey= - key= - C:\Program Files\iTu

nes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: [b]LogMeIn Hamachi Ui[/b] - hkey= - key= - C:\Program Fil
es\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/col
or]
[2011.10.26 18:08:23 | 000,584,192 |
n\Desktop\OTL.exe
[2011.10.24 12:46:19 | 000,000,000 |
ws\Start Menu\Programs\SWF Extractor
[2011.10.24 12:46:18 | 000,000,000 |
[2011.10.24 11:30:29 | 000,000,000 |
[2011.10.24 11:30:09 | 001,783,056 |
System32\WavesLib.dll
[2011.10.24 11:30:09 | 001,725,784 |
System32\WavesGUILib.dll
[2011.10.24 11:30:09 | 000,345,328 |
stem32\SRSTSXT.dll
[2011.10.24 11:30:09 | 000,214,368 |
stem32\SFNHK.dll
[2011.10.24 11:30:09 | 000,185,584 |
stem32\SRSTSHD.dll
[2011.10.24 11:30:09 | 000,173,296 |
stem32\SRSHP360.dll
[2011.10.24 11:30:09 | 000,140,528 |
stem32\SRSWOW.dll
[2011.10.24 11:30:09 | 000,074,080 |
stem32\SFCOM.dll
[2011.10.24 11:30:09 | 000,068,960 |
stem32\SFAPO.dll
[2011.10.24 11:30:07 | 000,359,768 |
Windows\System32\RTEEP32A.dll
[2011.10.24 11:30:07 | 000,295,768 |
Windows\System32\RP3DHT32.dll
---- | C] (OldTimer Tools) -- C:\Users\simo

---D | C] -- C:\ProgramData\Microsoft\Windo
---D | C] -- C:\Program Files\GlobFX
---D | C] -- C:\Windows\System32\RTCOM
---- | C] (Waves Audio Ltd.) -- C:\Windows\
---- | C] (Waves Audio Ltd.) -- C:\Windows\
---- | C] (SRS Labs, Inc.) -- C:\Windows\Sy
---- | C] (Synopsys, Inc.) -- C:\Windows\Sy
---- | C] (Dolby Laboratories, Inc.) -- C:\
---- | C] (Dolby Laboratories, Inc.) -- C:\
[2011.10.24 11:30:07 | 000,295,768

Windows\System32\RP3DAA32.dll
[2011.10.24 11:30:07 | 000,170,840
Windows\System32\RTEED32A.dll
[2011.10.24 11:30:07 | 000,078,680
Windows\System32\RTEEL32A.dll
[2011.10.24 11:30:07 | 000,064,856
Windows\System32\RTEEG32A.dll
[2011.10.24 11:30:06 | 003,327,320
System32\MaxxAudioRealtek.dll
[2011.10.24 11:30:06 | 003,296,600
s\System32\R4EEP32A.dll
[2011.10.24 11:30:06 | 001,836,376
System32\MaxxAudioEQ.dll
[2011.10.24 11:30:06 | 000,357,712
s\System32\KAAPORT.dll
[2011.10.24 11:30:06 | 000,345,944
s\System32\R4EED32A.dll
[2011.10.24 11:30:06 | 000,259,928
System32\MaxxAudioAPO30.dll
[2011.10.24 11:30:06 | 000,252,760
System32\MaxxVolumeSDAPO.dll
[2011.10.24 11:30:06 | 000,232,792
System32\MaxxAudioAPO20.dll
[2011.10.24 11:30:06 | 000,132,368
System32\MaxxAudioAPO.dll
[2011.10.24 11:30:06 | 000,103,256
s\System32\R4EEL32A.dll
[2011.10.24 11:30:06 | 000,088,408
s\System32\R4EEA32A.dll
[2011.10.24 11:30:06 | 000,061,272
s\System32\R4EEG32A.dll
[2011.10.24 11:30:05 | 001,740,352
ndows\System32\FMAPO.dll
[2011.10.24 11:30:05 | 001,509,480
2SpeakerDLL.dll
[2011.10.24 11:30:05 | 001,292,904
2HeadphoneDLL.dll
[2011.10.24 11:30:05 | 001,220,200
oostDLL.dll
[2011.10.24 11:30:05 | 000,654,952
assEnhancementDLL.dll
[2011.10.24 11:30:05 | 000,631,400
ymmetryDLL.dll
[2011.10.24 11:30:05 | 000,601,704
oiceClarityDLL.dll
[2011.10.24 11:30:05 | 000,458,344
eoPCDLL.dll
[2011.10.24 11:30:05 | 000,413,696
2PLFX32.dll
[2011.10.24 11:30:05 | 000,390,656
2PGFX32.dll
[2011.10.24 11:30:05 | 000,389,736
ainCompensatorDLL.dll
[2011.10.24 11:30:05 | 000,375,400
imiterDLL.dll
[2011.10.24 11:30:05 | 000,327,168
2PREC32.dll
[2011.10.24 11:30:05 | 000,218,728
FXAPONS.dll
| ---- | C] (Dolby Laboratories, Inc.) -- C:\

| ---- | C] (Waves Audio Ltd.) -- C:\Windows\
| ---- | C] (Dolby Laboratories) -- C:\Window
| ---- | C] (Knowles Acoustics ) -- C:\Window
| ---- | C] (Fortemedia Corporation) -- C:\Wi
| ---- | C] (DTS) -- C:\Windows\System32\DTSS
| ---- | C] (DTS) -- C:\Windows\System32\DTSB
| ---- | C] (DTS) -- C:\Windows\System32\DTSB
| ---- | C] (DTS) -- C:\Windows\System32\DTSV
| ---- | C] (DTS) -- C:\Windows\System32\DTSN
| ---- | C] (DTS) -- C:\Windows\System32\DTSU
| ---- | C] (DTS) -- C:\Windows\System32\DTSG
| ---- | C] (DTS) -- C:\Windows\System32\DTSL
| ---- | C] (DTS) -- C:\Windows\System32\DTSG
[2011.10.24 11:30:05 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSG

FXAPO.dll
[2011.10.24 11:30:05 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSL
FXAPO.dll
[2011.10.24 11:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011.10.24 11:30:02 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2011.10.23 20:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windo
ws\Start Menu\Programs\Skype
ws\Start Menu\Programs\Virtual Audio Cable
[2011.10.23 20:08:47 | 000,061,096 | ---- | C] (Eugene V. Muzychenko) -- C:\Wind
ows\System32\drivers\vrtaucbl.sys
[2011.10.23 20:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Audio
Cable
[2011.10.20 17:13:53 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.10.20 17:13:52 | 000,000,000 | ---D | C] -- C:\rsit
[2011.10.20 15:15:28 | 000,000,000 | ---D | C] -- C:\Users\simon\AppData\Roaming
\Malwarebytes
ws\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.20 15:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.20 15:15:13 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\
Windows\System32\drivers\mbam.sys
[2011.10.20 15:15:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes'
Anti-Malware
\Screaming Bee
[2011.10.14 17:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
\Avnex
\Microsoft\Windows\Start Menu\Programs\Voice Changer Software DIAMOND
[2011.10.14 17:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\AV Vcs 7.0 DI
AMOND
[2011.10.14 17:42:56 | 000,304,640 | ---- | C] (Mark Heath) -- C:\Users\simon\De
sktop\NAudio.dll
[2011.10.14 17:42:56 | 000,180,224 | ---- | C] ( ) -- C:\Users\simon\Desktop\Int
erop.SKYPE4COMLib.dll
\DisplayFusion
ws\Start Menu\Programs\DisplayFusion
[2011.10.10 21:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\DisplayFusion
\Dev-Cpp
ws\Start Menu\Programs\Bloodshed Dev-C++
[2011.10.10 18:20:00 | 000,000,000 | ---D | C] -- C:\Dev-Cpp
\Avira
ws\Start Menu\Programs\Avira
[2011.10.10 17:14:11 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System
32\drivers\ssmdrv.sys
32\drivers\avipbb.sys
32\drivers\avgntflt.sys
32\drivers\avkmgr.sys
[2011.10.10 17:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2011.10.10 17:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
ws\Start Menu\Programs\CCleaner
[2011.10.10 16:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
ws\Start Menu\Programs\Kaspersky Anti-Virus 2011
[2011.10.10 15:57:24 | 000,000,000 | ---D | C] -- C:\Users\simon\Desktop\Kaspers
ky.2011.Anti.Blacklist.Crack.v1.4.Only.READ.NFO-NKD
[2011.10.09 21:51:43 | 000,000,000 | ---D | C] -- C:\Users\simon\Desktop\redsn0w
_win_0.9.9b4
ws\Start Menu\Programs\Hex Workshop v6.5
[2011.10.09 21:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\BreakPoint So
ftware
[2011.10.09 21:13:04 | 000,000,000 | ---D | C] -- C:\Users\simon\AppData\Local\X
enocode
[2011.10.09 21:07:33 | 000,000,000 | ---D | C] -- C:\Users\simon\Desktop\Hex Wor
kshop Professional 6.5.0.5019 RC1
[2011.10.09 21:06:56 | 000,000,000 | ---D | C] -- C:\Users\simon\Desktop\Xenocod
e.Postbuild.2009.for.NET.v7.0.162.BETA.Crack
[2011.10.09 17:15:52 | 000,000,000 | ---D | C] -- C:\Users\simon\Desktop\Secret
Question Changer
[2011.10.09 17:15:36 | 000,000,000 | ---D | C] -- C:\Users\simon\Desktop\Patcher
[2011.10.09 12:05:30 | 000,000,000 | ---D | C] -- C:\Users\simon\Documents\BLACK
OUT CRYPTER
\EvaBox
[2011.10.09 11:38:38 | 000,000,000 | ---D | C] -- C:\Users\simon\Documents\blabl
a.exe
[2011.10.09 11:15:05 | 000,000,000 | ---D | C] -- C:\Capture
[2011.10.09 11:14:19 | 000,000,000 | ---D | C] -- C:\Users\simon\AppData\Local\Dg
el_IT-Management
[2011.10.08 18:53:01 | 000,000,000 | -HSD | C] -- C:\Windupdt
[2011.10.08 18:25:01 | 000,081,664 | ---- | C] (GMER) -- C:\aujasnkj.sys
[2011.10.08 18:02:24 | 000,000,000 | -HSD | C] -- C:\Users\simon\Documents\Windu
pdt
ws\Start Menu\Programs\iTunes
[2011.10.07 18:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.10.07 18:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.10.07 18:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.10.07 15:39:07 | 000,000,000 | ---D | C] -- C:\Users\simon\Desktop\Spy-Net
2.7 Final
[2011.10.06 21:42:03 | 000,000,000 | ---D | C] -- C:\Users\simon\Desktop\Languag
e
[2011.10.06 21:41:42 | 000,000,000 | RHSD | C] -- C:\Users\simon\AppData\Roaming
\InstallDir
\I2P
[2011.10.06 19:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\i2p
ws\Start Menu\Programs\Microsoft Silverlight
[2011.10.03 16:00:46 | 000,000,000 | ---D | C] -- C:\Users\simon\Desktop\Sprachp
akete
[2011.10.03 16:00:46 | 000,000,000 | ---D | C] -- C:\Users\simon\Desktop\LaunchD
aemons
[2011.10.03 16:00:46 | 000,000,000 | ---D | C] -- C:\Users\simon\Desktop\Auslage
rungsdatei
[2011.10.02 19:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sil
verlight
[2011.10.02 19:05:45 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2011.10.02 19:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\
Merge Modules
\Microsoft\Windows\Start Menu\Programs\Anvil-Soft
ws\Start Menu\Programs\Anvil-Soft
[2011.10.01 22:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\Klomanager
[2011.09.29 22:22:20 | 000,000,000 | ---D | C] -- C:\Users\simon\AppData\Local\v
pntunnel
[2011.09.28 22:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAP
ICOM 2.1.0.2
ws\Start Menu\Programs\Microsoft Office
[2011.09.28 18:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\
DESIGNER
[2011.09.28 18:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Off
ice
[2011.09.28 18:40:49 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.09.28 16:50:56 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2011.09.28 16:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2011.09.28 16:44:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
ws\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011.09.28 16:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Gam
es for Windows - LIVE
ws\Start Menu\Programs\Blue Ripple Sound
[2011.09.28 16:41:37 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:
\Windows\System32\rapture3d_oal.dll
[2011.09.28 16:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\BRS
[2011.09.28 16:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\Codemasters
\VPNTunnel
\Microsoft\Windows\Start Menu\Programs\VPNTunnel
[2011.09.27 20:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\VPNTunnel
[2011.05.20 17:44:31 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\lxdohc
p.dll
[2011.05.20 17:44:31 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdoin
pa.dll
[2011.05.20 17:44:30 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxdose
rv.dll
[2011.05.20 17:44:30 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\lxdous
b1.dll
[2011.05.20 17:44:30 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdopm
ui.dll
[2011.05.20 17:44:30 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdoie
sc.dll
[2011.05.20 17:44:30 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdopr
ox.dll
[2011.05.20 17:44:29 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdolm
pm.dll
[2011.05.20 17:44:29 | 000,315,392 | ---- | C] ( ) -- C:\Windows\System32\lxdoih
.exe
[2011.05.20 17:44:28 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdohb
n3.dll
[2011.05.20 17:44:27 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdoco
mc.dll

ms.exe
mm.dll
[2011.05.20 17:44:26 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdocf
g.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2011.10.26 18:08:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\simo
n\Desktop\OTL.exe
[2011.10.26 18:07:25 | 000,000,156 | ---- | M] () -- C:\Users\simon\defogger_ree
nable
[2011.10.26 18:06:44 | 000,050,477 | ---- | M] () -- C:\Users\simon\Desktop\Defo
gger.exe
[2011.10.26 17:21:09 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpda
teTaskUserS-1-5-21-1267313324-3745089284-1183586866-1001UA.job
[2011.10.26 16:21:09 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpda
teTaskUserS-1-5-21-1267313324-3745089284-1183586866-1001Core.job
[2011.10.26 10:39:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.25 19:30:27 | 000,015,360 | -H-- | M] () -- C:\Windows\System32\7B296FB
0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.25 19:30:27 | 000,015,360 | -H-- | M] () -- C:\Windows\System32\7B296FB
0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.25 18:34:16 | 001,211,564 | ---- | M] () -- C:\Users\simon\ts3_recordin
g_11_10_25_18_34_5.wav
[2011.10.24 22:15:43 | 000,211,740 | ---- | M] () -- C:\Users\simon\AppData\Loca
l\debuggee.mdmp
[2011.10.24 12:51:08 | 000,000,917 | ---- | M] () -- C:\Users\simon\Desktop\Auda
city.lnk
[2011.10.24 12:46:19 | 000,001,063 | ---- | M] () -- C:\Users\simon\Desktop\SWF
Extractor.lnk
[2011.10.24 11:52:14 | 2415,271,936 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.24 11:50:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.
dat
[2011.10.24 11:45:32 | 000,000,510 | ---- | M] () -- C:\Users\simon\Desktop\hs_e
rr_pid944.reg
[2011.10.23 20:43:57 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Sky
pe.lnk
[2011.10.23 20:08:47 | 000,061,096 | ---- | M] (Eugene V. Muzychenko) -- C:\Wind
ows\System32\drivers\vrtaucbl.sys
[2011.10.23 01:08:17 | 001,207,296 | ---- | M] () -- C:\Users\simon\Desktop\brai
nwwavegenerator_3.1.12.exe
[2011.10.20 15:15:18 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Mal
warebytes' Anti-Malware.lnk
[2011.10.20 15:08:31 | 003,697,240 | ---- | M] () -- C:\Windows\System32\FNTCACH
E.DAT
[2011.10.18 21:36:08 | 000,090,109 | ---- | M] () -- C:\Users\simon\Desktop\Prak
tikumsmappe.odt
[2011.10.18 16:41:30 | 000,150,996 | ---- | M] () -- C:\Windows\System32\drivers
\RTAIODAT.DAT
[2011.10.14 18:57:47 | 000,789,460 | ---- | M] () -- C:\Windows\System32\perfh00
7.dat
[2011.10.14 18:57:47 | 000,728,016 | ---- | M] () -- C:\Windows\System32\perfh00
9.dat
[2011.10.14 18:57:47 | 000,181,600 | ---- | M] () -- C:\Windows\System32\perfc00
7.dat
[2011.10.14 18:57:47 | 000,146,896 | ---- | M] () -- C:\Windows\System32\perfc00
9.dat
[2011.10.14 17:54:46 | 005,905,816 | ---- | M] () -- C:\Users\simon\Desktop\Morp
hVOXPro4_Install-4.3.13.de.exe
[2011.10.10 21:00:22 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Dis
playFusion.lnk
[2011.10.10 20:50:54 | 001,440,220 | ---- | M] () -- C:\Users\simon\Desktop\rain
bow_nyan_nyan_pop_tart_cat_by_zaithy-d3e8u2k.jpg
[2011.10.10 17:14:27 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avi
ra Control Center.lnk
[2011.10.10 16:26:47 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCl
eaner.lnk
[2011.10.09 22:09:32 | 007,910,991 | R--- | M] () -- C:\Users\simon\Desktop\Germ
anLetsPlay ft. Fr3akyZockt YTITTY STYLE.mp3
[2011.10.09 21:17:05 | 000,001,258 | ---- | M] () -- C:\Users\Public\Desktop\Hex
Workshop Hex Editor (32 bit).lnk
[2011.10.09 18:51:06 | 000,021,859 | ---- | M] () -- C:\Users\simon\Desktop\gpot
ato.jpg
[2011.10.09 18:39:01 | 000,106,435 | ---- | M] () -- C:\Users\simon\Desktop\flyf
f_logo.png
[2011.10.09 11:02:28 | 000,106,733 | ---- | M] () -- C:\Users\simon\Desktop\Stea
m-logo.png
[2011.10.09 00:08:11 | 035,997,815 | ---- | M] () -- C:\Users\simon\Desktop\Luci
dDreaming.mp3
[2011.10.08 18:25:01 | 000,081,664 | ---- | M] (GMER) -- C:\aujasnkj.sys
[2011.10.07 18:27:05 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTu
nes.lnk
[2011.10.06 21:43:45 | 000,175,104 | ---- | M] () -- C:\Users\simon\Desktop\sqli
te3.dll
[2011.10.05 21:17:56 | 024,355,582 | ---- | M] () -- C:\Users\simon\Desktop\Gori
llaz_Feel_good_inc_DUBSTEP_REMIX.flv
[2011.10.05 15:13:52 | 000,002,401 | ---- | M] () -- C:\Users\simon\Desktop\Goog
le Chrome.lnk
[2011.10.03 16:59:32 | 008,782,367 | R--- | M] () -- C:\Users\simon\Desktop\va10
0dbstp.part6.rar
[2011.10.03 16:57:54 | 250,000,000 | ---- | M] () -- C:\Users\simon\Desktop\va10
0dbstp.part5.rar
[2011.10.03 16:19:47 | 000,000,600 | ---- | M] () -- C:\Users\simon\AppData\Roam
ing\winscp.rnd
[2011.10.03 16:19:40 | 000,000,600 | ---- | M] () -- C:\Users\simon\AppData\Loca
l\PUTTY.RND
0dbstp.part4.rar
[2011.10.03 15:58:00 | 000,001,799 | ---- | M] () -- C:\Users\simon\Desktop\WinS
CP.lnk
0dbstp.part3.rar
0dbstp.part2.rar
0dbstp.part1.rar
[2011.09.30 22:49:08 | 009,539,324 | ---- | M] () -- C:\Users\simon\Desktop\Esca
pe Island v5.1.zip
[2011.09.28 16:41:32 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\Sys
tem32\wrap_oal.dll
[2011.09.27 20:31:15 | 000,001,071 | ---- | M] () -- C:\Users\simon\Desktop\VPNT
unnel GUI.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011.10.26 18:07:25 | 000,000,156 | ---- | C] ()

nable
[2011.10.26 18:06:40 | 000,050,477 | ---- | C] ()
gger.exe
[2011.10.25 18:34:09 | 001,211,564 | ---- | C] ()
g_11_10_25_18_34_5.wav
[2011.10.24 12:51:08 | 000,000,929 | ---- | C] ()
ndows\Start Menu\Programs\Audacity.lnk
[2011.10.24 12:51:08 | 000,000,917 | ---- | C] ()
city.lnk
[2011.10.24 12:46:19 | 000,001,063 | ---- | C] ()
Extractor.lnk
[2011.10.24 11:30:07 | 000,150,996 | ---- | C] ()
\RTAIODAT.DAT
[2011.10.23 20:43:57 | 000,002,503 | ---- | C] ()
pe.lnk
[2011.10.23 20:21:04 | 000,000,510 | ---- | C] ()
rr_pid944.reg
[2011.10.23 01:08:07 | 001,207,296 | ---- | C] ()
nwwavegenerator_3.1.12.exe
[2011.10.20 15:15:18 | 000,001,071 | ---- | C] ()
warebytes' Anti-Malware.lnk
[2011.10.18 19:26:45 | 000,090,109 | ---- | C] ()
tikumsmappe.odt
[2011.10.14 17:54:25 | 005,905,816 | ---- | C] ()
hVOXPro4_Install-4.3.13.de.exe
[2011.10.14 17:42:56 | 000,288,363 | ---- | C] ()
em.ComponentModel.Composition.xml
[2011.10.14 17:42:56 | 000,237,568 | ---- | C] ()
em.ComponentModel.Composition.dll
[2011.10.14 17:42:56 | 000,186,368 | ---- | C] ()
eFx.exe
[2011.10.14 17:42:56 | 000,044,032 | ---- | C] ()
t.dll
[2011.10.10 21:00:22 | 000,001,029 | ---- | C] ()
playFusion.lnk
[2011.10.10 20:51:00 | 001,440,220 | ---- | C] ()
bow_nyan_nyan_pop_tart_cat_by_zaithy-d3e8u2k.jpg
[2011.10.10 17:14:27 | 000,002,016 | ---- | C] ()
ra Control Center.lnk
[2011.10.10 16:26:47 | 000,000,969 | ---- | C] ()
eaner.lnk
[2011.10.09 22:09:06 | 007,910,991 | R--- | C] ()
anLetsPlay ft. Fr3akyZockt YTITTY STYLE.mp3
[2011.10.09 21:17:05 | 000,001,258 | ---- | C] ()
Workshop Hex Editor (32 bit).lnk
[2011.10.09 21:07:04 | 018,366,498 | ---- | C] ()
Workshop Professional 6.5.0.5019 incl crack.rar
[2011.10.09 18:51:05 | 000,021,859 | ---- | C] ()
ato.jpg
[2011.10.09 18:39:00 | 000,106,435 | ---- | C] ()
f_logo.png
[2011.10.09 17:15:52 | 000,031,232 | -H-- | C] ()
et Question Changer.suo
[2011.10.09 17:15:52 | 000,000,959 | ---- | C] ()
et Question Changer.sln
[2011.10.09 11:02:28 | 000,106,733 | ---- | C] ()
m-logo.png
[2011.10.09 00:05:53 | 035,997,815 | ---- | C] ()
-- C:\Users\simon\defogger_ree
-- C:\Users\simon\Desktop\Defo
-- C:\Users\simon\ts3_recordin
-- C:\ProgramData\Microsoft\Wi
-- C:\Users\simon\Desktop\Auda
-- C:\Users\simon\Desktop\SWF
-- C:\Windows\System32\drivers
-- C:\Users\Public\Desktop\Sky
-- C:\Users\simon\Desktop\hs_e
-- C:\Users\simon\Desktop\brai
-- C:\Users\Public\Desktop\Mal
-- C:\Users\simon\Desktop\Prak
-- C:\Users\simon\Desktop\Morp
-- C:\Users\simon\Desktop\Syst
-- C:\Users\simon\Desktop\Syst
-- C:\Users\simon\Desktop\Skyp
-- C:\Users\simon\Desktop\JSNe
-- C:\Users\Public\Desktop\Dis
-- C:\Users\simon\Desktop\rain
-- C:\Users\Public\Desktop\Avi
-- C:\Users\Public\Desktop\CCl
-- C:\Users\simon\Desktop\Germ
-- C:\Users\Public\Desktop\Hex
-- C:\Users\simon\Desktop\Hex
-- C:\Users\simon\Desktop\gpot
-- C:\Users\simon\Desktop\flyf
-- C:\Users\simon\Desktop\Secr
-- C:\Users\simon\Desktop\Secr
-- C:\Users\simon\Desktop\Stea
-- C:\Users\simon\Desktop\Luci
dDreaming.mp3
[2011.10.07 18:27:05 | 000,001,753 | ---- | C]
nes.lnk
[2011.10.06 21:43:45 | 000,175,104 | ---- | C]
te3.dll
[2011.10.05 21:17:53 | 024,355,582 | ---- | C]
llaz_Feel_good_inc_DUBSTEP_REMIX.flv
[2011.10.03 16:58:48 | 008,782,367 | R--- | C]
0dbstp.part6.rar
[2011.10.03 16:30:33 | 250,000,000 | ---- | C]
0dbstp.part5.rar
[2011.10.03 15:58:00 | 000,001,799 | ---- | C]
CP.lnk
[2011.10.03 15:42:30 | 250,000,000 | ---- | C]
0dbstp.part4.rar
[2011.10.03 12:54:44 | 250,000,000 | ---- | C]
0dbstp.part3.rar
[2011.10.03 11:55:00 | 250,000,000 | ---- | C]
0dbstp.part2.rar
[2011.10.03 11:05:27 | 250,000,000 | ---- | C]
0dbstp.part1.rar
[2011.09.30 21:43:29 | 009,539,324 | ---- | C]
pe Island v5.1.zip
[2011.09.28 16:43:38 | 000,001,338 | ---- | C]
ndows\Start Menu\Programs\Windows Live ID.lnk
[2011.09.27 20:31:15 | 000,001,071 | ---- | C]
unnel GUI.lnk
[2011.09.25 15:23:54 | 001,589,248 | ---- | C]
l_d.dll
[2011.09.25 15:19:18 | 000,000,232 | ---- | C]
[2011.07.20 19:40:51 | 000,000,000 | ---- | C]
l\census.cache
[2011.07.20 19:40:51 | 000,000,000 | ---- | C]
l\ars.cache
[2011.07.20 19:38:37 | 000,000,036 | ---- | C]
l\housecall.guid.cache
[2011.07.10 10:14:32 | 000,115,369 | ---- | C]
\klin.dat
[2011.07.10 10:14:32 | 000,097,961 | ---- | C]
\klick.dat
[2011.07.08 21:18:59 | 000,000,132 | ---- | C]
ing\Adobe PNG Format CS5 Prefs
[2011.06.12 12:12:14 | 000,045,286 | ---- | C]
ing\room_v3.dat
[2011.05.23 21:30:59 | 000,000,193 | ---- | C]
[2011.05.23 20:08:29 | 000,043,520 | ---- | C]
Ext03.dll
[2011.05.20 17:50:02 | 000,348,160 | ---- | C]
n.dll
[2011.05.20 17:49:03 | 000,045,056 | ---- | C]
N.DLL
[2011.05.20 17:49:03 | 000,032,768 | ---- | C]
U.DLL
[2011.05.20 17:48:43 | 000,069,632 | ---- | C]
.dll
[2011.05.20 17:45:26 | 000,028,672 | ---- | C]
[2011.05.20 17:45:26 | 000,011,776 | ---- | C]
2.dll
[2011.05.20 17:44:51 | 000,000,060 | -H-- | C]
d.ini
() -- C:\Users\Public\Desktop\iTu
() -- C:\Users\simon\Desktop\sqli
() -- C:\Users\simon\Desktop\Gori
() -- C:\Users\simon\Desktop\va10
() -- C:\Users\simon\Desktop\WinS
() -- C:\Users\simon\Desktop\Esca
() -- C:\ProgramData\Microsoft\Wi
() -- C:\Users\simon\Desktop\VPNT
() -- C:\Windows\System32\libmysq
() -- C:\Windows\ODBCINST.INI
() -- C:\Users\simon\AppData\Loca
() -- C:\Windows\System32\drivers
() -- C:\Windows\System32\drivers
() -- C:\Users\simon\AppData\Roam
() -- C:\Users\simon\AppData\Roam
() -- C:\Windows\WORDPAD.INI
() -- C:\Windows\System32\CmdLine
() -- C:\Windows\System32\lxdocoi
() -- C:\Windows\System32\LXDOPMO
() -- C:\Windows\System32\LXDOFXP
() -- C:\Windows\System32\lxdooem
() -- C:\Windows\hookdllX.dll
() -- C:\Windows\System32\pmsbfn3
() -- C:\Windows\System32\lxdorwr
[2011.05.20 17:44:31 | 000,348,160 | ---- |

t.dll
[2011.05.20 17:44:27 | 000,208,896 | ---- |
.dll
[2011.05.07 11:09:34 | 000,003,949 | ---- |
g.dat
[2011.05.07 11:08:31 | 000,233,012 | ---- |
x.dat
[2011.05.04 21:04:52 | 000,088,664 | -H-- |
e.dat
[2011.04.25 14:52:17 | 000,360,448 | ---- |
ing\mmsetup.exe
[2011.04.20 23:20:34 | 000,000,000 | ---- |
dat
[2011.04.18 21:17:54 | 000,000,056 | -H-- |
.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- |
ll.cat
[2011.04.09 13:17:01 | 000,046,742 | ---- |
ing\room.dat
[2011.04.08 17:24:23 | 000,000,032 | ---- |
[2011.04.05 22:09:48 | 000,059,904 | ---- |
e.dll
[2011.04.02 10:32:02 | 000,000,295 | ---- |
[2011.03.29 14:20:39 | 000,011,264 | ---- |
l\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.09 19:45:43 | 000,007,605 | ---- |
l\Resmon.ResmonCfg
[2011.02.28 20:36:55 | 000,001,433 | ---- |
l\RecConfig.xml
[2011.02.27 11:21:14 | 000,211,740 | ---- |
l\debuggee.mdmp
[2011.02.20 12:34:17 | 000,000,600 | ---- |
ing\winscp.rnd
[2011.02.20 12:30:13 | 000,000,600 | ---- |
l\PUTTY.RND
[2011.02.20 12:21:48 | 000,200,704 | ---- |
river.exe
[2011.02.20 12:21:48 | 000,005,224 | ---- |
o.ini
[2011.02.19 21:22:02 | 000,138,536 | ---- |
\PnkBstrK.sys
[2011.02.19 21:21:56 | 000,270,408 | ---- |
B.exe
[2011.02.19 21:21:33 | 000,075,136 | ---- |
A.exe
[2011.02.12 13:17:24 | 000,000,000 | ---- |
[2011.02.02 05:13:22 | 000,169,096 | ---- |
Inject3.dll
[2009.09.09 19:01:40 | 000,027,675 | ---- |
\klopp.dat
[2009.07.14 10:47:43 | 000,789,460 | ---- |
7.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- |
7.dat
[2009.07.14 10:47:43 | 000,181,600 | ---- |
7.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- |
7.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- |
C] () -- C:\Windows\System32\lxdoins
C] () -- C:\Windows\System32\lxdogrd
C] () -- C:\Windows\System32\atipbla
C] () -- C:\Windows\System32\atiicdx
C] () -- C:\Windows\System32\mlfcach
C] () -- C:\Users\simon\AppData\Roam
C] () -- C:\Windows\System32\Access.
C] () -- C:\Windows\System32\ezsidmv
C] () -- C:\Windows\System32\xlive.d
C] () -- C:\Windows\CD_Start.INI
C] () -- C:\Windows\System32\OVDecod
C] () -- C:\Windows\ODBC.INI
C] () -- C:\Users\simon\AppData\Loca
C] () -- C:\Windows\System32\UpdateD
C] () -- C:\Windows\System32\ucuiinf
C] () -- C:\Windows\System32\drivers
C] () -- C:\Windows\System32\PnkBstr
C] () -- C:\Windows\System32\PnkBstr
C] () -- C:\Windows\ativpsrm.bin
C] () -- C:\Windows\System32\Airfoil
C] () -- C:\Windows\System32\drivers
C] () -- C:\Windows\System32\perfh00
C] () -- C:\Windows\System32\perfi00
C] () -- C:\Windows\System32\perfc00
C] () -- C:\Windows\System32\perfd00
C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 003,697,240

E.DAT
[2009.07.14 04:05:48 | 000,728,016
9.dat
[2009.07.14 04:05:48 | 000,291,294
9.dat
[2009.07.14 04:05:48 | 000,146,896
9.dat
[2009.07.14 04:05:48 | 000,031,548
9.dat
[2009.07.14 04:05:05 | 000,000,741
AT
[2009.07.14 04:04:11 | 000,215,943
at
[2009.07.14 01:55:01 | 000,043,131
[2009.07.14 01:51:43 | 000,073,728
ontextHandler.dll
[2009.07.14 01:42:10 | 000,064,000
xtHandler.dll
[2009.07.14 01:33:47 | 000,000,000
ll
[2009.07.14 01:16:36 | 000,000,000
dll
[2009.06.10 23:26:10 | 000,673,088
at
[2008.10.07 09:13:30 | 000,197,912
dart_20.dll
[2008.10.07 09:13:22 | 000,058,648
lTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648
lSwedish.dll
[2008.10.07 09:13:20 | 000,058,648
lSpanish.dll
[2008.10.07 09:13:20 | 000,058,648
lSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648
lPortugese.dll
[2008.10.07 09:13:20 | 000,058,648
lKorean.dll
[2008.10.07 09:13:20 | 000,058,648
lJapanese.dll
[2008.10.07 09:13:20 | 000,058,648
lGerman.dll
[2008.10.07 09:13:20 | 000,058,648
lFrench.dll
[2007.09.06 22:40:36 | 000,692,224
.dll
[2007.06.14 22:45:05 | 000,069,632
4.dll
[2007.05.22 16:10:18 | 000,065,536
s.dll
[2006.08.01 07:53:18 | 000,040,960
dll
[2003.10.15 18:52:50 | 000,200,704
[2003.10.15 18:52:46 | 000,040,960
[2003.10.15 18:52:46 | 000,032,528
| ---- | C] () -- C:\Windows\System32\FNTCACH
| ---- | C] () -- C:\Windows\System32\perfh00
| ---- | C] () -- C:\Windows\System32\perfi00
| ---- | C] () -- C:\Windows\System32\perfc00
| ---- | C] () -- C:\Windows\System32\perfd00
| ---- | C] () -- C:\Windows\System32\NOISE.D
| ---- | C] () -- C:\Windows\System32\dssec.d
| ---- | C] () -- C:\Windows\mib.bin
| ---- | C] () -- C:\Windows\System32\BthpanC
| ---- | C] () -- C:\Windows\System32\BWConte
| ---- | C] () -- C:\Windows\System32\sccls.d
| ---- | C] () -- C:\Windows\System32\devmgr.
| ---- | C] () -- C:\Windows\System32\mlang.d
| ---- | C] () -- C:\Windows\System32\physxcu
| ---- | C] () -- C:\Windows\System32\AgCPane
| ---- | C] () -- C:\Windows\System32\lxdodrs
| ---- | C] () -- C:\Windows\System32\lxdocnv
| ---- | C] () -- C:\Windows\System32\lxdocap
| ---- | C] () -- C:\Windows\System32\lxdovs.
| ---- | C] () -- C:\Windows\sel3110.exe
| ---- | C] () -- C:\Windows\CleanDev.exe
| ---- | C] () -- C:\Windows\amcap.exe
[color=#E56717]========== LOP Check ==========[/color]

[2011.10.04 16:33:58 | 000,000,000 | ---D | M] -- C:\Users\simon\AppData\Roaming
\.minecraft
\.Nitrous
\9500 Series
\Atari
\Avnex
\com.adobe.downloadassistant.AdobeDownloadAssistant
\Cycling '74
\DAEMON Tools Lite
\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
\Dev-Cpp
\DisplayFusion
\Dropbox
\DVDVideoSoft
\DVDVideoSoftIEHelpers
\EvaBox
\FileZilla
\GetRightToGo
\GHISLER
\gtk-2.0
\I2P
[2011.10.06 22:08:44 | 000,000,000 | RHSD | M] -- C:\Users\simon\AppData\Roaming
\InstallDir
\Leadertech
\Lexmark Productivity Studio
\LolClient
\ManyCam
\Mavituna Security Ltd
\Metasploit
\MySQL
\NewSoft
\Notepad++
\PACE Anti-Piracy
\redsn0w
\Screaming Bee
\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
\TeamViewer
\Teeworlds
\Thunderbird
\TS3Client
\ts3overlay
\TuneUp Software
\Tunngle
\Ubisoft
\VPNTunnel
\WindSolutions
\X-Chat 2
[2011.10.09 21:37:56 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.T
XT
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2011.07.20 21:59:45 | 000,000,000 | -HSD |
[2011.02.20 12:17:37 | 000,000,000 | ---D |
[2011.10.09 11:15:05 | 000,000,000 | ---D |
[2011.10.10 18:20:07 | 000,000,000 | ---D |
[2009.07.14 06:53:55 | 000,000,000 | -HSD |
[2011.02.12 13:21:14 | 000,000,000 | -HSD |
[2011.09.06 20:12:12 | 000,000,000 | -HSD |
[2011.07.27 20:25:48 | 000,000,000 | ---D |
[2011.10.25 11:47:39 | 000,000,000 | ---D |
[2011.02.22 21:10:15 | 000,000,000 | ---D |
[2011.10.12 22:39:21 | 000,000,000 | ---D |
[2011.09.28 18:40:49 | 000,000,000 | RH-D |
[2011.10.22 11:58:35 | 000,000,000 | ---D |
[2009.07.14 04:37:05 | 000,000,000 | ---D |
[2011.07.10 00:06:23 | 000,000,000 | ---D |
[2011.10.24 12:46:18 | 000,000,000 | R--D |
[2011.10.20 15:15:17 | 000,000,000 | -H-D |
[2011.02.12 13:21:14 | 000,000,000 | -HSD |
[2011.02.12 13:21:15 | 000,000,000 | -HSD |
[2011.10.20 17:14:22 | 000,000,000 | ---D |
M]
M]
M]
M]
M]
M]
M]
M]
M]
M]
M]
M]
M]
M]
M]
M]
M]
M]
M]
M]
---------------------
C:\$Recycle.Bin
C:\Belkin
C:\Capture
C:\Dev-Cpp
C:\Documents and Settings
C:\Dokumente und Einstellungen
C:\found.000
C:\Fraps
C:\HammerAutosave
C:\inetpub
C:\logs
C:\MSOCache
C:\P-Book
C:\PerfLogs
C:\Perl
C:\Program Files
C:\ProgramData
C:\Programme
C:\Recovery
C:\rsit
[2011.08.06
[2011.08.06
[2011.10.26
[2011.06.24
[2011.10.17
[2011.10.24
[2011.10.09
[2011.09.24
[2011.08.06
12:58:06
12:55:44
18:14:26
21:19:11
21:51:07
11:30:02
21:37:43
16:23:41
16:22:59
|
|
|
|
|
|
|
|
|
000,000,000
000,000,000
000,000,000
000,000,000
000,000,000
000,000,000
000,000,000
000,000,000
000,000,000
|
|
|
|
|
|
|
|
|
---D
---D
-HSD
---D
R--D
---D
-HSD
---D
---D
|
|
|
|
|
|
|
|
|
M]
M]
M]
M]
M]
M]
M]
M]
M]
----------
C:\Ruby192
C:\Ruby192l
C:\System Volume Information
C:\temp
C:\Users
C:\Windows
C:\Windupdt
C:\WinSetupFromUSB
C:\xampp
[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]

[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< %systemroot%\system32\*.manifest /3 >[/color]
[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C
74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_
31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC3
8A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_
31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF
508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_
31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626F
C9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_
31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58
D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_
31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D77
7B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_
31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88E
BBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88E
BBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_
31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C
4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_
31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EE
B0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_
31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C7615
3C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_
31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color]
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A488
3F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A488
3F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registryeditor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3
EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3
EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_
31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80
F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_
31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5D
CAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5D
CAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_3
1bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB
7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_
31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE
6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_
31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E
1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E
1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_
31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A
4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_
31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsU
pdate\AU >[/color]
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Wi
ndowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto
Update\Results\Install\\LastSuccessTime: 2011-10-25 08:50:10
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 1109 bytes -> C:\ProgramData\Microsoft:e26zJ95qaG3wVQqu
mw5
@Alternate Data Stream - 1100 bytes -> C:\ProgramData\Microsoft:tO8ifp1QPmqzAVmK
xk3bsTjY
@Alternate Data Stream - 1090 bytes -> C:\Users\simon\AppData\Local\Temp:cAD6CTw
ziUrAk5w7qZngN
< End of report >

OTL

Uploaded by

Copyright:

Available Formats

OTL

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

OTL

Uploaded by

Copyright:

Available Formats

OTL logfile created on: 26.10.

2011 18:11:09 - Run 1

PRC - [2011.03.01 16:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) -- C:\Pro

MOD - [2011.10.20 15:13:14 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\N

SRV - [2011.10.22 10:05:41 | 000,419,624 | ---- | M] (Valve Corporation) [On_Dem

SRV - [2007.09.20 22:05:06 | 000,589,824 | ---- | M] ( ) [Auto | Stopped] -- C:\

DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Ke

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 201

[2011.10.02 00:39:27 | 000,002,252 |

---- | M] () -- C:\Program Files\mozilla fi

[color=#E56717]========== Chrome ==========[/color]

CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wa

ndows\System32\klogon.dll (Kaspersky Lab ZAO)

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.

FastUserSwitchingCompatibility - File not found

MsConfig - StartUpReg: [b]iTunesHelper[/b] - hkey= - key= - C:\Program Files\iTu

---- | C] (OldTimer Tools) -- C:\Users\simo

[2011.10.24 11:30:07 | 000,295,768

| ---- | C] (Dolby Laboratories, Inc.) -- C:\

[2011.10.24 11:30:05 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSG

[2011.10.10 17:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2011.05.20 17:44:27 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxdoco

[2011.10.26 18:07:25 | 000,000,156 | ---- | C] ()

[2011.05.20 17:44:31 | 000,348,160 | ---- |

[2009.07.14 06:33:53 | 003,697,240

[color=#E56717]========== LOP Check ==========[/color]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]

You might also like