My laptop has been infected with TR/Vundo.Gen for a couple of months. I was first informed from my university's TechCenter because while I was on the campus net a virus/worum tried to access the network from my computer. They informed me and then I ran the antivirus program AviraAntiVir Control which detected a trojan, but when it was to be quarantined these "files"/virus couldn't be removed: CLI.EXE, Explorer.EXE, and winlogon.exe the error number that came up when the files were not able to be removed was "Error Number 26003". My husband completely reinstalled my computer and I thought the problem had been solved. But a few weeks ago I started being redirected while trying to access different internet sites and not just through google. I then ran the Avira AntiVir program again and the same type of unremovable files were found, TR/Vundo.Gen. Since I don't have any real computer skills and I have heard about how difficult it is to remove this malware from a computer I am hoping that you guys will be able to help me, I would REALLY appreciate it. Thank you so much in advance for any help you guys can give me!
Below is my OTL Log (Quick Scan - Scan all users):
OTL logfile created on: 21.08.2011 15:07:24 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Dokumente und Einstellungen\Brummer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
893,97 Mb Total Physical Memory | 437,87 Mb Available Physical Memory | 48,98% Memory free
2,12 Gb Paging File | 1,72 Gb Available in Paging File | 81,08% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,52 Gb Total Space | 58,54 Gb Free Space | 78,55% Space Free | Partition Type: NTFS
Computer Name: BRUMMER-PC | User Name: Brummer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.08.21 14:42:54 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Brummer\Desktop\OTL.exe
PRC - [2011.08.20 13:10:47 | 000,195,072 | ---- | M] () -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\dwm.exe
PRC - [2011.08.20 13:10:24 | 000,198,656 | ---- | M] () -- C:\Dokumente und Einstellungen\Brummer\Lokale Einstellungen\Temp\csrss.exe
PRC - [2011.08.20 13:10:03 | 000,193,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\Microsoft\conhost.exe
PRC - [2011.07.03 14:57:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.02.04 13:10:16 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Programme\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
PRC - [2010.12.13 09:39:27 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.06.21 11:37:32 | 000,499,796 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2010.06.21 11:37:14 | 000,561,263 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.09.05 22:24:20 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2006.07.27 15:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006.01.02 18:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
========== Modules (No Company Name) ==========
MOD - [2011.08.20 13:10:47 | 000,195,072 | ---- | M] () -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\dwm.exe
MOD - [2011.08.20 13:10:24 | 000,198,656 | ---- | M] () -- C:\Dokumente und Einstellungen\Brummer\Lokale Einstellungen\Temp\csrss.exe
MOD - [2011.08.20 13:10:03 | 000,193,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\Microsoft\conhost.exe
MOD - [2011.07.03 14:57:48 | 001,014,744 | ---- | M] () -- C:\Programme\Mozilla Firefox\js3250.dll
MOD - [2011.03.01 00:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2011.01.08 17:30:00 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll
MOD - [2011.01.07 23:48:45 | 000,038,400 | ---- | M] () -- C:\WINDOWS\system32\opnNDTJD.dll
MOD - [2011.01.07 23:30:56 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
MOD - [2011.01.07 23:28:56 | 005,971,408 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011.01.07 22:42:47 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
MOD - [2011.01.07 22:42:40 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
MOD - [2011.01.07 22:42:23 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
MOD - [2011.01.07 22:40:59 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2011.01.07 22:40:58 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011.01.07 22:39:15 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
MOD - [2011.01.07 22:39:04 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
MOD - [2010.11.10 13:49:38 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2010.06.21 11:37:26 | 000,278,528 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Client Utility\twculoc.dll
MOD - [2010.06.21 11:37:26 | 000,163,840 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Client Utility\oemresloc.dll
MOD - [2010.06.21 11:37:22 | 000,077,824 | ---- | M] () -- C:\WINDOWS\system32\wgapiloc.dll
MOD - [2010.06.21 11:37:14 | 000,561,263 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
MOD - [2010.06.21 11:37:14 | 000,422,000 | ---- | M] () -- C:\WINDOWS\system32\wgapi.dll
MOD - [2010.06.17 15:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010.03.23 14:26:48 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2008.06.04 08:53:14 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\spd__l.dll
MOD - [2007.03.16 19:10:48 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.02.04 13:10:16 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2010.12.13 09:39:27 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.13 09:39:19 | 000,267,944 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.08.09 04:04:02 | 000,131,888 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\WINDOWS\System32\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2010.06.21 11:37:32 | 000,499,796 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.03.21 16:06:58 | 000,163,025 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\joogcq.dll -- (cfkveeg)
SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - [2011.01.08 18:27:19 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.12.13 09:39:39 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.07.28 05:45:30 | 001,756,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2010.06.21 11:37:32 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.23 14:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.03.18 19:08:10 | 000,103,744 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008.11.16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007.11.14 20:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007.03.16 19:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007.02.16 02:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2007.01.18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.11 18:25:20 | 000,066,944 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\thdudf.sys -- (thdudf)
DRV - [2006.10.11 22:43:56 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.07.27 15:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006.07.02 00:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005.07.22 12:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.07.22 12:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005.07.22 12:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1454471165-630328440-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.update.mi...ault.aspx?ln=de
IE - HKU\S-1-5-21-1454471165-630328440-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1454471165-630328440-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51455
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 51455
FF - prefs.js..network.proxy.type: 1
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.08.08 18:43:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.07.03 14:57:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Programme\Mein Gutscheincode Finder\Firefox [2011.05.14 10:44:41 | 000,000,000 | ---D | M]
[2011.01.07 22:03:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\Mozilla\Extensions
[2011.08.21 13:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\Mozilla\Firefox\Profiles\hfb9lava.default\extensions
[2011.01.07 23:01:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\Mozilla\Firefox\Profiles\hfb9lava.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.21 13:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.01.07 23:32:49 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.01.10 20:47:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.01.07 23:17:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.01.07 23:16:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.05.14 10:44:41 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\PROGRAMME\MEIN GUTSCHEINCODE FINDER\FIREFOX
[2011.01.07 23:16:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.17 13:56:24 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.17 13:56:24 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.17 13:56:24 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.17 13:56:24 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.17 13:56:24 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011.01.10 19:23:22 | 000,000,894 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\opnNDTJD.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [conhost] C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TWCU] C:\Programme\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe ()
F3 - HKU\S-1-5-21-1454471165-630328440-1417001333-1003 WinNT: Load - (C:\DOKUME~1\Brummer\LOKALE~1\Temp\csrss.exe) - C:\Dokumente und Einstellungen\Brummer\Lokale Einstellungen\Temp\csrss.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-630328440-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1294428518093 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1294430826500 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1454471165-630328440-1417001333-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1454471165-630328440-1417001333-1003 Winlogon: Shell - (C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\dwm.exe) - C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\dwm.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\opnNDTJD: DllName - opnNDTJD.dll - C:\WINDOWS\System32\opnNDTJD.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Brummer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Brummer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\opnNDTJD.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.01.07 18:26:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{12f95714-5e8e-11e0-9c0a-74ea3a90d3ca}\Shell - "" = AutoRun
O33 - MountPoints2\{12f95714-5e8e-11e0-9c0a-74ea3a90d3ca}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{12f95714-5e8e-11e0-9c0a-74ea3a90d3ca}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{3aa4fb26-7e08-11e0-9c3d-74ea3a90d3ca}\Shell - "" = AutoRun
O33 - MountPoints2\{3aa4fb26-7e08-11e0-9c3d-74ea3a90d3ca}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3aa4fb26-7e08-11e0-9c3d-74ea3a90d3ca}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{44788bfe-1cdb-11e0-9b28-74ea3a90d3ca}\Shell - "" = AutoRun
O33 - MountPoints2\{44788bfe-1cdb-11e0-9b28-74ea3a90d3ca}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{44788bfe-1cdb-11e0-9b28-74ea3a90d3ca}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{7868f6d8-81d2-11e0-9c47-74ea3a90d3ca}\Shell - "" = AutoRun
O33 - MountPoints2\{7868f6d8-81d2-11e0-9c47-74ea3a90d3ca}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7868f6d8-81d2-11e0-9c47-74ea3a90d3ca}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{9e74a6be-6b8a-11e0-9c24-8b319a5cf334}\Shell - "" = AutoRun
O33 - MountPoints2\{9e74a6be-6b8a-11e0-9c24-8b319a5cf334}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e74a6be-6b8a-11e0-9c24-8b319a5cf334}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{a0093f1d-1a7b-11e0-9afe-b836f53cc618}\Shell - "" = AutoRun
O33 - MountPoints2\{a0093f1d-1a7b-11e0-9afe-b836f53cc618}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a0093f1d-1a7b-11e0-9afe-b836f53cc618}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{ec459642-54b9-11e0-9bde-74ea3a90d3ca}\Shell - "" = AutoRun
O33 - MountPoints2\{ec459642-54b9-11e0-9bde-74ea3a90d3ca}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ec459642-54b9-11e0-9bde-74ea3a90d3ca}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{f2d12456-99a4-11e0-9c8d-971d401db034}\Shell - "" = AutoRun
O33 - MountPoints2\{f2d12456-99a4-11e0-9c8d-971d401db034}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f2d12456-99a4-11e0-9c8d-971d401db034}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{f2d12457-99a4-11e0-9c8d-971d401db034}\Shell - "" = AutoRun
O33 - MountPoints2\{f2d12457-99a4-11e0-9c8d-971d401db034}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f2d12457-99a4-11e0-9c8d-971d401db034}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.08.21 14:42:54 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Brummer\Desktop\OTL.exe
[2011.08.21 14:21:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Brummer\Eigene Dateien\Kopie von BRDHA
[2011.08.19 09:18:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Brummer\Desktop\EigenOrdner
[2011.08.19 08:40:45 | 000,306,320 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2011.08.17 15:05:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Brummer\Eigene Dateien\VerhandlungsdemokratieHA.Data
[2011.08.11 14:52:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Brummer\Eigene Dateien\BRDHA
[2011.01.13 20:54:50 | 063,293,952 | ---- | C] (Microsoft Corporation) -- C:\Programme\EndNote-X4.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.08.21 14:47:00 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.08.21 14:42:54 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Brummer\Desktop\OTL.exe
[2011.08.21 14:37:42 | 000,085,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\C67A.C0D
[2011.08.21 14:26:00 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.08.21 14:24:00 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.08.21 12:51:43 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.08.21 12:51:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.08.21 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-BRUMMER-PC-Brummer.job
[2011.08.20 13:10:47 | 000,195,072 | ---- | M] () -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\dwm.exe
[2011.08.19 08:40:46 | 000,306,320 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2011.08.18 14:33:34 | 000,012,326 | ---- | M] () -- C:\Dokumente und Einstellungen\Brummer\Eigene Dateien\VerhandlungsdemokratieHA.enl
[2011.08.09 20:05:45 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.08.17 15:05:28 | 000,012,326 | ---- | C] () -- C:\Dokumente und Einstellungen\Brummer\Eigene Dateien\VerhandlungsdemokratieHA.enl
[2011.07.04 18:09:54 | 000,195,072 | ---- | C] () -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\dwm.exe
[2011.07.04 18:09:34 | 000,085,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\C67A.C0D
[2011.07.01 11:32:59 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011.04.06 18:14:57 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\hpgt34.dll
[2011.02.10 06:03:48 | 000,000,306 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2011.01.13 19:38:05 | 023,756,800 | ---- | C] () -- C:\Programme\McAfee_8.7i_20100713.exe
[2011.01.12 10:53:17 | 008,081,408 | ---- | C] () -- C:\Programme\vpnclient-win-msi-5.0.07.0290-k9.exe
[2011.01.12 01:22:10 | 000,061,952 | ---- | C] () -- C:\Dokumente und Einstellungen\Brummer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.11 20:26:54 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.01.10 20:28:22 | 000,075,776 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2011.01.10 20:18:25 | 000,259,888 | ---- | C] () -- C:\WINDOWS\SUPDRun.exe
[2011.01.10 20:18:24 | 000,283,136 | ---- | C] () -- C:\WINDOWS\System32\DscPnt.dll
[2011.01.10 20:18:24 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\spd__l.dll
[2011.01.10 20:18:21 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\spd__ci.exe
[2011.01.10 19:35:09 | 000,080,896 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe
[2011.01.08 00:44:58 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\nnnoOhGx.dll
[2011.01.07 23:49:21 | 000,001,159 | ---- | C] () -- C:\WINDOWS\System32\wvUoOGXO.dll
[2011.01.07 23:48:45 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\opnNDTJD.dll
[2011.01.07 23:35:06 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011.01.07 23:26:12 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.01.07 22:03:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.01.07 21:04:13 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011.01.07 21:04:04 | 000,422,000 | ---- | C] () -- C:\WINDOWS\System32\wgapi.dll
[2011.01.07 21:04:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\wgapiloc.dll
[2011.01.07 20:49:18 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011.01.07 20:49:17 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011.01.07 20:49:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011.01.07 20:35:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2011.01.07 20:34:59 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.01.07 20:01:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.01.07 18:29:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.01.07 18:22:33 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.01.07 18:08:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.01.07 18:06:41 | 003,518,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.03.23 14:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010.03.23 14:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008.04.14 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 14:00:00 | 000,451,948 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008.04.14 14:00:00 | 000,435,594 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 14:00:00 | 000,163,025 | RHS- | C] () -- C:\WINDOWS\System32\joogcq.dll
[2008.04.14 14:00:00 | 000,081,150 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008.04.14 14:00:00 | 000,068,490 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2011.01.08 18:26:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011.01.08 18:30:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011.07.01 11:34:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nitro PDF
[2011.01.10 22:08:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2011.01.07 23:55:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
[2011.01.31 16:31:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thomson.ResearchSoft.Installers
[2011.01.07 21:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK
[2011.01.15 17:25:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\avc
[2011.01.15 17:24:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\AVCWare
[2011.01.10 20:28:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\CAD-KAS
[2011.01.08 18:26:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\Canneverbe Limited
[2011.01.08 18:30:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\DAEMON Tools
[2011.01.08 18:31:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\DAEMON Tools Lite
[2011.01.08 18:30:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\DAEMON Tools Pro
[2011.02.15 12:15:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\EndNote
[2011.01.15 18:19:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\GetRightToGo
[2011.07.01 11:35:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\Nitro PDF
[2011.07.01 11:32:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\OpenCandy
[2011.01.10 21:21:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\OpenOffice.org
[2011.01.15 18:22:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\Pavtube
[2011.08.03 14:28:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\PrimoPDF
[2011.07.17 12:37:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\UseNeXT
[2011.01.15 17:19:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Brummer\Anwendungsdaten\Xilisoft
[2011.08.21 14:26:00 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.08.21 14:24:00 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.08.21 14:47:00 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
========== Purity Check ==========
< End of report >