Hallo zusammen,

bei meinen Prozessen im Task-Manager taucht eine 7SDX33Y5VV.exe auf. Dieser Prozess kann nicht geschlossen werden. Die Datei befindet sich in: C:\Users\<user>\AppData\Local\Temp\
Die Datei hat den Originalnamen "ebook.exe" und ist laut den Datei-Eigenschaften ein Adobe Acrobat Dokument.
Virenscanner (Shophos Antivir) schlägt nicht Alarm.


OTL.txt

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 06.10.2011 12:30:18 - Run 2
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\admin\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 76,28% Memory free
15,96 Gb Paging File | 14,14 Gb Available in Paging File | 88,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 44,43 Gb Free Space | 37,29% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 359,00 Gb Free Space | 77,08% Space Free | Partition Type: NTFS
Drive E: | 1397,26 Gb Total Space | 588,92 Gb Free Space | 42,15% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 558,50 Gb Free Space | 59,96% Space Free | Partition Type: NTFS
Drive X: | 931,51 Gb Total Space | 333,44 Gb Free Space | 35,80% Space Free | Partition Type: NTFS
Drive Z: | 1863,01 Gb Total Space | 1156,51 Gb Free Space | 62,08% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.06 12:01:02 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
PRC - [2011.10.05 17:45:56 | 000,167,960 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011.10.05 17:44:35 | 001,543,704 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2011.09.05 19:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011.09.02 22:57:32 | 004,220,416 | ---- | M] (4 MB) -- C:\Users\admin\AppData\Local\Temp\7SDX33Y5VV.exe
PRC - [2011.08.23 09:35:19 | 000,494,616 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2011.08.23 09:34:56 | 000,232,472 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2011.08.23 09:33:40 | 000,099,864 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011.08.05 20:14:10 | 000,745,600 | ---- | M] (CM & V) -- C:\Program Files (x86)\DVBViewer\DVBVservice.exe
PRC - [2011.08.04 19:13:40 | 001,496,528 | ---- | M] (TrueCrypt Foundation) -- C:\Programme\TrueCrypt\TrueCrypt.exe
PRC - [2011.04.30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.03.30 00:17:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.07.22 00:00:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSS01A.EXE
PRC - [2004.06.14 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSVC01A.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.05 19:05:06 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.07.08 05:25:02 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.10.30 12:26:04 | 000,559,320 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\Topos\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.10.05 17:45:56 | 000,167,960 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011.10.05 17:44:35 | 001,543,704 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011.08.23 09:34:56 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2011.08.23 09:33:40 | 000,099,864 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011.08.05 20:14:10 | 000,745,600 | ---- | M] (CM & V) [Auto | Running] -- C:\Program Files (x86)\DVBViewer\DVBVservice.exe -- (DVBVRecorder)
SRV - [2011.06.25 02:14:12 | 000,550,840 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
SRV - [2011.04.30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011.03.30 00:17:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2004.06.14 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\BRSVC01A.EXE -- (Brother XP spl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.10.05 17:45:24 | 000,144,672 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2011.08.23 09:32:12 | 000,026,104 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2011.08.06 21:29:29 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.08.04 20:09:30 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2011.08.04 19:13:40 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.08.04 17:50:34 | 000,440,064 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88vid.sys -- (hcw88vid)
DRV:64bit: - [2011.08.04 17:50:34 | 000,339,968 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88tse.sys -- (HCW88TSE)
DRV:64bit: - [2011.08.04 17:50:33 | 000,259,456 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88bda.sys -- (hcw88bda)
DRV:64bit: - [2011.08.04 17:50:33 | 000,015,872 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV:64bit: - [2011.07.08 06:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.07.08 04:47:04 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.20 15:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.09.21 09:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.09.17 11:53:28 | 000,297,000 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2009.10.30 12:26:06 | 001,222,360 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfosspeed.sys -- (cFosSpeed)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.18 12:54:10 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\BC5D.tmp -- (MEMSWEEP2)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.01.29 10:01:34 | 000,033,600 | ---- | M] (X-Rite, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\XrUsb64.sys -- (X-Rite)
DRV - [2011.08.05 22:49:56 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.11.23 10:23:06 | 000,097,792 | ---- | M] (T0r0 2008) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\NSHE.SYS -- (NSHE)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 65 15 C2 94 53 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:/Users/admin/Music/Temp/Tunebite/.downloading/profile/rrproxy_ffox_498499c2.pac"
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 4001
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 4001
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 4001
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 4001
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 4001
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 4001
FF - prefs.js..network.proxy.share_proxy_settings: true
 
FF - user.js..network.proxy.backup.ftp: "127.0.0.1"
FF - user.js..network.proxy.backup.ftp_port: 4001
FF - user.js..network.proxy.backup.gopher: "127.0.0.1"
FF - user.js..network.proxy.backup.gopher_port: 4001
FF - user.js..network.proxy.backup.socks: "127.0.0.1"
FF - user.js..network.proxy.backup.socks_port: 4001
FF - user.js..network.proxy.backup.ssl: "127.0.0.1"
FF - user.js..network.proxy.backup.ssl_port: 4001
FF - user.js..network.proxy.ftp: "127.0.0.1"
FF - user.js..network.proxy.ftp_port: 4001
FF - user.js..network.proxy.gopher: "127.0.0.1"
FF - user.js..network.proxy.gopher_port: 4001
FF - user.js..network.proxy.share_proxy_settings: trueuser_pref("network.proxy.socks", "");
FF - user.js..network.proxy.socks_port: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.09.19 11:38:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.30 17:01:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.18 10:00:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.08.04 17:15:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2011.10.02 09:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\cuknkzye.default\extensions
[2011.09.27 09:09:52 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\cuknkzye.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.08.19 19:05:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\cuknkzye.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.06.21 13:55:13 | 000,001,594 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\cuknkzye.default\searchplugins\wunschlistede.xml
[2011.08.05 18:55:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.08.05 18:55:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CUKNKZYE.DEFAULT\EXTENSIONS\{11483926-DB67-4190-91B1-EF20FCEC5F33}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CUKNKZYE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CUKNKZYE.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CUKNKZYE.DEFAULT\EXTENSIONS\URL-TOOLTIP@TIMOTHYTATE.NET.XPI
[2011.09.30 17:01:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.30 17:01:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.30 17:01:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.30 17:01:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.30 17:01:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.30 17:01:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.30 17:01:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.08.06 12:48:57 | 000,001,357 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Limited)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [cFosSpeed] C:\Programme\Topos\cFosSpeed\cfosspeed.exe (cFos Software GmbH)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe] C:\Users\admin\AppData\Local\Temp\7SDX33Y5VV.exe (4 MB)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_17_Premium_Download-Version\TrayServer.exe (MAGIX AG)
O4 - HKCU..\Run: [Adobe] C:\Users\admin\AppData\Local\Temp\7SDX33Y5VV.exe (4 MB)
O4 - HKCU..\Run: [DVBV Service Ctrl] C:\Program Files (x86)\DVBViewer\DVBVCtrl.exe (CM&V Hackbart)
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKCU..\Run: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe (Crystal Rich Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Adobe = C:\Users\admin\AppData\Local\Temp\7SDX33Y5VV.exe (4 MB)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC277A2D-3A31-4A16-A821-DC9BAF4433B0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cede23a1-c2cc-11e0-a835-f46d049d51e7}\Shell - "" = AutoRun
O33 - MountPoints2\{cede23a1-c2cc-11e0-a835-f46d049d51e7}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.06 12:01:01 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2011.10.06 11:31:27 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\sar_15_sfx
[2011.10.05 19:40:44 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Neuer Ordner
[2011.10.05 17:45:23 | 000,144,672 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2011.10.04 14:37:16 | 000,000,000 | ---D | C] -- C:\Temp
[2011.10.04 14:08:13 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\golf3
[2011.09.30 23:51:52 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\FIFA 12
[2011.09.30 23:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fifa 12
[2011.09.23 14:53:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011.09.18 20:43:58 | 000,000,000 | ---D | C] -- C:\AllSyncBackup
[2011.09.18 20:13:07 | 002,103,216 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Codejock.CommandBars.v12.0.0.ocx
[2011.09.18 20:13:07 | 000,992,608 | ---- | C] (Bennet-Tec Information Systems, Inc) -- C:\Windows\SysWow64\TList8.ocx
[2011.09.18 20:13:07 | 000,587,968 | ---- | C] (Xceed Software Inc        (450) 442-2626        support@xceedsoft.com        www.xceedsoft.com) -- C:\Windows\SysWow64\XceedZip.dll
[2011.09.18 20:13:07 | 000,450,560 | ---- | C] (LogicNP Software (hxxp://www.ssware.com)) -- C:\Windows\SysWow64\fldrvw90.ocx
[2011.09.18 20:13:07 | 000,176,128 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\vbalEdit.ocx
[2011.09.18 20:13:07 | 000,094,208 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtFrame.ocx
[2011.09.18 20:13:07 | 000,081,920 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtSplitter.ocx
[2011.09.18 20:13:07 | 000,081,920 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtDateTimePicker2.ocx
[2011.09.18 20:13:07 | 000,073,728 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtScrollContainer.ocx
[2011.09.18 20:13:07 | 000,069,632 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtProgressBar2.ocx
[2011.09.18 20:13:07 | 000,049,152 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtSpinTextbox.ocx
[2011.09.18 20:13:07 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.DLL
[2011.09.18 20:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllSync
[2011.09.18 20:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AllSync
[2011.09.18 20:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AllSync
[2011.09.15 12:23:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.09.14 12:33:45 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Youtube Downloader HD
[2011.09.12 20:43:23 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Sophos
[2011.09.12 15:25:53 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
[2011.09.11 17:56:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dead Island
[2011.09.10 17:07:36 | 000,000,000 | R--D | C] -- C:\Users\admin\Virtual Machines
[2011.09.10 17:01:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Virtual PC
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\tr-TR
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\th-TH
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sv-SE
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ru-RU
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ro-RO
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-PT
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-BR
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nl-NL
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nb-NO
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ko-KR
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\hu-HU
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fr-FR
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fi-FI
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\es-ES
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\en-US
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\el-GR
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\da-DK
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\cs-CZ
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ar-SA
[2011.09.10 16:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2011.09.10 14:31:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011.09.10 14:31:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011.09.10 13:48:15 | 000,097,792 | ---- | C] (T0r0 2008) -- C:\Windows\SysWow64\drivers\NSHE.SYS
[2011.09.08 21:59:16 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Handling.cfg
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.06 12:01:02 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2011.10.06 12:00:17 | 000,000,168 | ---- | M] () -- C:\Users\admin\defogger_reenable
[2011.10.06 12:00:01 | 000,050,477 | ---- | M] () -- C:\Users\admin\Desktop\Defogger.exe
[2011.10.06 11:07:13 | 000,022,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.06 11:07:13 | 000,022,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.06 11:04:36 | 000,652,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.10.06 11:04:35 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.10.06 11:04:35 | 000,698,726 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.10.06 11:04:35 | 000,148,782 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.10.06 11:04:35 | 000,121,640 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.06 11:00:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.06 09:41:11 | 000,002,032 | -H-- | M] () -- C:\Users\admin\Documents\Default.rdp
[2011.10.05 19:09:30 | 000,908,706 | ---- | M] () -- C:\Users\admin\Desktop\Konzeptzeichnung_kleiner.pdf
[2011.10.05 18:36:54 | 000,088,063 | ---- | M] () -- C:\Users\admin\Desktop\Anschlussbelegung der Steckanschlüsse am Schalttafeleinsatz.pdf
[2011.10.05 18:36:14 | 000,204,168 | ---- | M] () -- C:\Users\admin\Desktop\Printing from Tmplt62.pdf
[2011.10.05 17:45:24 | 000,144,672 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2011.10.04 22:30:08 | 000,000,030 | ---- | M] () -- C:\Program Files (x86)\Exiferupdate.ini
[2011.10.04 13:53:37 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2011.09.30 23:48:06 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Fifa 12.lnk
[2011.09.28 09:32:57 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\TSDoctor.lnk
[2011.09.27 21:00:10 | 000,265,254 | ---- | M] () -- C:\Users\admin\Desktop\barclaycard.pdf
[2011.09.26 23:12:26 | 000,364,544 | ---- | M] () -- C:\Users\admin\Documents\Database1.accdb
[2011.09.26 22:42:11 | 000,001,456 | ---- | M] () -- C:\Users\admin\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.09.24 10:21:22 | 000,000,655 | ---- | M] () -- C:\Users\admin\Desktop\_STUDIUM - Verknüpfung.lnk
[2011.09.20 22:17:13 | 000,001,115 | ---- | M] () -- C:\Windows\PVAStrumento.ini
[2011.09.18 20:13:10 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\AllSync .lnk
[2011.09.18 12:00:54 | 000,012,468 | ---- | M] () -- C:\Users\admin\Desktop\OEVM3_16-09-2011.pdf
[2011.09.18 12:00:25 | 000,018,597 | ---- | M] () -- C:\Users\admin\Desktop\WVM5_16-09-2011.pdf
[2011.09.18 09:09:00 | 000,000,017 | ---- | M] () -- C:\Users\admin\AppData\Local\resmon.resmoncfg
[2011.09.18 03:05:53 | 001,594,042 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.14 11:05:17 | 000,001,070 | ---- | M] () -- C:\Users\admin\Desktop\mount.bat - Verknüpfung.lnk
[2011.09.13 10:01:11 | 000,001,079 | ---- | M] () -- C:\Users\admin\Desktop\ftprush.exe.lnk
[2011.09.13 10:01:00 | 000,001,027 | ---- | M] () -- C:\Users\admin\Desktop\mirc.exe.lnk
[2011.09.13 10:00:31 | 000,001,198 | ---- | M] () -- C:\Users\admin\Desktop\StaxRip.exe.lnk
[2011.09.10 19:10:11 | 000,000,874 | ---- | M] () -- C:\Users\admin\Desktop\Handbrake.lnk
[2011.09.10 01:11:30 | 018,913,121 | ---- | M] () -- C:\Users\admin\Desktop\_MG_2903.CR2
[2011.09.10 01:11:01 | 017,792,474 | ---- | M] () -- C:\Users\admin\Desktop\_MG_1093.CR2
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.06 12:00:17 | 000,000,168 | ---- | C] () -- C:\Users\admin\defogger_reenable
[2011.10.06 12:00:01 | 000,050,477 | ---- | C] () -- C:\Users\admin\Desktop\Defogger.exe
[2011.10.05 19:07:17 | 000,908,706 | ---- | C] () -- C:\Users\admin\Desktop\Konzeptzeichnung_kleiner.pdf
[2011.10.01 13:44:44 | 000,204,168 | ---- | C] () -- C:\Users\admin\Desktop\Printing from Tmplt62.pdf
[2011.10.01 13:44:44 | 000,088,063 | ---- | C] () -- C:\Users\admin\Desktop\Anschlussbelegung der Steckanschlüsse am Schalttafeleinsatz.pdf
[2011.09.30 23:48:06 | 000,001,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fifa 12.lnk
[2011.09.30 23:48:06 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Fifa 12.lnk
[2011.09.27 21:00:10 | 000,265,254 | ---- | C] () -- C:\Users\admin\Desktop\barclaycard.pdf
[2011.09.26 22:40:09 | 000,001,456 | ---- | C] () -- C:\Users\admin\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.09.26 15:40:45 | 000,364,544 | ---- | C] () -- C:\Users\admin\Documents\Database1.accdb
[2011.09.24 10:21:22 | 000,000,655 | ---- | C] () -- C:\Users\admin\Desktop\_STUDIUM - Verknüpfung.lnk
[2011.09.19 11:38:34 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2011.09.19 11:38:34 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2011.09.18 20:13:10 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\AllSync .lnk
[2011.09.18 20:13:07 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\zlibwapi.dll
[2011.09.18 12:00:54 | 000,012,468 | ---- | C] () -- C:\Users\admin\Desktop\OEVM3_16-09-2011.pdf
[2011.09.18 12:00:25 | 000,018,597 | ---- | C] () -- C:\Users\admin\Desktop\WVM5_16-09-2011.pdf
[2011.09.18 09:09:00 | 000,000,017 | ---- | C] () -- C:\Users\admin\AppData\Local\resmon.resmoncfg
[2011.09.14 11:05:17 | 000,001,070 | ---- | C] () -- C:\Users\admin\Desktop\mount.bat - Verknüpfung.lnk
[2011.09.13 10:01:11 | 000,001,079 | ---- | C] () -- C:\Users\admin\Desktop\ftprush.exe.lnk
[2011.09.13 10:01:00 | 000,001,027 | ---- | C] () -- C:\Users\admin\Desktop\mirc.exe.lnk
[2011.09.13 10:00:31 | 000,001,198 | ---- | C] () -- C:\Users\admin\Desktop\StaxRip.exe.lnk
[2011.09.10 13:47:58 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2011.09.10 13:47:58 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI
[2011.09.10 01:07:08 | 018,913,121 | ---- | C] () -- C:\Users\admin\Desktop\_MG_2903.CR2
[2011.09.10 01:06:47 | 017,792,474 | ---- | C] () -- C:\Users\admin\Desktop\_MG_1093.CR2
[2011.09.08 17:15:26 | 000,000,874 | ---- | C] () -- C:\Users\admin\Desktop\Handbrake.lnk
[2011.08.19 23:48:20 | 000,001,115 | ---- | C] () -- C:\Windows\PVAStrumento.ini
[2011.08.08 21:03:38 | 001,594,042 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.08 20:45:08 | 000,000,132 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.08.08 19:48:34 | 000,000,030 | ---- | C] () -- C:\Program Files (x86)\Exiferupdate.ini
[2011.08.07 19:11:27 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2011.08.07 18:55:46 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Installer Plugin
[2011.08.07 18:55:46 | 000,000,268 | RH-- | C] () -- C:\ProgramData\InkjetPrinter
[2011.08.07 18:55:46 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Importer
[2011.08.07 18:55:46 | 000,000,268 | RH-- | C] () -- C:\Users\admin\AppData\Roaming\Image Units
[2011.08.07 18:55:46 | 000,000,268 | RH-- | C] () -- C:\Users\admin\AppData\Roaming\Image Manipulation
[2011.08.07 18:55:46 | 000,000,268 | RH-- | C] () -- C:\Users\admin\AppData\Roaming\Image Capture
[2011.08.07 18:55:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.08.07 18:55:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.08.07 18:55:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.08.07 18:55:46 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Licenses
[2011.08.07 18:55:46 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Legacy
[2011.08.07 18:55:46 | 000,000,012 | RH-- | C] () -- C:\ProgramData\LaserPrinter
[2011.08.06 18:40:12 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2011.08.06 18:40:11 | 000,000,457 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.08.06 18:40:11 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.08.05 20:41:10 | 000,000,942 | ---- | C] () -- C:\Users\admin\AppData\Roaming\coreavc.ini
[2011.08.05 19:33:55 | 000,000,600 | ---- | C] () -- C:\Users\admin\AppData\Local\PUTTY.RND
[2011.08.05 18:52:46 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.08.05 18:52:46 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.08.05 14:38:40 | 000,003,952 | ---- | C] () -- C:\Users\admin\AppData\Roaming\iColorDisplay3.prefs
[2011.08.05 14:38:05 | 000,000,347 | -H-- | C] () -- C:\Users\admin\AppData\Roaming\iColorDisplay3.lic
[2011.08.04 20:58:44 | 000,000,458 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.08.04 18:59:00 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.08.04 16:38:42 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.08.04 16:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.30 00:17:10 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.02.21 23:17:34 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC32.dll
[2011.02.15 12:11:48 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\Viveza2FC32.dll
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
 
========== LOP Check ==========
 
[2011.08.08 19:03:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ACD Systems
[2011.08.29 18:28:59 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.08.06 21:30:02 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DAEMON Tools Lite
[2011.08.10 16:00:02 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Design Science
[2011.08.24 18:29:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ImgBurn
[2011.08.30 00:06:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\MAGIX
[2011.10.06 12:30:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\NetSpeedMonitor
[2011.08.06 18:14:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Nik Software
[2011.08.07 19:00:53 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Nikon
[2011.08.05 18:28:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\QIP
[2011.08.10 11:52:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TeamViewer
[2011.08.04 17:38:16 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird
[2011.08.27 14:27:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TrueCrypt
[2011.08.05 15:13:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\USBSafelyRemove
[2011.08.08 21:57:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Xi
[2011.09.15 00:12:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Youtube Downloader HD
[2009.07.14 07:08:49 | 000,017,766 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.08.04 14:14:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.09.18 20:43:58 | 000,000,000 | ---D | M] -- C:\AllSyncBackup
[2011.08.06 23:44:06 | 000,000,000 | ---D | M] -- C:\ATI
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.08.04 14:14:23 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.08.08 22:47:31 | 000,000,000 | ---D | M] -- C:\FameRing
[2011.08.04 16:44:12 | 000,000,000 | ---D | M] -- C:\Intel
[2011.08.05 21:27:42 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.09.10 16:39:44 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.09.30 23:46:39 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.09.23 15:01:08 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.08.04 14:14:23 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.08.04 14:14:24 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.10.06 12:25:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.04 14:37:16 | 000,000,000 | ---D | M] -- C:\Temp
[2011.08.04 14:14:26 | 000,000,000 | R--D | M] -- C:\Users
[2011.09.23 15:00:31 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
         

hiho



achtung!
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
O4 - HKCU..\Run: [Adobe] C:\Users\admin\AppData\Local\Temp\7SDX33Y5VV.exe (4 MB)
:Files
C:\Users\admin\AppData\Local\Temp\7SDX33Y5VV.exe
:Commands
[purity]
[EMPTYFLASH]
[resethosts]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

Sorry, bin erst jetzt dazu gekommen - hatte dein Script vorhin nur angestellt und musste dann los. Zumindest der (ungewünschte) Prozess scheint schonmal weg zu sein.

Hast du ne Ahnung was das ist/war und wo es hergekommen sein könnte?

Der Upload "MovedFiles.zip" läuft gerade. Muss ich den _OTL Ordner aufheben?


Hier der Inhalt der log Datei:

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe deleted successfully.
C:\Users\admin\AppData\Local\Temp\7SDX33Y5VV.exe moved successfully.
========== FILES ==========
File\Folder C:\Users\admin\AppData\Local\Temp\7SDX33Y5VV.exe not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: admin
->Flash cache emptied: 82244 bytes
 
User: All Users
 
User: Default
->Flash cache emptied: 56468 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: admin
->Temp folder emptied: 85044018 bytes
->Temporary Internet Files folder emptied: 102015725 bytes
->Java cache emptied: 2427912 bytes
->FireFox cache emptied: 704077182 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 12288 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 67342033 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 9640623001 bytes
 
Total Files Cleaned = 10.110,00 mb
 
 
OTL by OldTimer - Version 3.2.29.1 log created on 10062011_130616

Files\Folders moved on Reboot...
C:\Users\admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

den löschen wir später.
was es ist untersuche ich jetzt :-)
du machst dann, nach dem upload, weiter hiermit:
combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.[list][*] Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
[*] Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.

Hier das Ergebnis:
Dass das Tool einfach so ohne Vorwarnung die Files unter "Weitere Löschungen" entfernt hat ist nicht ganz so schön aber zu verschmerzen. Oder liegen die zur Not noch irgendwo? Um die iCDPresets.txt ist es ein wenig ärgerlich, das sind Presets für eine Monitorkalibartionssoftware gewesen.

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 11-10-06.03 - admin 06.10.2011  19:46:00.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8171.6242 [GMT 2:00]
ausgeführt von:: c:\users\admin\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\QIP 2010\Core\MousePhone.dll
c:\users\admin\01.gif
c:\users\admin\01.rar
c:\users\admin\220.gif
c:\users\admin\2201.gif
c:\users\admin\AppData\Roaming\iCDPresets.txt
c:\users\admin\AppData\Roaming\iColorDisplay3Log.txt
c:\windows\SysWow64\UNWISE.EXE
c:\windows\SysWow64\zlibwapi.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-09-06 bis 2011-10-06  ))))))))))))))))))))))))))))))
.
.
2011-10-06 17:48 . 2011-10-06 17:48	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-10-06 11:06 . 2011-10-06 17:37	--------	d-----w-	C:\_OTL
2011-10-05 15:45 . 2011-10-05 15:45	144672	----a-w-	c:\windows\system32\drivers\savonaccess.sys
2011-10-04 12:37 . 2011-10-04 12:37	--------	d-----w-	C:\Temp
2011-09-30 21:46 . 2011-09-30 21:48	--------	d-----w-	c:\program files (x86)\Fifa 12
2011-09-23 20:05 . 2011-09-23 20:05	--------	d-----w-	c:\users\admin\AppData\Local\theHunter
2011-09-23 12:53 . 2011-09-23 12:53	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2011-09-18 18:43 . 2011-09-18 18:43	--------	d-----w-	C:\AllSyncBackup
2011-09-15 10:23 . 2011-09-15 10:23	--------	d-----w-	c:\windows\Sun
2011-09-14 10:33 . 2011-09-14 22:12	--------	d-----w-	c:\users\admin\AppData\Roaming\Youtube Downloader HD
2011-09-12 18:43 . 2011-09-12 18:43	--------	d-----w-	c:\users\admin\AppData\Local\Sophos
2011-09-10 15:07 . 2011-10-01 17:10	--------	d-----r-	c:\users\admin\Virtual Machines
2011-09-10 14:40 . 2010-11-20 03:05	3584	----a-w-	c:\windows\system32\drivers\de-DE\vpchbus.sys.mui
2011-09-10 14:39 . 2011-09-10 14:39	--------	d-----w-	c:\program files\Windows XP Mode
2011-09-10 12:31 . 2011-09-10 12:31	--------	d-----w-	c:\windows\SysWow64\Wat
2011-09-10 12:31 . 2011-09-10 12:31	--------	d-----w-	c:\windows\system32\Wat
2011-09-10 11:48 . 2008-11-23 08:23	97792	----a-w-	c:\windows\SysWow64\drivers\NSHE.SYS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-23 07:09 . 2011-08-04 15:47	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-23 07:32 . 2011-08-23 07:32	26104	----a-w-	c:\windows\system32\drivers\sdcfilter.sys
2011-08-23 07:31 . 2011-08-04 21:51	37400	----a-w-	c:\windows\system32\SophosBootTasks.exe
2011-08-23 07:31 . 2011-08-23 07:31	183024	----a-w-	c:\windows\system32\sdccoinstaller.dll
2011-08-07 16:55 . 2011-08-07 16:55	57344	----a-r-	c:\users\admin\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-08-07 16:55 . 2010-10-25 13:13	106496	----a-w-	c:\windows\SysWow64\ATL71.DLL
2011-08-06 19:29 . 2011-08-06 19:29	270912	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-05 16:55 . 2011-08-05 16:55	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-08-04 18:09 . 2011-08-04 18:09	25608	----a-w-	c:\windows\system32\drivers\SophosBootDriver.sys
2011-08-04 17:48 . 2011-08-04 17:48	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-08-04 17:48 . 2011-08-04 17:48	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2011-08-04 17:48 . 2011-08-04 17:48	85504	----a-w-	c:\windows\system32\iesetup.dll
2011-08-04 17:48 . 2011-08-04 17:48	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2011-08-04 17:48 . 2011-08-04 17:48	76800	----a-w-	c:\windows\system32\tdc.ocx
2011-08-04 17:48 . 2011-08-04 17:48	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2011-08-04 17:48 . 2011-08-04 17:48	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2011-08-04 17:48 . 2011-08-04 17:48	603648	----a-w-	c:\windows\system32\vbscript.dll
2011-08-04 17:48 . 2011-08-04 17:48	49664	----a-w-	c:\windows\system32\imgutil.dll
2011-08-04 17:48 . 2011-08-04 17:48	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2011-08-04 17:48 . 2011-08-04 17:48	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-08-04 17:48 . 2011-08-04 17:48	448512	----a-w-	c:\windows\system32\html.iec
2011-08-04 17:48 . 2011-08-04 17:48	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2011-08-04 17:48 . 2011-08-04 17:48	367104	----a-w-	c:\windows\SysWow64\html.iec
2011-08-04 17:48 . 2011-08-04 17:48	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2011-08-04 17:48 . 2011-08-04 17:48	30720	----a-w-	c:\windows\system32\licmgr10.dll
2011-08-04 17:48 . 2011-08-04 17:48	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2011-08-04 17:48 . 2011-08-04 17:48	222208	----a-w-	c:\windows\system32\msls31.dll
2011-08-04 17:48 . 2011-08-04 17:48	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2011-08-04 17:48 . 2011-08-04 17:48	165888	----a-w-	c:\windows\system32\iexpress.exe
2011-08-04 17:48 . 2011-08-04 17:48	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2011-08-04 17:48 . 2011-08-04 17:48	160256	----a-w-	c:\windows\system32\wextract.exe
2011-08-04 17:48 . 2011-08-04 17:48	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2011-08-04 17:48 . 2011-08-04 17:48	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2011-08-04 17:48 . 2011-08-04 17:48	1492992	----a-w-	c:\windows\system32\inetcpl.cpl
2011-08-04 17:48 . 2011-08-04 17:48	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2011-08-04 17:48 . 2011-08-04 17:48	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2011-08-04 17:48 . 2011-08-04 17:48	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-08-04 17:48 . 2011-08-04 17:48	12288	----a-w-	c:\windows\system32\mshta.exe
2011-08-04 17:48 . 2011-08-04 17:48	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2011-08-04 17:48 . 2011-08-04 17:48	114176	----a-w-	c:\windows\system32\admparse.dll
2011-08-04 17:48 . 2011-08-04 17:48	111616	----a-w-	c:\windows\system32\iesysprep.dll
2011-08-04 17:48 . 2011-08-04 17:48	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2011-08-04 17:48 . 2011-08-04 17:48	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2011-08-04 17:13 . 2011-08-04 17:13	230352	----a-w-	c:\windows\system32\drivers\truecrypt.sys
2011-08-04 15:50 . 2010-08-16 16:21	440064	----a-w-	c:\windows\system32\drivers\hcw88vid.sys
2011-08-04 15:50 . 2010-08-16 16:21	339968	----a-w-	c:\windows\system32\drivers\hcw88tse.sys
2011-08-04 15:50 . 2010-08-16 16:21	110592	----a-w-	c:\windows\system32\drivers\hcw88tun.sys
2011-08-04 15:50 . 2006-09-08 11:37	147456	----a-w-	c:\windows\system32\hcwecppp.ax
2011-08-04 15:50 . 2006-09-08 11:36	99328	----a-w-	c:\windows\system32\hcwcp.ax
2011-08-04 15:50 . 2010-08-16 16:21	259456	----a-w-	c:\windows\system32\drivers\hcw88bda.sys
2011-08-04 15:50 . 2010-08-16 16:21	15872	----a-w-	c:\windows\system32\drivers\hcw88rc5.sys
2011-08-04 15:50 . 2010-08-16 16:21	21632	----a-w-	c:\windows\system32\drivers\hcw88bar.sys
2011-08-04 14:44 . 2011-08-04 14:44	53248	----a-w-	c:\windows\SysWow64\CSVer.dll
2011-08-04 14:37 . 2011-08-04 14:38	518896	----a-w-	c:\windows\system32\SRSTSX64.dll
2011-08-04 14:37 . 2011-08-04 14:38	2580824	----a-w-	c:\windows\system32\WavesGUILib.dll
2011-08-04 14:37 . 2011-08-04 14:38	211184	----a-w-	c:\windows\system32\SRSTSH64.dll
2011-08-04 14:37 . 2011-08-04 14:38	198896	----a-w-	c:\windows\system32\SRSHP64.dll
2011-08-04 14:37 . 2011-08-04 14:38	155888	----a-w-	c:\windows\system32\SRSWOW64.dll
2011-08-04 14:37 . 2011-08-04 14:38	81232	----a-w-	c:\windows\system32\SFCOM64.dll
2011-08-04 14:37 . 2011-08-04 14:38	78160	----a-w-	c:\windows\system32\SFAPO64.dll
2011-08-04 14:37 . 2011-08-04 14:38	74064	----a-w-	c:\windows\SysWow64\SFCOM.dll
2011-08-04 14:37 . 2011-08-04 14:38	332392	----a-w-	c:\windows\system32\RtlCPAPI64.dll
2011-08-04 14:37 . 2011-08-04 14:38	2654824	----a-w-	c:\windows\system32\RtkAPO64.dll
2011-08-04 14:37 . 2011-08-04 14:38	2536040	----a-w-	c:\windows\system32\drivers\RTKVHD64.sys
2011-08-04 14:37 . 2011-08-04 14:38	220496	----a-w-	c:\windows\system32\SFNHK64.dll
2011-08-04 14:37 . 2011-08-04 14:38	2096232	----a-w-	c:\windows\system32\RtPgEx64.dll
2011-08-04 14:37 . 2011-08-04 14:38	149608	----a-w-	c:\windows\system32\RtkCfg64.dll
2011-08-04 14:37 . 2011-08-04 14:38	118464	----a-w-	c:\windows\system32\SFSS_APO.dll
2011-08-04 14:37 . 2011-08-04 14:38	1146984	----a-w-	c:\windows\system32\RTSnMg64.cpl
2011-08-04 14:37 . 2011-08-04 14:38	99016	----a-w-	c:\windows\system32\RTEEL64A.dll
2011-08-04 14:37 . 2011-08-04 14:38	82024	----a-w-	c:\windows\system32\RCoInst64.dll
2011-08-04 14:37 . 2011-08-04 14:38	76488	----a-w-	c:\windows\system32\RTEEG64A.dll
2011-08-04 14:37 . 2011-08-04 14:38	72336	----a-w-	c:\windows\system32\R4EEG64A.dll
2011-08-04 14:37 . 2011-08-04 14:38	618600	----a-w-	c:\windows\system32\RtkApi64.dll
2011-08-04 14:37 . 2011-08-04 14:38	561256	----a-w-	c:\windows\system32\RCoRes64.dat
2011-08-04 14:37 . 2011-08-04 14:38	419472	----a-w-	c:\windows\system32\R4EED64A.dll
2011-08-04 14:37 . 2011-08-04 14:38	372936	----a-w-	c:\windows\system32\RTEEP64A.dll
2011-08-04 14:37 . 2011-08-04 14:38	307920	----a-w-	c:\windows\system32\RP3DHT64.dll
2011-08-04 14:37 . 2011-08-04 14:38	307920	----a-w-	c:\windows\system32\RP3DAA64.dll
2011-08-04 14:37 . 2011-08-04 14:38	201928	----a-w-	c:\windows\system32\RTEED64A.dll
2011-08-04 14:37 . 2011-08-04 14:38	1716368	----a-w-	c:\windows\system32\R4EEP64A.dll
2011-08-04 14:37 . 2011-08-04 14:38	125584	----a-w-	c:\windows\system32\R4EEL64A.dll
2011-08-04 14:37 . 2011-08-04 14:38	1242728	----a-w-	c:\windows\system32\RTCOM64.dll
2011-08-04 14:37 . 2011-08-04 14:38	106640	----a-w-	c:\windows\system32\R4EEA64A.dll
2011-08-04 14:37 . 2011-08-04 14:38	341336	----a-w-	c:\windows\system32\MaxxAudioAPO30.dll
2011-08-04 14:37 . 2011-08-04 14:38	334680	----a-w-	c:\windows\system32\MaxxVolumeSDAPO.dll
2011-08-04 14:37 . 2011-08-04 14:38	318808	----a-w-	c:\windows\system32\MaxxAudioAPO20.dll
2011-08-04 14:37 . 2011-08-04 14:38	2197264	----a-w-	c:\windows\system32\MaxxAudioEQ.dll
2011-08-04 14:37 . 2011-08-04 14:38	1770328	----a-w-	c:\windows\system32\MaxxAudioRealtek.dll
2011-08-04 14:37 . 2011-08-04 14:38	491112	----a-w-	c:\windows\system32\DTSSymmetryDLL64.dll
2011-08-04 14:37 . 2011-08-04 14:38	475752	----a-w-	c:\windows\system32\DTSVoiceClarityDLL64.dll
2011-08-04 14:37 . 2011-08-04 14:38	317032	----a-w-	c:\windows\system32\DTSNeoPCDLL64.dll
2011-08-04 14:37 . 2011-08-04 14:38	1937312	----a-w-	c:\windows\system32\FMAPO64.dll
2011-08-04 14:37 . 2011-08-04 14:38	1327208	----a-w-	c:\windows\system32\DTSS2SpeakerDLL64.dll
2011-08-04 14:37 . 2011-08-04 14:38	1179752	----a-w-	c:\windows\system32\DTSS2HeadphoneDLL64.dll
2011-08-04 14:37 . 2011-08-04 14:38	504936	----a-w-	c:\windows\system32\DTSBassEnhancementDLL64.dll
2011-08-04 14:37 . 2011-08-04 14:38	269928	----a-w-	c:\windows\system32\DTSLimiterDLL64.dll
2011-08-04 14:37 . 2011-08-04 14:38	266856	----a-w-	c:\windows\system32\DTSGainCompensatorDLL64.dll
2011-08-04 14:37 . 2011-08-04 14:38	200800	----a-w-	c:\windows\system32\AERTAC64.dll
2011-08-04 14:37 . 2011-08-04 14:38	126056	----a-w-	c:\windows\system32\DTSLFXAPO64.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2011-08-04 1496528]
"DVBV Service Ctrl"="c:\program files (x86)\DVBViewer\DVBVCtrl.exe" [2011-07-22 80896]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"USB Safely Remove"="c:\program files (x86)\USB Safely Remove\USBSafelyRemove.exe" [2011-06-25 3577931]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2011-08-23 494616]
"TrayServer"="c:\program files (x86)\MAGIX\Video_deluxe_17_Premium_Download-Version\TrayServer.exe" [2008-08-07 90112]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuatoCalibrationLoader.lnk - c:\program files (x86)\Quato\iColorDisplay\QuatoCalibrationLoader.exe [2007-10-1 499712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\BC5D.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X-Rite;X-Rite USB Service;c:\windows\system32\DRIVERS\XrUsb64.sys [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DVBVRecorder;DVBViewer Recording Service;c:\program files (x86)\DVBViewer\DVBVservice.exe [2011-08-05 745600]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-03-29 66560]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-10-05 167960]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2011-08-23 99864]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-10-05 1543704]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files (x86)\USB Safely Remove\USBSRService.exe [2011-06-25 550840]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys [2011-08-05 14544]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 hcw88bda;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [x]
S3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\Drivers\hcw88rc5.sys [x]
S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [x]
S3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cFosSpeed"="c:\program files\Topos\cFosSpeed\cFosSpeed.exe" [2009-10-30 1343704]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\cuknkzye.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - user.js: network.proxy.backup.ftp - 127.0.0.1
FF - user.js: network.proxy.backup.ftp_port - 4001
FF - user.js: network.proxy.backup.gopher - 127.0.0.1
FF - user.js: network.proxy.backup.gopher_port - 4001
FF - user.js: network.proxy.backup.socks - 127.0.0.1
FF - user.js: network.proxy.backup.socks_port - 4001
FF - user.js: network.proxy.backup.ssl - 127.0.0.1
FF - user.js: network.proxy.backup.ssl_port - 4001
FF - user.js: network.proxy.ftp - 127.0.0.1
FF - user.js: network.proxy.ftp_port - 4001
FF - user.js: network.proxy.gopher - 127.0.0.1
FF - user.js: network.proxy.gopher_port - 4001
FF - user.js: network.proxy.share_proxy_settings - true);user_pref(network.proxy.socks, 
FF - user.js: network.proxy.socks_port - 0
.
.
------- Dateityp-Verknüpfung -------
.
txtfile=c:\windows\NOTEPAD.EXE %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{1CDE9DB9-7D47-46F8-83DC-9DD9899BBBFC} - c:\programdata\{1E8BE8F5-704E-408F-A339-D33679C773FF}\remask3_setup_ext.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\BC5D.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1282756518-98931585-37175459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40po\UserChoice]
@Denied: (2) (S-1-5-21-1282756518-98931585-37175459-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40po"
.
[HKEY_USERS\S-1-5-21-1282756518-98931585-37175459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40pp\UserChoice]
@Denied: (2) (S-1-5-21-1282756518-98931585-37175459-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40pp"
.
[HKEY_USERS\S-1-5-21-1282756518-98931585-37175459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40ppf\UserChoice]
@Denied: (2) (S-1-5-21-1282756518-98931585-37175459-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40ppf"
.
[HKEY_USERS\S-1-5-21-1282756518-98931585-37175459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-1282756518-98931585-37175459-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xmp"
.
[HKEY_USERS\S-1-5-21-1282756518-98931585-37175459-1000\Software\SecuROM\License information*]
"datasecu"=hex:fd,c8,aa,a6,4d,e9,cf,75,94,47,61,36,18,c6,7c,cd,f9,aa,d7,3a,fc,
   a0,0a,c1,12,16,b7,c4,b7,2d,dc,f3,2b,78,73,52,8c,23,0d,7e,e6,91,6f,ed,fd,52,\
"rkeysecu"=hex:5b,e2,47,5b,c1,5b,1c,62,61,9a,3d,a0,08,cd,76,c2
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\brsvc01a.exe
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\windows\SysWOW64\brss01a.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-10-06  19:51:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-10-06 17:50
.
Vor Suchlauf: 12 Verzeichnis(se), 48.631.500.800 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 48.088.621.056 Bytes frei
.
- - End Of File - - E6561F0B2A33679C1503779627723696
         

sieht gut aus.

malwarebytes:
Downloade Dir bitte Malwarebytes

• Installiere
  das Programm in den vorgegebenen Pfad.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche
  nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet
  ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste
  das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.

1 Fund HackTool.Hiderun gefunden und entfernt

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7887

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

06.10.2011 20:31:53
mbam-log-2011-10-06 (20-31-53).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 184866
Laufzeit: 1 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\installer\MSI3898.tmp (HackTool.Hiderun) -> Quarantined and deleted successfully.
         

bitte nen vollständigen scan machen.

alle Festplatten? Habe 3 Externe dran, die eher nur zu Backupzwecken, TV Aufnahmen, etc dienen. Die auch?

um sicher zu gehen kann man die auch mit prüfen.
schalte während des laufs alle programme, wie hintergrund wächter von antimalware software aus, geht meist über rechtsklick im tray symbol, und deaktivieren.
trenne die inet verbindung, lan kabel ziehen oder wlan aus und arbeite nicht am pc. schalte außerdem sonstige aktiven programme ab, alle im tray und offene fenster.

1 Fund, der aber meiner Meinung nach harmlos ist. Das ist ein Tool um die Sternchen ***** in Passwortfeldern in Klartext sichtbar zu machen:

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7887

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

06.10.2011 21:39:03
mbam-log-2011-10-06 (21-39-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 512055
Laufzeit: 36 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
d:\TOOLS\pantsoff.exe (PUP.PSWFinder) -> Not selected for removal.
         

jo, steht ja da
PUP
is potential unwanted program.
ok weiter gehts:

lade den CCleaner standard:
CCleaner - Standard
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

AC3Filter 1.63b Alexander Vigovsky 31.08.2011 1.63b notwendig
Adobe Acrobat X Pro - English, Français, Deutsch Adobe Systems 18.09.2011 3.436MB 10.1.1 notwendig
Adobe Creative Suite 5.5 Master Collection Adobe Systems Incorporated 05.08.2011 3.764MB 5.5 notwendig
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 22.09.2011 6,00MB 10.3.183.10 notwendig
Advanced PDF Password Recovery Elcomsoft Co. Ltd. 05.08.2011 6,68MB 5.4.48.423 notwendig
AllSync 3.1.1 Michael Thummerer Software Design 17.09.2011 3.1.1 notwendig
Asmedia ASM104x USB 3.0 Host Controller Driver Asmedia Technology 03.08.2011 2,09MB 1.2.9.0 unbekannt (wird zum Mainboardtreibe gehören)
ATI Catalyst Install Manager ATI Technologies, Inc. 05.08.2011 22,4MB 3.0.833.0 notwendig
AviSynth 2.5 04.08.2011 notwendig
CCleaner Piriform 06.10.2011 3.11 notwendig
cFosSpeed v5.00 cFos Software GmbH, Bonn 04.08.2011 5.00 notwendig
Color Efex Pro 3.0 Complete Nik Software, Inc. 05.08.2011 3.1.1.0 notwendig
CoreAVC Professional Edition (remove only) 31.08.2011 notwendig
DAEMON Tools Lite DT Soft Ltd 05.08.2011 4.41.3.0173 notwendig
Dfine 2.0 Nik Software, Inc. 05.08.2011 2.1.0.7 notwendig
DVBViewer Pro CM&V 04.08.2011 14,2MB 4.8.1 notwendig
DVBViewer Recording Service CM&V 04.08.2011 10,5MB 1.9.0.3 notwendig
DVD Decrypter (Remove Only) 18.08.2011 notwendig
Exifer Friedemann Schmidt 07.08.2011 notwendig
Fifa 12 (c) Electronic Arts version 1 29.09.2011 1 notwendig
GTA San Andreas Rockstar Games 05.08.2011 1.00.00001 notwendig
Haali Media Splitter 04.08.2011 notwendig
Handbrake 4196 Nightly 05.08.2011 4196 Nightly notwendig
HDR Efex Pro Nik Software, Inc. 05.08.2011 1.2.0.0 notwendig
iColor Display 3.7.3.0 (nur entfernen) 04.08.2011 notwendig
ImgBurn LIGHTNING UK! 23.08.2011 2.5.5.0 notwendig
Intel(R) Control Center Intel Corporation 04.08.2011 1.2.1.1007 unbekannt MB Treiber
Intel(R) Management Engine Components Intel Corporation 04.08.2011 7.0.0.1118 unbekannt MB Treiber
Intel(R) Rapid Storage Technology Intel Corporation 04.08.2011 10.5.0.1026 unbekannt MB Treiber
Java(TM) 6 Update 26 Oracle 04.08.2011 94,9MB 6.0.260 notwendig
JDownloader 0.9 AppWork GmbH 09.08.2011 0.9 notwendig
Kolor Autopano Giga 2.5 Kolor 12.08.2011 V2.5.2 notwendig
MAGIX Video deluxe 17 Premium Download-Version MAGIX AG 29.08.2011 10.0.1.14 notwendig
marvell 91xx driver Marvell 03.08.2011 1.0.0.1045 notwendig
MathType 6 Design Science, Inc. 05.08.2011 6.7 notwendig
MediaInfo 0.7.48 MediaArea.net 31.08.2011 10,2MB 0.7.48 notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 03.08.2011 38,8MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 03.08.2011 2,94MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended Microsoft Corporation 07.08.2011 52,0MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 07.08.2011 10,7MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Corporation 07.08.2011 83,5MB 4.0.30319 unbekannt
Microsoft Expression Studio 4 Microsoft Corporation 07.08.2011 4.0.20705.0 notwendig
Microsoft Expression Web 4 Microsoft Corporation 10.09.2011 4.0.1303.0 notwendig
Microsoft Office Professional Plus 2010 Microsoft Corporation 09.09.2011 14.0.6029.1000 notwendig
Microsoft Silverlight 3 SDK Microsoft Corporation 07.08.2011 31,9MB 3.0.40818.0 unbekannt / unnötig
Microsoft Silverlight 4 SDK Microsoft Corporation 07.08.2011 51,6MB 4.0.50401.0 unbekannt / unnötig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 06.08.2011 0,29MB 8.0.59193 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 12.08.2011 0,76MB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 14.08.2011 0,77MB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 29.08.2011 0,58MB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 30.08.2011 0,59MB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 11.08.2011 13,7MB 10.0.30319 unbekannt
Mozilla Firefox 7.0.1 (x86 de) Mozilla 29.09.2011 32,7MB 7.0.1 notwendig
Mozilla Thunderbird (7.0.1) Mozilla 01.10.2011 7.0.1 (de) notwendig
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 08.08.2011 1,28MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 08.08.2011 1,33MB 4.20.9876.0 unbekannt
NetSpeedMonitor 2.5.4.0 x64 Florian Gilles 04.08.2011 1,25MB 2.5.4.0 notwendig
Picture Control Utility Nikon 06.08.2011 20,8MB 1.2.2 notwendig
PSPad editor Jan Fiala 03.08.2011 notwendig
QIP 2010 3.1.5890 04.08.2011 3.1.5890 notwendig
QuickTime Alternative 3.2.2 06.08.2011 61,1MB 3.2.2 notwendig
Realtek Ethernet Controller Driver Realtek 03.08.2011 7.31.1025.2010 notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 03.08.2011 6.0.1.6235 notwendig
Sharpener Pro 3.0 Nik Software, Inc. 05.08.2011 3.0.0.5 notwendig
Silver Efex Pro 2 Nik Software, Inc. 05.08.2011 2.0.0.0 notwendig
Smart Cutter for DV and DVB FameRing 07.08.2011 17,8MB 1.00.0000 notwendig
Sophos Anti-Virus Sophos Limited 04.10.2011 37,5MB 9.7.6 notwendig
Sophos AutoUpdate Sophos Limited 30.08.2011 11,3MB 2.5.10 notwendig
TrueCrypt TrueCrypt Foundation 03.08.2011 7.0a notwendig
TSDoctor Cypheros 27.09.2011 5,85MB 1.1.29 notwendig
USB Safely Remove 4.6 SafelyRemove.com 04.08.2011 7,43MB notwendig
ViewNX 2 Nikon 06.08.2011 64,4MB 2.1.2 notwendig
Winamp Nullsoft, Inc 08.08.2011 5.621 notwendig
Windows Live ID Sign-in Assistant Microsoft Corporation 07.08.2011 10,0MB 6.500.3165.0 unbekannt
Windows Mobile-Gerätecenter Microsoft Corporation 06.08.2011 27,4MB 6.1.6965.0 notwendig
Windows XP Mode Microsoft Corporation 09.09.2011 1.161MB 1.3.7600.16422 notwendig
WinRAR 4.01 (64-bit) win.rar GmbH 03.08.2011 4.01.0 notwendig
WPF Toolkit February 2010 (Version 3.5.50211.1) Microsoft Corporation 07.08.2011 4,84MB 3.5.50211.1 unbekannt
Xvid 1.2.2 final uninstall Xvid team (Koepi) 04.08.2011 1.2 notwendig

ok noch probleme aufgetreten?

Nein, alles Bestens, im Prinzip hat dein erster Post das Problem schon behoben
Ich achte ansich auch immer darauf, dass das System nicht unnötig zumüllt usw. wie man ja auch an der relativ aufgeräumten Programmliste sieht

Deswegen ist mir dieser komische Systemprozess auch direkt aufgefallen.