| |
| |||||||
Log-Analyse und Auswertung: Restlose Virenentfernung durch G-Data Internet Security 2012 oder nichtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.12.2011, 20:33
| #1 |
 |  Restlose Virenentfernung durch G-Data Internet Security 2012 oder nicht Hallo und guten Abend. Während dem Surfen mit Firefox erschien mir eine VirenMeldung von G-Data. Virus: JS:ScriptIP-int[Trj](Engine B) Ort: C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\6ygxp0r5.default\cache\8\BD Objekt: FAA00d01 Daraufhin habe ich sofort einen Komplettscan mit G-Data von der Festplatte gestartet. Dieser hatte einen Fund: TrojanGeneric.KDV.463508(Engine A) Ort: C:\Users\***\AppData\Roaming Object: xZgcgG.exe Status: Virus Entfernt (Habe auf Aktionen ausführen geklickt) Ich kann nicht glauben, dass durch einen einfachen Virenscan alles entfernt wurde. Ich habe das Gefühl das da noch was am Arbeiten ist, da sich der Mozilla Firefox regelmäßig aufhängt. Durch kurzes Warten ohne viel zu Klicken geht es dann meistens wieder. So, jetzt Die Logs von OTL und GMer:OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.12.2011 18:59:19 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,28% Memory free 4,00 Gb Paging File | 2,71 Gb Available in Paging File | 67,69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,79 Gb Total Space | 88,05 Gb Free Space | 37,83% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.08 18:57:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***a\Desktop\OTL.exe PRC - [2011.10.28 14:36:53 | 001,506,824 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2011.10.28 14:36:43 | 001,617,416 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2011.10.28 14:36:11 | 000,457,536 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe PRC - [2011.10.28 02:40:14 | 001,554,184 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe PRC - [2011.08.10 13:20:28 | 001,613,424 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe PRC - [2011.06.06 16:54:56 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe PRC - [2011.06.06 16:52:44 | 001,524,544 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.11 11:18:59 | 000,923,144 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe PRC - [2011.04.08 07:50:36 | 001,406,248 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 10\Nero BackItUp\NBAgent.exe PRC - [2011.04.01 10:16:02 | 000,409,608 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe PRC - [2011.03.29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe ========== Modules (No Company Name) ========== MOD - [2011.11.18 17:00:32 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011.11.18 16:59:59 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011.11.18 16:59:57 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll MOD - [2011.11.18 16:59:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll MOD - [2011.11.18 16:59:27 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011.11.18 16:59:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011.11.18 16:59:15 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011.11.18 16:59:06 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll MOD - [2011.11.18 16:59:05 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.07.15 17:16:30 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2011.07.15 17:16:30 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2011.07.15 17:16:30 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3693.42456__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2011.07.15 17:16:30 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll MOD - [2011.07.15 17:16:30 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll MOD - [2011.07.15 17:16:30 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3693.42556__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll MOD - [2011.07.15 17:16:30 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll MOD - [2011.07.15 17:16:29 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2011.07.15 17:16:29 | 000,692,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3693.42508__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll MOD - [2011.07.15 17:16:29 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2011.07.15 17:16:29 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3693.42522__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2011.07.15 17:16:29 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2011.07.15 17:16:29 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3693.42517__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2011.07.15 17:16:29 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3693.42450__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2011.07.15 17:16:29 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3693.42499__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2011.07.15 17:16:29 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2011.07.15 17:16:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3693.42451__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2011.07.15 17:16:28 | 001,036,288 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Dashboard\2.0.3693.42473__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Dashboard.dll MOD - [2011.07.15 17:16:28 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2011.07.15 17:16:28 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2011.07.15 17:16:28 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Runtime\2.0.3693.42472__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Runtime.dll MOD - [2011.07.15 17:16:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3693.42503__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2011.07.15 17:16:28 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3693.42536__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2011.07.15 17:16:27 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3693.42488__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2011.07.15 17:16:27 | 000,798,720 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3693.42518__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2011.07.15 17:16:27 | 000,712,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3693.42452__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2011.07.15 17:16:27 | 000,675,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3693.42500__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll MOD - [2011.07.15 17:16:27 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2011.07.15 17:16:27 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3693.42482__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2011.07.15 17:16:27 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2011.07.15 17:16:27 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3693.42512__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2011.07.15 17:16:27 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2011.07.15 17:16:27 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2011.07.15 17:16:27 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2011.07.15 17:16:27 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2011.07.15 17:16:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2011.07.15 17:16:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2011.07.15 17:16:27 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2011.07.15 17:16:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3693.42497__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2011.07.15 17:16:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2011.07.15 17:16:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2011.07.15 17:16:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2011.07.15 17:16:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2011.07.15 17:16:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2011.07.15 17:16:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2011.07.15 17:16:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2011.07.15 17:16:26 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2011.07.15 17:16:25 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll MOD - [2011.07.15 17:16:25 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2011.07.15 17:16:25 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll MOD - [2011.07.15 17:16:25 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2011.07.15 17:16:25 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2011.07.15 17:16:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2011.07.15 17:16:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2011.07.15 17:16:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2011.07.15 17:16:25 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll MOD - [2011.07.15 17:16:25 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll MOD - [2011.07.15 17:16:25 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2011.07.15 17:16:25 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll MOD - [2011.07.15 17:16:25 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2011.07.15 17:16:25 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2011.07.15 17:16:24 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2011.07.15 17:16:24 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2011.07.15 17:16:24 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2011.07.15 17:16:24 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2011.07.15 17:16:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2011.07.15 17:16:24 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2011.07.15 17:16:24 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2011.07.15 17:16:24 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3309.28633__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.dll MOD - [2011.07.15 17:16:24 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2011.07.15 17:16:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2011.07.15 17:16:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2011.07.15 17:16:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2011.07.15 17:16:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2011.07.15 17:16:23 | 000,503,808 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3693.42564__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2011.07.15 17:16:23 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2011.07.15 17:16:23 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2011.07.15 17:16:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2011.07.15 17:16:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2011.07.15 17:16:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2011.07.15 17:16:23 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2011.07.15 17:16:23 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2011.07.15 17:16:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2011.07.15 17:16:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll MOD - [2011.07.15 17:16:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2011.07.15 17:16:22 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2011.07.15 17:16:22 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2011.07.15 17:16:22 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll MOD - [2011.07.15 17:16:22 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2011.07.15 17:16:22 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2011.07.15 17:16:22 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2011.07.15 17:16:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2011.07.15 17:16:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2011.07.15 17:16:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2011.07.15 17:16:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2011.07.15 17:16:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2011.07.15 17:16:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2011.07.15 17:16:22 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2011.07.15 17:16:22 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2011.07.15 17:16:22 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3693.42437__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2011.07.15 17:16:21 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2011.07.15 17:16:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2011.07.15 17:16:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2011.07.15 17:16:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2011.07.15 17:16:20 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll MOD - [2011.07.15 17:16:20 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3693.42439__90ba9c70f846762e\APM.Server.dll MOD - [2011.07.15 17:16:20 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll MOD - [2011.07.15 17:16:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2011.07.15 17:16:20 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.13 00:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.11.24 12:36:36 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ========== Win32 Services (SafeList) ========== SRV - [2011.11.30 12:24:49 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.10.28 14:36:53 | 001,506,824 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2011.10.28 14:36:11 | 000,457,536 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2011.10.28 02:40:14 | 001,554,184 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl) SRV - [2011.08.10 13:20:28 | 001,613,424 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc) SRV - [2011.06.06 16:52:44 | 001,524,544 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.06.06 16:49:44 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.01 10:16:02 | 000,409,608 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2011.03.29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.11.04 18:30:58 | 000,041,336 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre) DRV - [2011.11.04 18:29:56 | 000,079,992 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2011.11.04 18:29:56 | 000,040,440 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\GDBehave.sys -- (GDBehave) DRV - [2011.11.04 18:29:55 | 000,054,648 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd) DRV - [2011.08.15 17:28:01 | 000,049,016 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt) DRV - [2011.07.15 14:38:55 | 000,030,256 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\GRD.sys -- (GRD) DRV - [2011.07.13 15:01:33 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2011.07.10 21:50:12 | 000,029,400 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GdNetMon32.sys -- (GdNetMon) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.10.07 11:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010.08.12 11:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET) DRV - [2010.02.11 08:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009.02.10 16:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Programme\UltraISO\drivers\ISODrive.sys -- (ISODrive) DRV - [2007.10.26 17:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=100476&babsrc=HP_ss&mntrId=dc44d9af000000000000000000000000 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 D9 07 5B 97 91 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=100476&babsrc=adbartrp&mntrId=dc44d9af000000000000000000000000&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.17 16:25:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.08 15:26:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.07.10 22:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***a\AppData\Roaming\mozilla\Extensions [2011.12.08 14:12:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6ygxp0r5.default\extensions [2011.11.30 12:17:34 | 000,000,000 | ---D | M] ("pearltrees") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6ygxp0r5.default\extensions\collector@broceliand.fr [2011.12.03 15:59:16 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6ygxp0r5.default\extensions\video.downloader.plugin@ffpimp.com [2011.09.26 18:30:06 | 000,000,917 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6ygxp0r5.default\searchplugins\bingsearch.xml [2011.07.19 10:00:58 | 000,002,227 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6ygxp0r5.default\searchplugins\s-amazon-de.xml [2011.07.24 14:43:14 | 000,005,117 | ---- | M] () -- C:\Users\***a\AppData\Roaming\Mozilla\Firefox\Profiles\6ygxp0r5.default\searchplugins\search.xml [2011.11.17 16:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.08.15 16:54:57 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2011.07.11 16:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2011.10.25 12:59:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.08.15 16:54:57 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{906305F7-AAFC-45E9-8BBD-941950A84DAD} () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6YGXP0R5.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI [2011.11.17 16:25:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.04 18:34:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.28 17:03:23 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.11.04 18:34:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.04 18:34:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.04 18:34:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.04 18:34:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.04 18:34:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search the web (Babylon) (Enabled) CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&AF=100476&babsrc=SP_ss&mntrId=dc44d9af000000000000000000000000 CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*na\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Syncrodriver] C:\Users\***\AppData\Roaming\Syncrodriver.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A896032-D57C-4CFB-AC9B-FE27F4E230A8}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AC84355-B834-4A95-A377-014CCEC368FB}: NameServer = 62.109.123.7 213.191.92.86 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.08 18:57:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.12.08 15:27:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Thunderbird [2011.12.08 15:27:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.12.08 15:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2011.12.04 14:54:03 | 000,000,000 | ---D | C] -- C:\Schriftenpaket 01 [2011.12.04 14:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\PDFReader [2011.12.04 14:49:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Reader [2011.11.28 18:45:37 | 000,401,408 | ---- | C] (Anvil-Soft) -- C:\Users\***\AppData\Roaming\Klomanager.exe [2011.11.28 18:38:23 | 000,504,038 | ---- | C] (3rd Eye Solutions ) -- C:\Users\***\AppData\Roaming\Furzmaschine Pro.exe [2011.11.28 17:03:27 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar [2011.11.28 16:59:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.11.26 19:00:20 | 000,000,000 | ---D | C] -- C:\Users\***a\AppData\Local\MAGIX [2011.11.26 19:00:19 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX_MusicEditor [2011.11.26 18:39:09 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX [2011.11.26 18:33:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Xara [2011.11.26 18:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Shared [2011.11.26 18:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [2011.11.26 18:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX [2011.11.26 18:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2011.11.26 18:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services [2011.11.26 18:05:28 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX Downloads [2011.11.26 18:05:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MAGIX [2011.11.26 18:01:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Babylon [2011.11.26 18:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabVideoConverter [2011.11.26 18:00:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Babylon [2011.11.26 18:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2011.11.26 17:57:28 | 000,000,000 | ---D | C] -- C:\Users\***a\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.11.26 17:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant [2011.11.26 17:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2011.11.23 15:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab [2011.11.23 15:26:27 | 000,000,000 | ---D | C] -- C:\Users\***\SystemRequirementsLab [2011.11.19 17:46:49 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2011.11.19 16:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2011.11.19 16:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games [2011.11.17 16:23:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics [2011.11.10 14:29:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.11.10 14:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.08 19:08:03 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-886095241-1370691973-3231426453-1001UA.job [2011.12.08 18:58:20 | 000,056,682 | -H-- | M] () -- C:\Users\***\AppData\Roaming\***v1.18.0 - Trial versionlog.dat [2011.12.08 18:57:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.12.08 18:50:13 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2011.12.08 18:49:03 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2011.12.08 18:36:15 | 000,000,000 | ---- | M] () -- C:\Users\***\AppData\Roaming\xZqcgG.exe [2011.12.08 15:26:46 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2011.12.08 15:03:04 | 000,000,000 | ---- | M] () -- C:\Users\***\AppData\Roaming\Syncrodriver.exe [2011.12.08 14:18:15 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.08 14:18:15 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.08 14:16:39 | 000,481,820 | ---- | M] () -- C:\Windows\System32\sig.bin [2011.12.08 14:16:39 | 000,034,825 | ---- | M] () -- C:\Windows\System32\nmp.map [2011.12.08 14:11:09 | 000,131,072 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011.12.08 14:11:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.04 20:49:46 | 000,696,520 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.04 20:49:46 | 000,651,838 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.04 20:49:46 | 000,147,816 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.04 20:49:46 | 000,120,770 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.04 14:53:34 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-886095241-1370691973-3231426453-1001Core.job [2011.11.28 18:59:59 | 238,166,373 | ---- | M] () -- C:\Users\***\Documents\street booty enlosschleife2ter versuch.part05.rar [2011.11.28 18:56:00 | 734,003,200 | ---- | M] () -- C:\Users\***\Documents\street booty enlosschleife2ter versuch.part04.rar [2011.11.28 18:52:08 | 000,401,408 | ---- | M] (Anvil-Soft) -- C:\Users\***\AppData\Roaming\Klomanager.exe [2011.11.28 18:39:33 | 734,003,200 | ---- | M] () -- C:\Users\***\Documents\street booty enlosschleife2ter versuch.part03.rar [2011.11.28 18:38:26 | 000,504,038 | ---- | M] (3rd Eye Solutions ) -- C:\Users\***\AppData\Roaming\Furzmaschine Pro.exe [2011.11.28 18:23:22 | 734,003,200 | ---- | M] () -- C:\Users\***a\Documents\street booty enlosschleife2ter versuch.part02.rar [2011.11.28 18:14:22 | 734,003,200 | ---- | M] () -- C:\Users\***\Documents\street booty enlosschleife2ter versuch.part01.rar [2011.11.27 21:12:07 | 206,963,957 | ---- | M] () -- C:\Users\***\Documents\street booty enlosschleife.part03.rar [2011.11.27 21:09:44 | 734,003,200 | ---- | M] () -- C:\Users\***\Documents\street booty enlosschleife.part02.rar [2011.11.27 21:01:02 | 734,003,200 | ---- | M] () -- C:\Users\***\Documents\street booty enlosschleife.part01.rar [2011.11.27 20:41:17 | 000,384,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.11.27 15:43:58 | 3166,981,631 | ---- | M] () -- C:\Users\***a\Documents\street booty enlosschleife.AVI [2011.11.26 18:59:51 | 000,000,970 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Video Pro X3 Download-Version.lnk [2011.11.23 19:51:09 | 000,653,322 | ---- | M] () -- C:\Users\***\Documents\MS34EH Online-Ticket, Versicherung.pdf [2011.11.21 15:09:32 | 000,002,403 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk [2011.11.19 17:46:49 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2011.11.19 17:14:22 | 000,002,142 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk [2011.11.19 16:22:13 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\Rockstar Games Social Club.lnk [2011.11.10 14:35:12 | 000,001,151 | ---- | M] () -- C:\Windows\System32\mapisvc.inf [2011.11.08 22:00:57 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\EAABot.lnk [6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.08 18:50:13 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2011.12.08 18:48:57 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2011.12.08 15:26:46 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2011.12.08 15:26:45 | 000,002,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2011.11.28 18:56:01 | 238,166,373 | ---- | C] () -- C:\Users\***\Documents\street booty enlosschleife2ter versuch.part05.rar [2011.11.28 18:39:33 | 734,003,200 | ---- | C] () -- C:\Users\***\Documents\street booty enlosschleife2ter versuch.part04.rar [2011.11.28 18:38:31 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\Syncrodriver.exe [2011.11.28 18:38:16 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\xZqcgG.exe [2011.11.28 18:23:29 | 734,003,200 | ---- | C] () -- C:\Users\***\Documents\street booty enlosschleife2ter versuch.part03.rar [2011.11.28 18:14:27 | 734,003,200 | ---- | C] () -- C:\Users\***\Documents\street booty enlosschleife2ter versuch.part02.rar [2011.11.28 18:03:58 | 734,003,200 | ---- | C] () -- C:\Users\***\Documents\street booty enlosschleife2ter versuch.part01.rar [2011.11.27 21:09:44 | 206,963,957 | ---- | C] () -- C:\Users\***\Documents\street booty enlosschleife.part03.rar [2011.11.27 21:01:02 | 734,003,200 | ---- | C] () -- C:\Users\***\Documents\street booty enlosschleife.part02.rar [2011.11.27 20:52:53 | 734,003,200 | ---- | C] () -- C:\Users\***\Documents\street booty enlosschleife.part01.rar [2011.11.27 15:30:14 | 3166,981,631 | ---- | C] () -- C:\Users\***a\Documents\street booty enlosschleife.AVI [2011.11.26 18:59:51 | 000,000,970 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Video Pro X3 Download-Version.lnk [2011.11.26 17:57:20 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2011.11.23 19:51:08 | 000,653,322 | ---- | C] () -- C:\Users\Marina\Documents\MS34EH Online-Ticket, Versicherung.pdf [2011.11.19 17:14:22 | 000,002,142 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk [2011.11.19 16:22:13 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\Rockstar Games Social Club.lnk [2011.11.08 22:00:57 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\EAABot.lnk [2011.07.28 19:08:21 | 000,001,021 | ---- | C] () -- C:\Windows\eReg.dat [2011.07.27 12:27:54 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.07.14 16:14:46 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2011.07.11 17:10:25 | 000,481,820 | ---- | C] () -- C:\Windows\System32\sig.bin [2011.07.10 20:26:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.02.11 06:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.07.14 09:47:43 | 000,696,520 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,147,816 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,384,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,651,838 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,120,770 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.04.23 23:29:16 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2005.04.08 03:16:43 | 000,056,682 | -H-- | C] () -- C:\Users\Marina\AppData\Roaming\Marinav1.18.0 - Trial versionlog.dat ========== LOP Check ========== [2011.11.26 18:00:55 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Babylon [2011.11.26 17:57:28 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.09.04 18:31:13 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\GetRightToGo [2011.11.26 19:00:10 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\MAGIX [2011.12.08 15:27:17 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Thunderbird [2011.07.13 15:02:14 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\TrueCrypt [2011.07.28 20:28:15 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\TuneUp Software [2011.09.22 13:29:12 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.08.05 13:02:36 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.07.19 17:45:09 | 000,000,000 | ---D | M] -- C:\ATI [2011.10.31 16:06:44 | 000,000,000 | ---D | M] -- C:\Battlefield 3™ [2011.11.30 12:03:59 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.07.10 20:32:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.07.27 12:25:03 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.12.08 15:26:40 | 000,000,000 | R--D | M] -- C:\Program Files [2011.11.26 18:27:22 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.07.10 20:32:44 | 000,000,000 | -HSD | M] -- C:\Programme [2011.07.10 20:32:44 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.12.04 14:54:04 | 000,000,000 | ---D | M] -- C:\Schriftenpaket 01 [2011.12.08 19:02:12 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.07.10 20:32:54 | 000,000,000 | R--D | M] -- C:\Users [2011.11.28 03:01:09 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys [2010.11.20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys [2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys [2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys [2011.04.25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys [2011.04.25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys [2009.07.14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2010.10.07 11:34:30 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\ProgramData\TuneUp Software\TuneUp Utilities 2011\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe [2010.10.07 11:34:30 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Users\All Users\TuneUp Software\TuneUp Utilities 2011\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2010.10.07 11:34:32 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\ProgramData\TuneUp Software\TuneUp Utilities 2011\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe [2010.10.07 11:34:32 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Users\All Users\TuneUp Software\TuneUp Utilities 2011\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe [2010.10.07 11:34:30 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\ProgramData\TuneUp Software\TuneUp Utilities 2011\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe [2010.10.07 11:34:30 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Users\All Users\TuneUp Software\TuneUp Utilities 2011\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [2010.10.07 11:34:32 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\ProgramData\TuneUp Software\TuneUp Utilities 2011\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe [2010.10.07 11:34:32 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Users\All Users\TuneUp Software\TuneUp Utilities 2011\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-08 13:17:17 < > < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.12.2011 18:59:19 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marina\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,28% Memory free
4,00 Gb Paging File | 2,71 Gb Available in Paging File | 67,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 88,05 Gb Free Space | 37,83% Space Free | Partition Type: NTFS
Computer Name: MARINA-PC | User Name: Marina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}" = Die Sims - Megastar
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34A091DC-47AA-435C-8A8A-5DC724549B79}_is1" = EAABot 0.28beta
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Kwik Themes 1
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E9B398A-8F39-410C-8200-7F5289CD7B02}_is1" = The Sims 3 Ultimate Bundle (Generations Update)
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{6006059E-013D-4B77-BC5C-4DD5E4A6570D}" = G Data InternetSecurity 2012
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Kwik Themes 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85BEC8F6-9AA3-43FF-B56B-8276277137B3}" = Nero 10 Video TransitionPack 1
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}" = Nero 10 Kwik Themes 4
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}" = Nero 10 Kwik Themes 3
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{E77FF215-69B6-475A-82D7-27E3FDF7D252}" = MAGIX Video Pro X3 Download-Version
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}" = Nero 10 PiP EffectPack 1
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BabylonToolbar" = Babylon toolbar on IE
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"MAGIX_MSI_Videodeluxe17_pro" = MAGIX Video Pro X3 Download-Version
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"My Program_is1" = CVBot - Project DEVIL 1.09
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"Steam App 28000" = Kane & Lynch 2: Dog Days
"TrueCrypt" = TrueCrypt
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"UltraISO_is1" = UltraISO Premium V9.35
"Uninstall CD Mate_is1" = CD Mate 2.0
"WinISD beta" = WinISD beta
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"PDF Reader" = PDF Reader
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.11.2011 10:10:52 | Computer Name = Marina-PC | Source = Bonjour Service | ID = 100
Description =
Error - 28.11.2011 10:10:52 | Computer Name = Marina-PC | Source = Bonjour Service | ID = 100
Description =
Error - 28.11.2011 10:10:52 | Computer Name = Marina-PC | Source = Bonjour Service | ID = 100
Description =
Error - 28.11.2011 10:10:53 | Computer Name = Marina-PC | Source = Bonjour Service | ID = 100
Description =
Error - 28.11.2011 10:10:53 | Computer Name = Marina-PC | Source = Bonjour Service | ID = 100
Description =
Error - 28.11.2011 10:10:53 | Computer Name = Marina-PC | Source = Bonjour Service | ID = 100
Description =
Error - 28.11.2011 10:10:54 | Computer Name = Marina-PC | Source = Bonjour Service | ID = 100
Description =
Error - 28.11.2011 10:10:54 | Computer Name = Marina-PC | Source = Bonjour Service | ID = 100
Description =
Error - 28.11.2011 10:10:54 | Computer Name = Marina-PC | Source = Bonjour Service | ID = 100
Description =
Error - 04.12.2011 12:55:58 | Computer Name = Marina-PC | Source = RasClient | ID = 20227
Description =
[ System Events ]
Error - 28.11.2011 13:01:19 | Computer Name = Marina-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst LanmanServer erreicht.
Error - 28.11.2011 13:01:49 | Computer Name = Marina-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 30.11.2011 07:06:31 | Computer Name = Marina-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 30.11.2011 07:06:31 | Computer Name = Marina-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 04.12.2011 09:45:56 | Computer Name = Marina-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 04.12.2011 09:46:03 | Computer Name = Marina-PC | Source = DCOM | ID = 10010
Description =
Error - 07.12.2011 09:31:41 | Computer Name = Marina-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 07.12.2011 09:31:41 | Computer Name = Marina-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 07.12.2011 11:47:04 | Computer Name = Marina-PC | Source = DCOM | ID = 10010
Description =
Error - 08.12.2011 10:38:02 | Computer Name = Marina-PC | Source = BROWSER | ID = 8032
Description =
< End of report >
GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-08 20:00:12
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\0000005a WDC_WD25 rev.10.0
Running: c3s0iyd4.exe; Driver: C:\Users\Marina\AppData\Local\Temp\awdiypod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13D1 82A43349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A7CD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EE12000, 0x267978, 0xE8000020]
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Vielen Dank schon mal für eure Mühe ich werde mein System weiter beobachten. PS: Es befindet sich noch ein weitere Rechner im Netzwerk, wie soll das gehandhabt werden. Dort läuft der Suchlauf noch, es hat aber noch nichts ausgeschlagen. PPS: Eine Sache ist mir gerade noch eingefallen: Vor ein paar Tagen habe ich eine Furzmaschine gestartet und etwas zugelassen was G-Data als Verdächtig angezeigt hatte. Vieleicht hat das etwas mit der aktuellen Geschichte zu tun  .PPPS: Den Inhalt der Logs von G-Data hatte ich noch vergessen: Beim Schließen der Datei "C:\Users\Marina\AppData\Local\Mozilla\Firefox\Profiles\6ygxp0r5.default\Cache\8\BD\FAA00d01" wurde der Virus "JS:ScriptIP-inf [Trj] (Engine B)" entdeckt. Zugriff verweigert.Beim Schließen der Datei "C:\Users\Marina\AppData\Local\Temp\jar_cache4857614142144890589.tmp->json\Parser.class" wurde der Virus "Java:Agent-ZP [Expl] (Engine B)" entdeckt. Zugriff verweigert. Beim Schließen der Datei "C:\Users\Marina\AppData\Local\Temp\jar_cache4857614142144890589.tmp->json\SmartyPointer.class" wurde der Virus "Java:Agent-ZL [Expl] (Engine B)" entdeckt. Zugriff verweigert. Beim Schließen der Datei "C:\Users\Marina\AppData\Local\Temp\jar_cache4857614142144890589.tmp" wurde der Virus "Java:Agent-ZP [Expl], Java:Agent-ZL [Expl] (Engine B)" entdeckt. Zugriff verweigert. Beim Schließen der Datei "C:\Users\Marina\AppData\Local\Temp\jar_cache6713739413338095065.tmp->json\Parser.class" wurde der Virus "Java:Agent-ZP [Expl] (Engine B)" entdeckt. Zugriff verweigert. Beim Schließen der Datei "C:\Users\Marina\AppData\Local\Temp\jar_cache6713739413338095065.tmp->json\SmartyPointer.class" wurde der Virus "Java:Agent-ZL [Expl] (Engine B)" entdeckt. Zugriff verweigert. Beim Schließen der Datei "C:\Users\Marina\AppData\Local\Temp\jar_cache6713739413338095065.tmp" wurde der Virus "Java:Agent-ZP [Expl], Java:Agent-ZL [Expl] (Engine B)" entdeckt. Zugriff verweigert. Beim Schließen der Datei "C:\Users\Marina\AppData\Local\Temp\jar_cache790876577571466795.tmp->json\Parser.class" wurde der Virus "Java:Agent-ZP [Expl] (Engine B)" entdeckt. Zugriff verweigert. Beim Schließen der Datei "C:\Users\Marina\AppData\Local\Temp\jar_cache790876577571466795.tmp->json\SmartyPointer.class" wurde der Virus "Java:Agent-ZL [Expl] (Engine B)" entdeckt. Zugriff verweigert. Beim Schließen der Datei "C:\Users\Marina\AppData\Local\Temp\jar_cache790876577571466795.tmp" wurde der Virus "Java:Agent-ZP [Expl], Java:Agent-ZL [Expl] (Engine B)" entdeckt. Zugriff verweigert. Beim Schließen der Datei "C:\Users\Marina\AppData\Local\Temp\jar_cache899131327700763994.tmp->json\Parser.class" wurde der Virus "Java:Agent-ZP [Expl] (Engine B)" entdeckt. Zugriff verweigert. Beim Schließen der Datei "C:\Users\Marina\AppData\Local\Temp\jar_cache899131327700763994.tmp->json\SmartyPointer.class" wurde der Virus "Java:Agent-ZL [Expl] (Engine B)" entdeckt. Zugriff verweigert. Beim Schließen der Datei "C:\Users\Marina\AppData\Local\Temp\jar_cache899131327700763994.tmp" wurde der Virus "Java:Agent-ZP [Expl], Java:Agent-ZL [Expl] (Engine B)" entdeckt. Zugriff verweigert. Datei: C:\Users\Marina\AppData\Local\Temp\jar_cache4857614142144890589.tmp Virus: Java:Agent-ZP [Expl] (Engine B) Datei: C:\Users\Marina\AppData\Local\Temp\jar_cache6713739413338095065.tmp Virus: Java:Agent-ZP [Expl] (Engine B) Datei: C:\Users\Marina\AppData\Local\Temp\jar_cache790876577571466795.tmp Virus: Java:Agent-ZP [Expl] (Engine B) Virenprüfung von Web-Inhalten Adresse: imp.adzonk.com Virus: SWF  ropper [Heur] (Engine B)Status: Der Zugriff wurde verweigert. Virenprüfung von Web-Inhalten Adresse: imp.adzonk.com/imp.ad.init.js Virus: SWF ropper [Heur] (Engine B)Status: Der Zugriff wurde verweigert. Virenprüfung mit G Data InternetSecurity 2012 Version 22.1.0.0 (11.10.2011) Virensignaturen vom Startzeit: 08.12.2011 15:03:37 Engine(s): Engine A, Engine B Heuristik: Ein Archive: Ein Systembereiche: Ein RootKits prüfen: Ein Prüfung der Systembereiche... Prüfung aller im Speicher befindlichen Prozesse und Verweise im Autostart... Prüfung auf RootKits... Prüfung aller lokalen Festplatten... Analyse vollständig durchgeführt: 08.12.2011 17:50:53 150438 Dateien überprüft 1 infizierte Dateien gefunden 0 verdächtige Dateien gefunden Objekt: xZqcgG.exe Pfad: C:\Users\Marina\AppData\Roaming Status: Virus entfernt Virus: Trojan.Generic.KDV.463508 (Engine A) Geändert von diggerderbe (08.12.2011 um 20:47 Uhr) Grund: edit |
|
08.12.2011, 21:48
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Restlose Virenentfernung durch G-Data Internet Security 2012 oder nicht Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
__________________ |
|
10.12.2011, 14:15
| #3 |
| | Restlose Virenentfernung durch G-Data Internet Security 2012 oder nicht Morgen,
__________________Malwarebytes Anti-Malware hat nix gefunden. Dafür hat ESET umso mehr gefunden: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=20003e0254d0ca4d90eb7d3a33e172dc # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-09 11:35:11 # local_time=2011-12-10 12:35:11 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=4096 16777215 100 0 13122715 13122715 0 0 # compatibility_mode=5893 16776573 100 94 11053 75084884 0 0 # compatibility_mode=8192 67108863 100 0 10672 10672 0 0 # scanned=155549 # found=8 # cleaned=0 # scan_time=20021 C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\PDFReader\Uninstall\Uninstall.exe a variant of Win32/InstallCore.E application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marina\AppData\Local\Babylon\Setup\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marina\AppData\Local\Temp\8459154.Uninstall\Uninstall.exe a variant of Win32/InstallCore.E application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marina\Downloads\PDFReaderSetup.exe a variant of Win32/InstallCore.E application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marina\Downloads\sr-d3up1.7z a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Marina\Downloads\VideoConverterSetup.exe a variant of Win32/InstallCore.E application (unable to clean) 00000000000000000000000000000000 I Was ist jetzt zu tun? |
|
12.12.2011, 10:01
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Restlose Virenentfernung durch G-Data Internet Security 2012 oder nichtZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.12.2011, 14:24
| #5 |
| | Restlose Virenentfernung durch G-Data Internet Security 2012 oder nicht Ich kenne diese Datei nicht, habe darum meinen Mann gefragt, welcher diesen PC auch nutzt. Er hat mit versichert, dass diese Datei nichts mit der Virengeschichte zu tun hat. In der rar Datei befinden sich vier Dateien: Diese Dateien heißen: bink32.dll, paul.dll, SKIDROW.dll, skidrow.nfo. Die skidrow.nfo lässt sich nicht öffnen. Bei doppelklick erscheinen Systemdaten  .@cosinus: Was hast du denn in dieser rar Datei vermutet? Liegt dort der Grund allen übels? Ich bin etwas verwirrt. Was können drei .dll dateien ausrichten? Meines Wissens nach kann ein Virus doch nur von einer ausfürbaren "exe" Datei gestartet werden. Klärt mich auf. G-DATA sagt dazu: Virenprüfung mit G Data InternetSecurity 2012 Version 22.1.0.0 (11.10.2011) Virensignaturen vom 12.12.2011 Startzeit: 12.12.2011 14:20:54 Engine(s): Engine A (AVA 22.3051), Engine B (AVL 22.570) Heuristik: Ein Archive: Ein Systembereiche: Ein RootKits prüfen: Aus Prüfung der Systembereiche... Prüfung folgender Verzeichnisse und Dateien: C:\Users\Marina\Downloads\sr-d3up1.7z Analyse vollständig durchgeführt: 12.12.2011 14:20:56 1 Dateien überprüft 0 infizierte Dateien gefunden 0 verdächtige Dateien gefunden Einen schönen Wochenstart an alle. Ich hoffe ihr könnt damit etwas anfangen. |
|
12.12.2011, 14:28
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Restlose Virenentfernung durch G-Data Internet Security 2012 oder nichtZitat:
 Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!
__________________ --> Restlose Virenentfernung durch G-Data Internet Security 2012 oder nicht |
|
12.12.2011, 17:04
| #7 |
| | Restlose Virenentfernung durch G-Data Internet Security 2012 oder nicht Hmm, ja und jetzt? Kein weiterer support wegen diesen Dateien? Ich habe diese Daten doch gar nicht entpackt... Sie wurden nur auf einen Stick gepackt und dann auf dem Rechner meines Mannes entpackt... Ist der pure besitz schon ausschluss genug? Ich fühle mich jetzt ein wenig hintergangen. Ist meine ganze Arbeit für nichts? |
|
12.12.2011, 21:35
| #8 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Restlose Virenentfernung durch G-Data Internet Security 2012 oder nichtZitat:
Zitat:
Zitat:
Wie auch immer, die Datei taucht im Log auf und bei Cracks oder anderem illegalen zeugs gibt es hier nur nur noch Hilfe zur Neuinstallation des Systems.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Restlose Virenentfernung durch G-Data Internet Security 2012 oder nicht |
| 0x00000001, 32-bit, antivirus, autorun, babylon toolbar, babylontoolbar, bankguard, bho, bonjour, branding, c:\windows\system32\rundll32.exe, error, excel, excel.exe, feedback, festplatte, firefox, flash player, format, g-data, google, grand theft auto, helper, home, infizierte dateien, install.exe, internet, internet security 2012, jdownloader, js:scriptip-inf, langs, locker, logfile, mozilla, mozilla thunderbird, netzwerk, nvmf6232.sys, plug-in, realtek, registry, required, rundll, scan, search the web, security, software, verweise, webcheck, windows |
Linear-Darstellung
