Sicherheitscenterdienst u Firewall nicht aktivierbar nach smart fortress 2012

ralle622 · 12.03.2012, 00:17

Hallo!

Bei mir tauchte Smart Fortress 2012 auf. Ich habe diese Anweisung befolgt:
www.trojaner-board.de/110669-smart-fortress-2012-entfernen.html

Ergebnis s. u. Danach keine Entdeckungen mehr weder mit Antimalware noch mit McAfee Virusscan.

Nun lassen sich bei mir Sicherheitscenterdienst u Firewall nicht mehr aktivieren. Es kommt die Fehlermeldung "Windows Sicherheitscenterdienst kann nicht gestartet werden." bzw. "Einige der Einstellungen können von der Windows-Firewall nicht geändert werden. Fehlercode 0x80070424." Microsoft Fixit hilft nicht.

Falls von Bedeutung: Habe 3 Benutzerkonten, davon eins mit Admin-Rechten. Aufgetreten ist Smart Fortress bei einem anderen Konto.

LG, Ralle

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.11.09

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Admin :: *** [Administrator]

11.03.2012 20:00:24
mbam-log-2012-03-11 (20-00-24).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 391143
Laufzeit: 31 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T90C85Z7\4[1].exe (Spyware.Sniffer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TUXQ226O\5[1].exe (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\Temp\CA58.tmp (Spyware.Sniffer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Admin\Desktop\Antivirus scan for d42ee1d44f6d889cd93239cea1c5c37f at UTC - VirusTotal.mht (Rogue.Link) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

.DDS Logfile:

Code:

ATTFilter

DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by Admin at 23:45:45 on 2012-03-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4007.2500 [GMT 1:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\watchmi\TvdService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\PHotkey\PHotkey.exe
C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\PHotkey\ATouch64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\PHotkey\PVDesktop.exe
C:\Program Files (x86)\PHotkey\PVDAgent.exe
C:\Program Files (x86)\PHotkey\POSD.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\watchmi\TvdTray.exe
C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.aldi.com
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111202013757.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WATCHM~1.LNK - C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 80.69.100.206 80.69.100.214
TCP: Interfaces\{8068FE7C-7296-400B-9019-82B7F3A7BDB2} : DhcpNameServer = 80.69.100.206 80.69.100.214
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun-x64: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
IE-X64: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE-X64: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-2-11 907600]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-2-11 997712]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?]
R2 GFNEXSrv;GFNEX Service;C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [2011-5-26 159752]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-14 13592]
R2 McAfeeFramework;McAfee Framework-Dienst;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-12-2 199008]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2011-9-14 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 PEGAGFN;PEGAGFN;C:\Program Files (x86)\PHotkey\PEGAGFN.sys [2011-5-26 14344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-14 2656280]
R2 watchmi;watchmi service;C:\Program Files (x86)\watchmi\TvdService.exe [2010-12-6 62464]
R3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\drivers\iwdbus.sys --> C:\Windows\system32\drivers\iwdbus.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]
S3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-2-11 1304912]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
S3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
S3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 wsvd;wsvd;C:\Windows\system32\DRIVERS\wsvd.sys --> C:\Windows\system32\DRIVERS\wsvd.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-03-11 21:00:47	--------	d-----w-	C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2012-03-11 18:56:58	--------	d-----w-	C:\Users\Admin\AppData\Roaming\Malwarebytes
2012-03-11 18:56:40	23152	----a-w-	C:\Windows\System32\drivers\mbam.sys
2012-03-11 18:56:40	--------	d-----w-	C:\ProgramData\Malwarebytes
2012-03-11 18:56:40	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-09 20:43:39	--------	d-----w-	C:\Users\Admin\AppData\Local\Adobe
2012-03-09 20:00:50	--------	d-----w-	C:\ProgramData\SecTaskMan
2012-03-09 20:00:39	--------	d-----w-	C:\Program Files (x86)\Security Task Manager
2012-03-01 22:22:55	--------	d-----w-	C:\Windows\SysWow64\Adobe
2012-02-25 21:47:11	--------	d-----w-	C:\Users\Admin\AppData\Roaming\McAfee
2012-02-25 21:47:06	--------	d-----w-	C:\Users\Admin\AppData\Local\Power2Go
2012-02-16 06:34:14	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-02-16 06:25:54	509952	----a-w-	C:\Windows\System32\ntshrui.dll
2012-02-16 06:25:53	442880	----a-w-	C:\Windows\SysWow64\ntshrui.dll
2012-02-16 06:25:52	515584	----a-w-	C:\Windows\System32\timedate.cpl
2012-02-16 06:25:52	478720	----a-w-	C:\Windows\SysWow64\timedate.cpl
2012-02-16 06:25:49	3145728	----a-w-	C:\Windows\System32\win32k.sys
2012-02-16 06:25:47	498688	----a-w-	C:\Windows\System32\drivers\afd.sys
2012-02-16 06:25:37	690688	----a-w-	C:\Windows\SysWow64\msvcrt.dll
2012-02-16 06:25:37	634880	----a-w-	C:\Windows\System32\msvcrt.dll
2012-02-14 17:55:04	276248	----a-w-	C:\Windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 17:55:02	5886232	----a-w-	C:\Windows\System32\GfxUI.exe
2012-02-14 17:55:02	511768	----a-w-	C:\Windows\System32\igfxsrvc.exe
2012-02-14 17:55:02	440600	----a-w-	C:\Windows\System32\igfxpers.exe
2012-02-14 17:55:02	398616	----a-w-	C:\Windows\System32\hkcmd.exe
2012-02-14 17:55:02	250136	----a-w-	C:\Windows\System32\igfxext.exe
2012-02-14 17:55:02	184600	----a-w-	C:\Windows\System32\difx64.exe
2012-02-14 17:55:02	170264	----a-w-	C:\Windows\System32\igfxtray.exe
2012-02-14 17:53:26	90112	----a-w-	C:\Windows\System32\igfxCoIn_v2653.dll
2012-02-14 17:47:38	14692224	----a-w-	C:\Windows\System32\drivers\igdkmd64.sys
2012-02-14 17:47:06	963912	----a-w-	C:\Windows\SysWow64\igkrng600.bin
2012-02-14 17:47:06	963912	----a-w-	C:\Windows\System32\igkrng600.bin
2012-02-14 17:47:06	79360	----a-w-	C:\Windows\System32\igdde64.dll
2012-02-14 17:47:06	261208	----a-w-	C:\Windows\SysWow64\igfcg600m.bin
2012-02-14 17:47:06	261208	----a-w-	C:\Windows\System32\igfcg600m.bin
2012-02-14 17:44:24	58880	----a-w-	C:\Windows\SysWow64\igdde32.dll
2012-02-14 17:42:58	9605632	----a-w-	C:\Windows\System32\igd10umd64.dll
2012-02-14 17:07:18	18125312	----a-w-	C:\Windows\System32\ig4icd64.dll
2012-02-14 16:59:56	13209600	----a-w-	C:\Windows\SysWow64\ig4icd32.dll
2012-02-14 16:56:42	110592	----a-w-	C:\Windows\System32\hccutils.dll
2012-02-14 16:56:34	9216	----a-w-	C:\Windows\System32\IGFXDEVLib.dll
2012-02-14 16:56:34	430080	----a-w-	C:\Windows\System32\igfxdev.dll
2012-02-14 16:56:34	172032	----a-w-	C:\Windows\System32\gfxSrvc.dll
2012-02-14 16:56:06	286208	----a-w-	C:\Windows\System32\igfxrenu.lrc
2012-02-14 16:56:04	142336	----a-w-	C:\Windows\System32\igfxdo.dll
2012-02-14 16:56:02	9007616	----a-w-	C:\Windows\System32\igfxress.dll
2012-02-14 16:55:06	25088	----a-w-	C:\Windows\SysWow64\igfxexps32.dll
2012-02-14 16:54:36	321024	----a-w-	C:\Windows\SysWow64\igfxdv32.dll
2012-02-14 16:53:08	524800	----a-w-	C:\Windows\System32\iglhsip64.dll
2012-02-14 16:53:08	519680	----a-w-	C:\Windows\SysWow64\iglhsip32.dll
2012-02-14 16:53:08	2967040	----a-w-	C:\Windows\System32\igfxcmjit64.dll
2012-02-14 16:53:08	237056	----a-w-	C:\Windows\SysWow64\igfxcmrt32.dll
2012-02-14 16:53:08	2321408	----a-w-	C:\Windows\SysWow64\igfxcmjit32.dll
2012-02-14 16:53:08	213504	----a-w-	C:\Windows\System32\iglhcp64.dll
2012-02-14 16:53:08	193024	----a-w-	C:\Windows\System32\igfxcmrt64.dll
2012-02-14 16:53:08	177152	----a-w-	C:\Windows\SysWow64\iglhcp32.dll
2012-02-12 20:39:01	--------	d-----w-	C:\QUARANTINE
.
==================== Find3M  ====================
.
2012-02-16 15:37:38	414368	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-14 17:47:40	8086528	----a-w-	C:\Windows\System32\igdumd64.dll
2012-02-14 17:44:54	6120960	----a-w-	C:\Windows\SysWow64\igdumd32.dll
2012-02-14 17:35:26	7794688	----a-w-	C:\Windows\SysWow64\igd10umd32.dll
2011-12-14 07:11:03	2308096	----a-w-	C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30	1390080	----a-w-	C:\Windows\System32\wininet.dll
2011-12-14 07:03:38	1493504	----a-w-	C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54	1798656	----a-w-	C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18	1127424	----a-w-	C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58	1427456	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
.
============= FINISH: 23:47:11,54 ===============

--- --- ---

Hier noch Auszug aus McAfee Zugriffsscan:
11.03.2012 11:56:34 Modulversion = 5400.1158
11.03.2012 11:56:34 AntiVirus-DAT-Version = 6645.0
11.03.2012 11:56:34 Anzahl an Entdeckungssignaturen in EXTRA.DAT= Kein
11.03.2012 11:56:34 Namen der Entdeckungssignaturen in EXTRA.DAT= Kein
11.03.2012 16:42:34 Gelöscht Notebook2011***\*** C:\Users\***\AppData\Local\Temp\CDE2.tmp C:\Users\***\AppData\Local\8012f6bf\X ZeroAccess (Trojanisches Pferd)
11.03.2012 16:42:58 Gelöscht Notebook2011***\*** C:\Users\***\AppData\Local\Temp\CA58.tmp C:\Windows\Temp\_ex-08.exe Artemis!2A409C9785EC (Trojanisches Pferd)
11.03.2012 16:43:23 Gelöscht NT-AUTORITÄT\SYSTEM C:\Users\***\AppData\Local\Temp\InstallFlashPlayer.exe C:\Windows\system32\consrv.dll ZeroAccess.f (Trojanisches Pferd)
11.03.2012 16:43:59 Gelöscht Notebook2011***\*** C:\Windows\system32\taskhost.exe C:\Users\***\AppData\Local\Temp\0.8727683930346675.exe Ransom!fc (Trojanisches Pferd)
11.03.2012 16:51:33 Gelöscht Notebook2011***\*** C:\Windows\Temp\_ex-68.exe C:\Users\***\AppData\Local\Temp\jar_cache1027502696053228744.tmp Downloader-BCS (Trojanisches Pferd)

Psychotic · 12.03.2012, 10:34

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass du clean bist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren) - wenn du die anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!
Poste die Logfiles direkt in deinen Thread. Nicht anhängen, außer, ich fordere dich dazu auf. Erschwert mir nämlich das Auswerten.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Zitat:

Rootkit.0Access

Dein Rechner wurde mit dem ZeroAccess-Rootkit verseucht - dabei handelt es sich um eine der momentan hartnäckigsten und tiefgreifendsten Schädlinge überhaupt. Er ist dafür bekannt, dass er u.a. Änderungen an wichtigen Systemdiensten vornimmt - deswegen meckern auch Sicherheitscenter und Firewall!

Schritt 1: Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

ralle622 · 12.03.2012, 22:06

Hallo Marius,

vielen Dank, dass Du Dich meiner annimmst. Kann leider erst jetzt antworten. Inzwischen lässt sich in dem Benutzerkonto, bei dem die Probleme angefangen haben, kein Programm mehr öffnen. Alle exe-Dateien werden wohl gesperrt. In den anderen Benutzerkonten geht es allerdings noch.

Es ist dort aber ein Problem bei combofix aufgetreten. Nach dem Neustart wurde die Logfile nicht erstellt werden. Fehlermeldung: " "NIRKMD" konnte nicht gefunden werden. Stellen Sie sicher, dass Sie den Namen richtig eingegeben haben und wiederholen Sie den Vorgang."

Daraufhin habe ich erneut auf ComboFix geklickt. Dann erst kam:
"Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde."

Darauf habe ich neu gestartet. Es tat sich aber nichts. Die logfile wurde nicht erstellt. Ich habe ComboFix dann erneut gestartet. Nun lief alles, dauerte aber länger.

Hier die logfile:

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-03-12.03 - Admin 12.03.2012  21:22:17.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4007.2628 [GMT 1:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\windows\system32\ICON.ico
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-12 bis 2012-03-12  ))))))))))))))))))))))))))))))
.
.
2012-03-12 20:48 . 2012-03-12 20:48	--------	d-----w-	c:\users\***\AppData\Local\temp
2012-03-12 20:48 . 2012-03-12 20:48	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-11 18:56 . 2012-03-11 18:56	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-11 18:56 . 2012-03-11 18:56	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-11 18:56 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-11 15:42 . 2012-03-11 15:42	--------	d-sh--w-	c:\users\***\AppData\Local\8012f6bf
2012-03-09 20:00 . 2012-03-09 20:38	--------	d-----w-	c:\programdata\SecTaskMan
2012-03-09 20:00 . 2012-03-09 20:00	--------	d-----w-	c:\program files (x86)\Security Task Manager
2012-03-01 22:22 . 2012-03-01 22:22	--------	d-----w-	c:\windows\SysWow64\Adobe
2012-02-26 11:48 . 2012-02-26 11:49	--------	d-----w-	c:\users\Aushilfe
2012-02-25 21:46 . 2012-03-11 22:43	--------	d-----w-	c:\users\Admin
2012-02-16 06:25 . 2012-01-04 10:44	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-16 06:25 . 2012-01-04 08:58	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2012-02-16 06:25 . 2011-12-30 06:26	515584	----a-w-	c:\windows\system32\timedate.cpl
2012-02-16 06:25 . 2011-12-30 05:27	478720	----a-w-	c:\windows\SysWow64\timedate.cpl
2012-02-16 06:25 . 2012-01-14 04:06	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-02-16 06:25 . 2011-12-28 03:59	498688	----a-w-	c:\windows\system32\drivers\afd.sys
2012-02-16 06:25 . 2011-12-16 08:46	634880	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-16 06:25 . 2011-12-16 07:52	690688	----a-w-	c:\windows\SysWow64\msvcrt.dll
2012-02-14 17:55 . 2012-02-14 17:55	276248	----a-w-	c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 17:55 . 2012-02-14 17:55	5886232	----a-w-	c:\windows\system32\GfxUI.exe
2012-02-14 17:55 . 2012-02-14 17:55	511768	----a-w-	c:\windows\system32\igfxsrvc.exe
2012-02-14 17:55 . 2012-02-14 17:55	440600	----a-w-	c:\windows\system32\igfxpers.exe
2012-02-14 17:55 . 2012-02-14 17:55	398616	----a-w-	c:\windows\system32\hkcmd.exe
2012-02-14 17:55 . 2012-02-14 17:55	250136	----a-w-	c:\windows\system32\igfxext.exe
2012-02-14 17:55 . 2012-02-14 17:55	184600	----a-w-	c:\windows\system32\difx64.exe
2012-02-14 17:55 . 2012-02-14 17:55	170264	----a-w-	c:\windows\system32\igfxtray.exe
2012-02-14 17:53 . 2012-02-14 17:53	90112	----a-w-	c:\windows\system32\igfxCoIn_v2653.dll
2012-02-14 17:47 . 2012-02-14 17:47	14692224	----a-w-	c:\windows\system32\drivers\igdkmd64.sys
2012-02-14 17:47 . 2012-02-14 17:47	963912	----a-w-	c:\windows\SysWow64\igkrng600.bin
2012-02-14 17:47 . 2012-02-14 17:47	963912	----a-w-	c:\windows\system32\igkrng600.bin
2012-02-14 17:47 . 2012-02-14 17:47	79360	----a-w-	c:\windows\system32\igdde64.dll
2012-02-14 17:47 . 2012-02-14 17:47	261208	----a-w-	c:\windows\SysWow64\igfcg600m.bin
2012-02-14 17:47 . 2012-02-14 17:47	261208	----a-w-	c:\windows\system32\igfcg600m.bin
2012-02-14 17:44 . 2012-02-14 17:44	58880	----a-w-	c:\windows\SysWow64\igdde32.dll
2012-02-14 17:42 . 2012-02-14 17:42	9605632	----a-w-	c:\windows\system32\igd10umd64.dll
2012-02-14 17:07 . 2012-02-14 17:07	18125312	----a-w-	c:\windows\system32\ig4icd64.dll
2012-02-14 16:59 . 2012-02-14 16:59	13209600	----a-w-	c:\windows\SysWow64\ig4icd32.dll
2012-02-14 16:56 . 2012-02-14 16:56	110592	----a-w-	c:\windows\system32\hccutils.dll
2012-02-14 16:56 . 2012-02-14 16:56	9216	----a-w-	c:\windows\system32\IGFXDEVLib.dll
2012-02-14 16:56 . 2012-02-14 16:56	430080	----a-w-	c:\windows\system32\igfxdev.dll
2012-02-14 16:56 . 2012-02-14 16:56	172032	----a-w-	c:\windows\system32\gfxSrvc.dll
2012-02-14 16:56 . 2012-02-14 16:56	286208	----a-w-	c:\windows\system32\igfxrenu.lrc
2012-02-14 16:56 . 2012-02-14 16:56	142336	----a-w-	c:\windows\system32\igfxdo.dll
2012-02-14 16:56 . 2012-02-14 16:56	9007616	----a-w-	c:\windows\system32\igfxress.dll
2012-02-14 16:55 . 2012-02-14 16:55	25088	----a-w-	c:\windows\SysWow64\igfxexps32.dll
2012-02-14 16:54 . 2012-02-14 16:54	321024	----a-w-	c:\windows\SysWow64\igfxdv32.dll
2012-02-14 16:53 . 2012-02-14 16:53	524800	----a-w-	c:\windows\system32\iglhsip64.dll
2012-02-14 16:53 . 2012-02-14 16:53	519680	----a-w-	c:\windows\SysWow64\iglhsip32.dll
2012-02-14 16:53 . 2012-02-14 16:53	2967040	----a-w-	c:\windows\system32\igfxcmjit64.dll
2012-02-14 16:53 . 2012-02-14 16:53	237056	----a-w-	c:\windows\SysWow64\igfxcmrt32.dll
2012-02-14 16:53 . 2012-02-14 16:53	2321408	----a-w-	c:\windows\SysWow64\igfxcmjit32.dll
2012-02-14 16:53 . 2012-02-14 16:53	213504	----a-w-	c:\windows\system32\iglhcp64.dll
2012-02-14 16:53 . 2012-02-14 16:53	193024	----a-w-	c:\windows\system32\igfxcmrt64.dll
2012-02-14 16:53 . 2012-02-14 16:53	177152	----a-w-	c:\windows\SysWow64\iglhcp32.dll
2012-02-12 20:39 . 2012-03-12 20:04	--------	d-----w-	C:\QUARANTINE
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 15:37 . 2011-05-14 18:10	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-14 17:47 . 2011-06-08 19:35	8086528	----a-w-	c:\windows\system32\igdumd64.dll
2012-02-14 17:44 . 2011-06-08 19:34	6120960	----a-w-	c:\windows\SysWow64\igdumd32.dll
2012-02-14 17:35 . 2011-06-08 19:34	7794688	----a-w-	c:\windows\SysWow64\igd10umd32.dll
2012-02-14 16:57 . 2011-06-08 19:35	63488	----a-w-	c:\windows\system32\igfxsrvc.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-03-12_19.57.02   )))))))))))))))))))))))))))))))))))))))))
.
- 2012-03-12 19:54 . 2012-03-12 19:54	12167              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-03-12 20:16 . 2012-03-12 20:16	12167              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-11-21 03:09 . 2012-03-12 20:19	46954              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-12 20:19	41554              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-12 20:17 . 2012-03-12 20:17	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-12 19:55 . 2012-03-12 19:55	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-12 19:55 . 2012-03-12 19:55	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-12 20:17 . 2012-03-12 20:17	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-03-12 19:43	616694              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-12 20:24	616694              c:\windows\system32\perfh009.dat
- 2011-05-01 20:47 . 2012-03-12 19:43	654852              c:\windows\system32\perfh007.dat
+ 2011-05-01 20:47 . 2012-03-12 20:24	654852              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-03-12 20:24	106816              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-12 19:43	106816              c:\windows\system32\perfc009.dat
- 2011-05-01 20:47 . 2012-03-12 19:43	130434              c:\windows\system32\perfc007.dat
+ 2011-05-01 20:47 . 2012-03-12 20:24	130434              c:\windows\system32\perfc007.dat
- 2009-07-14 05:01 . 2012-03-12 19:54	290960              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-12 20:16	290960              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-02-03 506712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-09-14 215360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
watchmi tray.lnk - c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2011-9-2 300416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-02-11 1304912]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-02-11 907600]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-02-11 997712]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
S2 GFNEXSrv;GFNEX Service;c:\program files (x86)\PHotkey\GFNEXSrv.exe [2010-10-07 159752]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 PEGAGFN;PEGAGFN;c:\program files (x86)\PHotkey\PEGAGFN.sys [2009-09-11 14344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [2010-12-06 62464]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mfeavfk01
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="E" [X]
"AmIcoSinglun64"="E" [X]
"IntelPAN"="E" [X]
"SmartAudio"="E" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-BTMTrayAgent - 86)\INTEL\BLUETOOTH\BTMSHELL.DLL
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-12  21:50:08
ComboFix-quarantined-files.txt  2012-03-12 20:50
.
Vor Suchlauf: 10 Verzeichnis(se), 616.975.802.368 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 616.924.721.152 Bytes frei
.
- - End Of File - - 135EE094854898D0757062014C7C50FA

--- --- ---

Psychotic · 12.03.2012, 22:39

Auweh!

Dann mach folgendes:

FRST

Downloade dir bitte Farbar's Recovery Scan Tool x64
und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager

Starte den Rechner neu auf.
Während dem Hochfahren drücke mehrmals die F8 Taste
Wähle nun Computer reparieren.
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD

Lege die Windows CD in dein Laufwerk.
Starte den Rechner neu auf und starte von der CD
Wähle die Spracheinstellungen und klicke "Weiter".
Klicke auf Computerreparaturoptionen !!
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.
Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
Schließe Notepad wieder
Gib nun bitte folgenden Befehl ein. e:\frst.exe Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
Akzeptiere den Disclaimer mit Yes und klicke Scan

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

ralle622 · 12.03.2012, 23:51

Bezieht sich das "Auweh!" auf die logfile oder auf meinen Bericht/mein Vorgehen?

Sind die beiden jeweils mit der grünen Überschrift beginnenden Anweisungen in deinem Beitrag alternativ, d. h. muss ich nur das eine oder das andere machen, oder beides, also auf USB-Stick laden und Windows-CD einsetzen?

Ich habe einen Medion-Laptop. Dort lag eine "Medion Recovery Disc" bei. Ist die gemeint? Da steht drauf: "Windows 7 Home Premium SP 1" und "Only for recovery of the originally selected language version" und "The software includded in this Recovery Disc was preinstalled on your hard drive at the factory and may only be used for backup."

Und: Welches Benutzerkonto soll ich wählen. Irgendeins? Das Admin? Oder das, wo die größten Probleme bestehen, wo also .exe nicht geht?

--

Ich ziehe außerdem deinen anfänglichen Hinweis "Eine Formatierung ist meist der schnellere und immer der sicherste Weg." in Betracht. Könnte ich das mit der beschriebenen Recovery Disc ohne weiteres machen? Habe da keinerlei Erfahrung. Rätst Du dazu? (Es war noch eine weitere Disc da: "Application & Support-Disc". Vermute, die beinhaltet Treiber etc. ?. Dass Word 2010 Starter weg wäre, müsste ich wohl akzeptieren.)

--

Jedenfalls schon mal vielen Dank! (Entschuldige, wenn ich mich erst verzögert melde. Kann mich darum leider meist erst abends kümmern.)

Psychotic · 13.03.2012, 07:15

Mit diesem Datenträger kannst du die Reparaturoptionen starten, ja!

Auch eine Wiederherstellung ist damit möglich, dafür ist das Ding da.

Die zweite Disk beinhaltet die Treiber und Programme, die momentan installiert sind. Evtl. ist dort auch das Word 2010 mit enthalten, das kann ich dir nicht sagen.

Bitte teile mir mit, ob du dich für Bereinigung oder Neuinstallation entschieden hast!

ralle622 · 13.03.2012, 11:07

Ich möchte die Bereinigung versuchen (wenn's nicht klappt, kann ich ja immer noch plattmachen) und bin so vorgegangen wie von Dir beschrieben, habe aber 2 Fragen:

1) Nachdem ich "Computer reparieren" anklicke kommt ein Fenster "System Recovery Options" Festgelegte Sprache ist Englisch - unveränderbar. Das ist nicht schlimm, oder? Habe dann weiter gemacht.

2) Im Kommandofenster steht dann:
"Microsoft Windows [Version 6.1.7601]

X:\windows\system32>"

Wenn ich j:\frst.exe eingebe (j ist bei mir richtig), erscheint: 'j:\frst.exe' is not recognized as an internal or external command, operable program or batch file."

Ich habe es dann mit j:\frst64.exe probiert. Nun läuft es. War hoffentlich nicht falsch.

--

OT?: In der Systemsteuerung wird mir nun wieder Zugriff auf den Sicherheitscenterdienst gewährt, und die Firewall ist angeblich wieder in Betrieb; sie lässt sich auch ab- und wieder einschalten. (Traue dem nicht recht: Kann das ein erster Erfolg bisheriger Massnahmen sein oder ist das ein Trick von Malware?)

ralle622 · 13.03.2012, 11:19

Scan result of Farbar Recovery Scan Tool Version: 11-03-2012
Ran by SYSTEM at 13-03-2012 11:15:24
Running from J:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] E [x]
HKLM\...\Run: [AmIcoSinglun64] E [x]
HKLM\...\Run: [IntelPAN] E" /TF INTEL PAN TRAY [x]
HKLM\...\Run: [BTMTrayAgent] 86)\INTEL\BLUETOOTH\BTMSHELL.DLL",TRAYAPP [x]
HKLM\...\Run: [SmartAudio] E /T [x]
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [170264 2012-02-14] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [398616 2012-02-14] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [440600 2012-02-14] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [107816 2010-08-03] (CyberLink)
HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey [161088 2011-01-12] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE [215360 2011-09-14] (McAfee, Inc.)
HKU\***\...\Run: [SkypeM] C:\Users\***\AppData\Local\Skype\Skype.exe [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

==================== Services (Whitelisted) ======

2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [1136640 2011-04-21] (Intel Corporation)
2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-18] ()
2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [907600 2011-02-11] (Intel Corporation)
3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1304912 2011-02-11] (Intel Corporation)
2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [997712 2011-02-11] (Intel Corporation)
2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [134928 2011-04-21] (Intel(R) Corporation)
3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [276248 2012-02-14] (Intel Corporation)
2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [198784 2010-12-17] (Conexant Systems Inc.)
2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [159752 2010-10-06] ()
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [13592 2011-04-29] (Intel Corporation)
2 McAfeeFramework; "C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [120128 2011-01-12] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199008 2011-12-01] (McAfee, Inc.)
2 McTaskManager; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe" [209760 2011-09-14] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [158832 2011-12-01] (McAfee, Inc.)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [244904 2010-12-14] ()
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2011-02-22] (Intel Corporation)
2 watchmi; "C:\Program Files (x86)\watchmi\TvdService.exe" [62464 2010-12-06] ()
2 PSI_SVC_2; "c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [x]

========================== Drivers (Whitelisted) =============

3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [294912 2011-04-21] (Windows (R) Win 7 DDK provider)
3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [294912 2011-04-21] (Windows (R) Win 7 DDK provider)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [58128 2011-01-24] (Intel Corporation)
3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [274944 2011-01-24] (Intel Corporation)
3 clwvd; C:\Windows\System32\DRIVERS\clwvd.sys [31088 2011-04-14] (CyberLink Corporation)
3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [59904 2011-01-24] (Intel Corporation)
3 intaud_WaveExtensible; C:\Windows\System32\drivers\intelaud.sys [34200 2011-05-17] (Intel Corporation)
3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [25496 2011-05-17] (Intel Corporation)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [158712 2011-12-01] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [228752 2011-12-01] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [642952 2011-12-01] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100904 2011-12-01] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2011-12-01] (McAfee, Inc.)
3 NETwNs64; C:\Windows\System32\DRIVERS\NETwNs64.sys [8593920 2011-05-01] (Intel Corporation)
2 PEGAGFN; \??\C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [31232 2010-11-20] (Microsoft Corporation)
3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [129008 2010-09-23] (CyberLink)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 mfeavfk01; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-03-13 11:15 - 2012-03-13 11:15 - 0000000 ____D C:\FRST
2012-03-13 01:31 - 2012-03-12 14:58 - 1383409 ____A C:\Users\***\Desktop\FRST64.exe
2012-03-12 13:14 - 2012-03-12 14:23 - 0000000 __SHD C:\$RECYCLE.BIN
2012-03-12 12:53 - 2012-03-12 12:53 - 0020827 ____A C:\Users\Admin\Desktop\combofix log.txt
2012-03-12 12:50 - 2012-03-12 12:50 - 0020827 ____A C:\ComboFix.txt
2012-03-12 11:42 - 2012-03-12 12:15 - 0000000 ____D C:\Windows\ERDNT
2012-03-12 11:42 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-03-12 11:42 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-03-12 11:42 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-03-12 11:42 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-03-12 11:42 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-03-12 11:42 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-03-12 11:42 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-03-12 11:42 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-03-12 11:40 - 2012-03-12 12:50 - 0000000 ____D C:\Qoobox
2012-03-12 11:39 - 2012-03-12 11:30 - 4435063 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2012-03-12 11:36 - 2012-03-12 11:30 - 4435063 ____A (Swearware) C:\Users\Aushilfe\Desktop\ComboFix.exe
2012-03-12 11:29 - 2012-03-12 11:30 - 4435063 ____A (Swearware) C:\Users\***\Desktop\ComboFix.exe
2012-03-11 15:02 - 2012-03-11 15:02 - 0002109 ____A C:\Users\Admin\Desktop\Attach.zip
2012-03-11 15:02 - 2012-03-11 15:02 - 0000000 ____D C:\Users\Admin\AppData\Roaming\WinRAR
2012-03-11 14:48 - 2012-03-11 14:48 - 0020405 ____A C:\Users\Admin\Desktop\DDS.txt
2012-03-11 14:48 - 2012-03-11 14:48 - 0005221 ____A C:\Users\Admin\Desktop\Attach.txt
2012-03-11 14:44 - 2012-03-11 14:44 - 0607260 ____R (Swearware) C:\Users\Admin\Desktop\dds.com
2012-03-11 14:43 - 2012-03-11 14:43 - 0000472 ____A C:\Users\Admin\Desktop\defogger_disable.log
2012-03-11 14:43 - 2012-03-11 14:43 - 0000000 ____A C:\Users\Admin\defogger_reenable
2012-03-11 14:41 - 2012-03-11 14:41 - 0050477 ____A C:\Users\Admin\Desktop\Defogger.exe
2012-03-11 13:00 - 2012-03-11 14:08 - 0000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2012-03-11 11:43 - 2012-03-11 11:43 - 0003454 ____A C:\Users\Admin\Desktop\mbam-log-2012-03-11 (20-00-24).txt
2012-03-11 11:34 - 2012-03-11 11:34 - 0126239 ____A C:\Users\Admin\Desktop\Unbenannt4.png
2012-03-11 10:56 - 2012-03-11 10:56 - 0001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2012-03-11 10:56 - 2012-03-11 10:56 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-11 10:56 - 2012-03-11 10:56 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2012-03-11 10:56 - 2012-03-11 10:56 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-11 10:56 - 2012-03-11 10:56 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-11 10:56 - 2011-12-10 06:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-11 10:52 - 2012-03-11 13:31 - 0000361 ____A C:\rkill.log
2012-03-11 10:50 - 2012-03-11 10:50 - 1008141 ____A C:\Users\Admin\Desktop\rkill.com
2012-03-11 10:50 - 2012-03-11 09:36 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Admin\Desktop\mbam-setup-1.60.1.1000.exe
2012-03-11 07:52 - 2012-03-11 07:52 - 0109131 ____A C:\Users\***\Desktop\Unbenannt1.png
2012-03-11 07:51 - 2012-03-11 07:51 - 2086138 ____A C:\Users\***\Desktop\Unbenannt.png
2012-03-11 07:42 - 2012-03-11 07:42 - 0000000 __SHD C:\Users\***\AppData\Local\8012f6bf
2012-03-10 05:57 - 2012-03-10 05:57 - 0469350 ____A C:\Users\***\Desktop\DB Leer.pdf
2012-03-09 12:43 - 2012-03-09 12:43 - 0000000 ____D C:\Users\Admin\AppData\Local\Adobe
2012-03-09 12:05 - 2012-03-09 12:05 - 0196267 ____A C:\Users\Admin\Desktop\Unbenannt.png
2012-03-09 12:00 - 2012-03-09 12:38 - 0000000 ____D C:\Users\All Users\SecTaskMan
2012-03-09 12:00 - 2012-03-09 12:38 - 0000000 ____D C:\ProgramData\SecTaskMan
2012-03-09 12:00 - 2012-03-09 12:00 - 0000000 ____D C:\Program Files (x86)\Security Task Manager
2012-03-07 15:02 - 2012-03-07 15:03 - 0000000 ____D C:\Users\***\Desktop\MüKo
2012-03-01 14:22 - 2012-03-01 14:22 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-02-26 13:16 - 2012-03-09 12:43 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2012-02-26 03:55 - 2012-02-26 03:55 - 0000000 ____D C:\Users\Aushilfe\AppData\Roaming\Adobe
2012-02-26 03:50 - 2012-02-26 03:50 - 0095568 ____A C:\Users\Aushilfe\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-26 03:50 - 2012-02-26 03:50 - 0000000 ____D C:\Users\Aushilfe\AppData\Roaming\McAfee
2012-02-26 03:50 - 2012-02-26 03:50 - 0000000 ____D C:\Users\Aushilfe\AppData\Local\Power2Go
2012-02-26 03:49 - 2012-02-26 03:55 - 0000000 ____D C:\Users\Aushilfe\AppData\LocalLow
2012-02-26 03:49 - 2012-02-26 03:49 - 0000174 ___SH C:\Users\Aushilfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-26 03:49 - 2012-02-26 03:49 - 0000020 ___SH C:\Users\Aushilfe\ntuser.ini
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\Vorlagen
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\Startmenü
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\Netzwerkumgebung
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\Lokale Einstellungen
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\Eigene Dateien
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\Druckumgebung
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\Documents\Eigene Videos
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\Documents\Eigene Musik
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\Documents\Eigene Bilder
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\AppData\Local\Verlauf
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\AppData\Local\Temporary Internet Files
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\AppData\Local\Anwendungsdaten
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\Anwendungsdaten
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 ____D C:\Users\Aushilfe\AppData\Roaming\Intel
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 ____D C:\Users\Aushilfe\AppData\Local\VirtualStore
2012-02-26 03:48 - 2012-02-26 03:49 - 0000000 ____D C:\users\Aushilfe
2012-02-26 03:48 - 2011-05-14 10:10 - 0000000 ____D C:\Users\Aushilfe\AppData\Roaming\Macromedia
2012-02-26 03:48 - 2010-11-20 23:16 - 0000000 ____D C:\Users\Aushilfe\AppData\Roaming\Media Center Programs
2012-02-25 13:47 - 2012-02-25 13:47 - 0095568 ____A C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-25 13:47 - 2012-02-25 13:47 - 0000000 ____D C:\Users\Admin\AppData\Roaming\McAfee
2012-02-25 13:47 - 2012-02-25 13:47 - 0000000 ____D C:\Users\Admin\AppData\Local\Power2Go
2012-02-25 13:46 - 2012-03-11 14:43 - 0000000 ____D C:\users\Admin
2012-02-25 13:46 - 2012-03-09 12:43 - 0000000 ____D C:\Users\Admin\AppData\LocalLow
2012-02-25 13:46 - 2012-02-25 13:46 - 0000174 ___SH C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-25 13:46 - 2012-02-25 13:46 - 0000020 ___SH C:\Users\Admin\ntuser.ini
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\Vorlagen
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\Startmenü
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\Netzwerkumgebung
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\Lokale Einstellungen
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\Eigene Dateien
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\Druckumgebung
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\Documents\Eigene Videos
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\Documents\Eigene Musik
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\Documents\Eigene Bilder
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\AppData\Local\Verlauf
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\AppData\Local\Temporary Internet Files
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\AppData\Local\Anwendungsdaten
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\Anwendungsdaten
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Intel
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2012-02-25 13:46 - 2011-05-14 10:10 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Macromedia
2012-02-25 13:46 - 2010-11-20 23:16 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Media Center Programs
2012-02-25 07:04 - 2012-03-12 11:12 - 0560090 ____A C:\Windows\ntbtlog.txt
2012-02-15 22:34 - 2011-12-13 23:43 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-15 22:34 - 2011-12-13 23:16 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-15 22:34 - 2011-12-13 23:11 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-15 22:34 - 2011-12-13 23:04 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-15 22:34 - 2011-12-13 23:04 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-15 22:34 - 2011-12-13 23:03 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-15 22:34 - 2011-12-13 23:03 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-15 22:34 - 2011-12-13 23:01 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-15 22:34 - 2011-12-13 23:00 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-15 22:34 - 2011-12-13 22:59 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-15 22:34 - 2011-12-13 22:57 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-15 22:34 - 2011-12-13 22:57 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-15 22:34 - 2011-12-13 22:53 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-15 22:34 - 2011-12-13 19:30 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-15 22:34 - 2011-12-13 19:10 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-15 22:34 - 2011-12-13 19:04 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-15 22:34 - 2011-12-13 18:57 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-15 22:34 - 2011-12-13 18:57 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-15 22:34 - 2011-12-13 18:56 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-15 22:34 - 2011-12-13 18:55 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-15 22:34 - 2011-12-13 18:54 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-15 22:34 - 2011-12-13 18:53 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-15 22:34 - 2011-12-13 18:52 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-15 22:34 - 2011-12-13 18:50 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-15 22:34 - 2011-12-13 18:50 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-15 22:34 - 2011-12-13 18:47 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-15 22:25 - 2012-01-13 20:06 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-15 22:25 - 2012-01-04 02:44 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-02-15 22:25 - 2012-01-04 02:44 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-02-15 22:25 - 2012-01-04 00:59 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-02-15 22:25 - 2012-01-04 00:58 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-02-15 22:25 - 2011-12-29 22:26 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-02-15 22:25 - 2011-12-29 21:27 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-02-15 22:25 - 2011-12-27 19:59 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-02-15 22:25 - 2011-12-16 00:46 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-02-15 22:25 - 2011-12-15 23:52 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-02-14 13:30 - 2012-02-14 13:30 - 0000000 ____D C:\Users\***\AppData\Local\{E1D95FF2-28EB-486C-B6AB-989992BFAAE5}
2012-02-14 13:30 - 2012-02-14 13:30 - 0000000 ____D C:\Users\***\AppData\Local\{2BF54160-4C32-4CEE-B8AC-F5C24CC90242}
2012-02-14 12:35 - 2012-02-14 12:35 - 0018520 ____A C:\Windows\System32\iglhxs64.vp
2012-02-14 09:55 - 2012-02-14 09:55 - 5886232 ____A (Intel Corporation) C:\Windows\System32\GfxUI.exe
2012-02-14 09:55 - 2012-02-14 09:55 - 0511768 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
2012-02-14 09:55 - 2012-02-14 09:55 - 0440600 ____A (Intel Corporation) C:\Windows\System32\igfxpers.exe
2012-02-14 09:55 - 2012-02-14 09:55 - 0398616 ____A (Intel Corporation) C:\Windows\System32\hkcmd.exe
2012-02-14 09:55 - 2012-02-14 09:55 - 0276248 ____A (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2012-02-14 09:55 - 2012-02-14 09:55 - 0250136 ____A (Intel Corporation) C:\Windows\System32\igfxext.exe
2012-02-14 09:55 - 2012-02-14 09:55 - 0184600 ____A (Intel Corporation) C:\Windows\System32\difx64.exe
2012-02-14 09:55 - 2012-02-14 09:55 - 0170264 ____A (Intel Corporation) C:\Windows\System32\igfxtray.exe
2012-02-14 09:53 - 2012-02-14 09:53 - 0090112 ____A (Intel Corporation) C:\Windows\System32\igfxCoIn_v2653.dll
2012-02-14 09:47 - 2012-02-14 09:47 - 14692224 ____A (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys
2012-02-14 09:47 - 2012-02-14 09:47 - 0963912 ____A C:\Windows\SysWOW64\igkrng600.bin
2012-02-14 09:47 - 2012-02-14 09:47 - 0963912 ____A C:\Windows\System32\igkrng600.bin
2012-02-14 09:47 - 2012-02-14 09:47 - 0261208 ____A C:\Windows\SysWOW64\igfcg600m.bin
2012-02-14 09:47 - 2012-02-14 09:47 - 0261208 ____A C:\Windows\System32\igfcg600m.bin
2012-02-14 09:47 - 2012-02-14 09:47 - 0079360 ____A C:\Windows\System32\igdde64.dll
2012-02-14 09:44 - 2012-02-14 09:44 - 0058880 ____A C:\Windows\SysWOW64\igdde32.dll
2012-02-14 09:42 - 2012-02-14 09:42 - 9605632 ____A (Intel Corporation) C:\Windows\System32\igd10umd64.dll
2012-02-14 09:07 - 2012-02-14 09:07 - 18125312 ____A C:\Windows\System32\ig4icd64.dll
2012-02-14 08:59 - 2012-02-14 08:59 - 13209600 ____A C:\Windows\SysWOW64\ig4icd32.dll
2012-02-14 08:58 - 2012-02-14 08:58 - 0221099 ____A C:\Windows\System32\Gfxres.th-TH.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0191775 ____A C:\Windows\System32\Gfxres.ru-RU.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0161613 ____A C:\Windows\System32\Gfxres.ja-JP.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0146675 ____A C:\Windows\System32\Gfxres.ko-KR.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0144338 ____A C:\Windows\System32\Gfxres.ro-RO.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0143155 ____A C:\Windows\System32\Gfxres.tr-TR.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0142664 ____A C:\Windows\System32\Gfxres.pt-BR.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0142335 ____A C:\Windows\System32\Gfxres.nl-NL.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0141644 ____A C:\Windows\System32\Gfxres.pt-PT.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0141435 ____A C:\Windows\System32\Gfxres.sv-SE.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0140923 ____A C:\Windows\System32\Gfxres.pl-PL.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0140122 ____A C:\Windows\System32\Gfxres.sk-SK.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0139487 ____A C:\Windows\System32\Gfxres.hr-HR.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0136451 ____A C:\Windows\System32\Gfxres.sl-SI.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0136369 ____A C:\Windows\System32\Gfxres.nb-NO.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0124962 ____A C:\Windows\System32\Gfxres.zh-TW.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0123467 ____A C:\Windows\System32\Gfxres.zh-CN.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0440320 ____A (Intel Corporation) C:\Windows\System32\igfxrell.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0439808 ____A (Intel Corporation) C:\Windows\System32\igfxrfra.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0439808 ____A (Intel Corporation) C:\Windows\System32\igfxresn.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0439296 ____A (Intel Corporation) C:\Windows\System32\igfxrrus.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0439296 ____A (Intel Corporation) C:\Windows\System32\igfxrrom.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0438784 ____A (Intel Corporation) C:\Windows\System32\igfxrptg.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0438784 ____A (Intel Corporation) C:\Windows\System32\igfxrplk.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0438784 ____A (Intel Corporation) C:\Windows\System32\igfxrnld.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0438784 ____A (Intel Corporation) C:\Windows\System32\igfxrita.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0438784 ____A (Intel Corporation) C:\Windows\System32\igfxrhrv.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0438784 ____A (Intel Corporation) C:\Windows\System32\igfxrdeu.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0438272 ____A (Intel Corporation) C:\Windows\System32\igfxrsky.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0438272 ____A (Intel Corporation) C:\Windows\System32\igfxrhun.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0438272 ____A (Intel Corporation) C:\Windows\System32\igfxrfin.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0438272 ____A (Intel Corporation) C:\Windows\System32\igfxrcsy.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0437760 ____A (Intel Corporation) C:\Windows\System32\igfxrtrk.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0437760 ____A (Intel Corporation) C:\Windows\System32\igfxrsve.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0437760 ____A (Intel Corporation) C:\Windows\System32\igfxrslv.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0437760 ____A (Intel Corporation) C:\Windows\System32\igfxrptb.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0437760 ____A (Intel Corporation) C:\Windows\System32\igfxrnor.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0437248 ____A (Intel Corporation) C:\Windows\System32\igfxrtha.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0437248 ____A (Intel Corporation) C:\Windows\System32\igfxrdan.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0435712 ____A (Intel Corporation) C:\Windows\System32\igfxrheb.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0435712 ____A (Intel Corporation) C:\Windows\System32\igfxrara.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0432128 ____A (Intel Corporation) C:\Windows\System32\igfxrjpn.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0430592 ____A (Intel Corporation) C:\Windows\System32\igfxrkor.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0429056 ____A (Intel Corporation) C:\Windows\System32\igfxrcht.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0428544 ____A (Intel Corporation) C:\Windows\System32\igfxrchs.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0410624 ____A (Intel Corporation) C:\Windows\System32\igfxTMM.dll
2012-02-14 08:57 - 2012-02-14 08:57 - 0386048 ____A (Intel Corporation) C:\Windows\System32\igfxpph.dll
2012-02-14 08:57 - 2012-02-14 08:57 - 0207830 ____A C:\Windows\System32\Gfxres.el-GR.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0164334 ____A C:\Windows\System32\Gfxres.ar-SA.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0157226 ____A C:\Windows\System32\Gfxres.he-IL.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0148033 ____A C:\Windows\System32\Gfxres.it-IT.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0145687 ____A C:\Windows\System32\Gfxres.es-ES.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0145579 ____A C:\Windows\System32\Gfxres.de-DE.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0143805 ____A C:\Windows\System32\Gfxres.fr-FR.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0142189 ____A C:\Windows\System32\Gfxres.hu-HU.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0140885 ____A C:\Windows\System32\Gfxres.cs-CZ.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0140549 ____A C:\Windows\System32\Gfxres.fi-FI.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0135868 ____A C:\Windows\System32\Gfxres.da-DK.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0131317 ____A C:\Windows\System32\Gfxres.en-US.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0126976 ____A (Intel Corporation) C:\Windows\System32\igfxcpl.cpl
2012-02-14 08:57 - 2012-02-14 08:57 - 0028672 ____A (Intel Corporation) C:\Windows\System32\igfxexps.dll
2012-02-14 08:56 - 2012-02-14 08:56 - 9007616 ____A (Intel Corporation) C:\Windows\System32\igfxress.dll
2012-02-14 08:56 - 2012-02-14 08:56 - 0430080 ____A (Intel Corporation) C:\Windows\System32\igfxdev.dll
2012-02-14 08:56 - 2012-02-14 08:56 - 0286208 ____A (Intel Corporation) C:\Windows\System32\igfxrenu.lrc
2012-02-14 08:56 - 2012-02-14 08:56 - 0172032 ____A (Intel Corporation) C:\Windows\System32\gfxSrvc.dll
2012-02-14 08:56 - 2012-02-14 08:56 - 0142336 ____A (Intel Corporation) C:\Windows\System32\igfxdo.dll
2012-02-14 08:56 - 2012-02-14 08:56 - 0110592 ____A (Intel Corporation) C:\Windows\System32\hccutils.dll
2012-02-14 08:56 - 2012-02-14 08:56 - 0009216 ____A ( ) C:\Windows\System32\IGFXDEVLib.dll
2012-02-14 08:55 - 2012-02-14 08:55 - 0025088 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2012-02-14 08:54 - 2012-02-14 08:54 - 0321024 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2012-02-14 08:53 - 2012-02-14 08:53 - 2967040 ____A (Intel Corporation) C:\Windows\System32\igfxcmjit64.dll
2012-02-14 08:53 - 2012-02-14 08:53 - 2321408 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2012-02-14 08:53 - 2012-02-14 08:53 - 0524800 ____A (Intel Corporation) C:\Windows\System32\iglhsip64.dll
2012-02-14 08:53 - 2012-02-14 08:53 - 0519680 ____A (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2012-02-14 08:53 - 2012-02-14 08:53 - 0237056 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2012-02-14 08:53 - 2012-02-14 08:53 - 0213504 ____A (Intel Corporation) C:\Windows\System32\iglhcp64.dll
2012-02-14 08:53 - 2012-02-14 08:53 - 0193024 ____A (Intel Corporation) C:\Windows\System32\igfxcmrt64.dll
2012-02-14 08:53 - 2012-02-14 08:53 - 0177152 ____A (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2012-02-14 08:53 - 2012-02-14 08:53 - 0059425 ____A C:\Windows\System32\iglhxo64.vp
2012-02-14 08:53 - 2012-02-14 08:53 - 0059398 ____A C:\Windows\System32\iglhxg64.vp
2012-02-14 08:53 - 2012-02-14 08:53 - 0059230 ____A C:\Windows\System32\iglhxc64.vp
2012-02-14 08:53 - 2012-02-14 08:53 - 0059104 ____A C:\Windows\System32\iglhxc64_dev.vp
2012-02-14 08:53 - 2012-02-14 08:53 - 0058796 ____A C:\Windows\System32\iglhxg64_dev.vp
2012-02-14 08:53 - 2012-02-14 08:53 - 0058109 ____A C:\Windows\System32\iglhxo64_dev.vp
2012-02-14 08:53 - 2012-02-14 08:53 - 0000264 ____A C:\Windows\System32\GfxUI.exe.config
2012-02-12 15:59 - 2012-02-12 15:59 - 0478290 ____A C:\Users\***\Desktop\Geschirrspüler.pdf
2012-02-12 15:56 - 2012-02-12 15:56 - 0593296 ____A C:\Users\***\Desktop\Bosch Spüler.pdf
2012-02-12 12:39 - 2012-03-12 12:04 - 0000000 ____D C:\QUARANTINE

============ 3 Months Modified Files and Folders =============

2012-03-13 11:15 - 2012-03-13 11:15 - 0000000 ____D C:\FRST
2012-03-13 01:47 - 2011-09-02 18:26 - 3151327232 __ASH C:\hiberfil.sys
2012-03-13 01:47 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-13 01:47 - 2009-07-13 20:51 - 0062923 ____A C:\Windows\setupact.log
2012-03-13 01:35 - 2011-09-02 10:34 - 0000000 ____D C:\Users\***\AppData\Roaming\SoftGrid Client
2012-03-13 01:35 - 2011-09-02 09:31 - 1546014 ____A C:\Windows\WindowsUpdate.log
2012-03-13 01:32 - 2011-05-01 12:47 - 0654852 ____A C:\Windows\System32\perfh007.dat
2012-03-13 01:32 - 2011-05-01 12:47 - 0130434 ____A C:\Windows\System32\perfc007.dat
2012-03-13 01:32 - 2009-07-13 21:13 - 1500294 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-13 01:28 - 2009-07-13 20:45 - 0016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-13 01:28 - 2009-07-13 20:45 - 0016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-13 01:23 - 2011-09-15 12:57 - 0000000 ____D C:\Users\***\Documents\BRG
2012-03-13 01:20 - 2010-11-20 19:47 - 0019752 ____A C:\Windows\PFRO.log
2012-03-12 14:58 - 2012-03-13 01:31 - 1383409 ____A C:\Users\***\Desktop\FRST64.exe
2012-03-12 14:23 - 2012-03-12 13:14 - 0000000 __SHD C:\$RECYCLE.BIN
2012-03-12 12:53 - 2012-03-12 12:53 - 0020827 ____A C:\Users\Admin\Desktop\combofix log.txt
2012-03-12 12:50 - 2012-03-12 12:50 - 0020827 ____A C:\ComboFix.txt
2012-03-12 12:50 - 2012-03-12 11:40 - 0000000 ____D C:\Qoobox
2012-03-12 12:50 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-03-12 12:50 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-03-12 12:48 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-03-12 12:15 - 2012-03-12 11:42 - 0000000 ____D C:\Windows\ERDNT
2012-03-12 12:04 - 2012-02-12 12:39 - 0000000 ____D C:\QUARANTINE
2012-03-12 11:56 - 2009-07-13 18:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-03-12 11:30 - 2012-03-12 11:39 - 4435063 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2012-03-12 11:30 - 2012-03-12 11:36 - 4435063 ____A (Swearware) C:\Users\Aushilfe\Desktop\ComboFix.exe
2012-03-12 11:30 - 2012-03-12 11:29 - 4435063 ____A (Swearware) C:\Users\***\Desktop\ComboFix.exe
2012-03-12 11:12 - 2012-02-25 07:04 - 0560090 ____A C:\Windows\ntbtlog.txt
2012-03-11 15:02 - 2012-03-11 15:02 - 0002109 ____A C:\Users\Admin\Desktop\Attach.zip
2012-03-11 15:02 - 2012-03-11 15:02 - 0000000 ____D C:\Users\Admin\AppData\Roaming\WinRAR
2012-03-11 14:48 - 2012-03-11 14:48 - 0020405 ____A C:\Users\Admin\Desktop\DDS.txt
2012-03-11 14:48 - 2012-03-11 14:48 - 0005221 ____A C:\Users\Admin\Desktop\Attach.txt
2012-03-11 14:44 - 2012-03-11 14:44 - 0607260 ____R (Swearware) C:\Users\Admin\Desktop\dds.com
2012-03-11 14:43 - 2012-03-11 14:43 - 0000472 ____A C:\Users\Admin\Desktop\defogger_disable.log
2012-03-11 14:43 - 2012-03-11 14:43 - 0000000 ____A C:\Users\Admin\defogger_reenable
2012-03-11 14:43 - 2012-02-25 13:46 - 0000000 ____D C:\users\Admin
2012-03-11 14:41 - 2012-03-11 14:41 - 0050477 ____A C:\Users\Admin\Desktop\Defogger.exe
2012-03-11 14:08 - 2012-03-11 13:00 - 0000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2012-03-11 13:31 - 2012-03-11 10:52 - 0000361 ____A C:\rkill.log
2012-03-11 11:43 - 2012-03-11 11:43 - 0003454 ____A C:\Users\Admin\Desktop\mbam-log-2012-03-11 (20-00-24).txt
2012-03-11 11:34 - 2012-03-11 11:34 - 0126239 ____A C:\Users\Admin\Desktop\Unbenannt4.png
2012-03-11 10:56 - 2012-03-11 10:56 - 0001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2012-03-11 10:56 - 2012-03-11 10:56 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-11 10:56 - 2012-03-11 10:56 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2012-03-11 10:56 - 2012-03-11 10:56 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-11 10:56 - 2012-03-11 10:56 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-11 10:50 - 2012-03-11 10:50 - 1008141 ____A C:\Users\Admin\Desktop\rkill.com
2012-03-11 09:36 - 2012-03-11 10:50 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Admin\Desktop\mbam-setup-1.60.1.1000.exe
2012-03-11 07:52 - 2012-03-11 07:52 - 0109131 ____A C:\Users\***\Desktop\Unbenannt1.png
2012-03-11 07:51 - 2012-03-11 07:51 - 2086138 ____A C:\Users\***\Desktop\Unbenannt.png
2012-03-11 07:42 - 2012-03-11 07:42 - 0000000 __SHD C:\Users\***\AppData\Local\8012f6bf
2012-03-10 05:57 - 2012-03-10 05:57 - 0469350 ____A C:\Users\***\Desktop\DB Leer.pdf
2012-03-09 12:43 - 2012-03-09 12:43 - 0000000 ____D C:\Users\Admin\AppData\Local\Adobe
2012-03-09 12:43 - 2012-02-26 13:16 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2012-03-09 12:43 - 2012-02-25 13:46 - 0000000 ____D C:\Users\Admin\AppData\LocalLow
2012-03-09 12:38 - 2012-03-09 12:00 - 0000000 ____D C:\Users\All Users\SecTaskMan
2012-03-09 12:38 - 2012-03-09 12:00 - 0000000 ____D C:\ProgramData\SecTaskMan
2012-03-09 12:05 - 2012-03-09 12:05 - 0196267 ____A C:\Users\Admin\Desktop\Unbenannt.png
2012-03-09 12:00 - 2012-03-09 12:00 - 0000000 ____D C:\Program Files (x86)\Security Task Manager
2012-03-08 14:04 - 2011-09-15 12:31 - 0000000 ____D C:\Users\***\Documents\Sonstiges
2012-03-07 15:03 - 2012-03-07 15:02 - 0000000 ____D C:\Users\***\Desktop\MüKo
2012-03-05 09:03 - 2011-09-02 09:41 - 0000000 ____D C:\Users\***\AppData\LocalLow
2012-03-05 09:03 - 2011-09-02 09:41 - 0000000 ____D C:\users\***
2012-03-03 07:04 - 2011-09-15 12:55 - 0000000 ____D C:\Users\***\Documents\Fahrplan
2012-03-02 01:14 - 2009-07-13 21:08 - 0032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-03-01 15:09 - 2011-10-13 14:14 - 0000221 ____A C:\Users\***\Desktop\Doodle Listen.txt
2012-03-01 14:22 - 2012-03-01 14:22 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-03-01 14:22 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-02-26 12:58 - 2009-07-13 20:45 - 0387120 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-26 11:00 - 2011-09-02 09:33 - 0000000 ____D C:\Program Files (x86)\Google
2012-02-26 03:55 - 2012-02-26 03:55 - 0000000 ____D C:\Users\Aushilfe\AppData\Roaming\Adobe
2012-02-26 03:55 - 2012-02-26 03:49 - 0000000 ____D C:\Users\Aushilfe\AppData\LocalLow
2012-02-26 03:50 - 2012-02-26 03:50 - 0095568 ____A C:\Users\Aushilfe\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-26 03:50 - 2012-02-26 03:50 - 0000000 ____D C:\Users\Aushilfe\AppData\Roaming\McAfee
2012-02-26 03:50 - 2012-02-26 03:50 - 0000000 ____D C:\Users\Aushilfe\AppData\Local\Power2Go
2012-02-26 03:49 - 2012-02-26 03:49 - 0000174 ___SH C:\Users\Aushilfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-26 03:49 - 2012-02-26 03:49 - 0000020 ___SH C:\Users\Aushilfe\ntuser.ini
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\Vorlagen
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\Startmenü
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\Netzwerkumgebung
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\Lokale Einstellungen
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\Eigene Dateien
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\Druckumgebung
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\Documents\Eigene Videos
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\Documents\Eigene Musik
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\Documents\Eigene Bilder
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\AppData\Local\Verlauf
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\AppData\Local\Temporary Internet Files
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\AppData\Local\Anwendungsdaten
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 __SHD C:\Users\Aushilfe\Anwendungsdaten
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 ____D C:\Users\Aushilfe\AppData\Roaming\Intel
2012-02-26 03:49 - 2012-02-26 03:49 - 0000000 ____D C:\Users\Aushilfe\AppData\Local\VirtualStore
2012-02-26 03:49 - 2012-02-26 03:48 - 0000000 ____D C:\users\Aushilfe
2012-02-25 13:47 - 2012-02-25 13:47 - 0095568 ____A C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-25 13:47 - 2012-02-25 13:47 - 0000000 ____D C:\Users\Admin\AppData\Roaming\McAfee
2012-02-25 13:47 - 2012-02-25 13:47 - 0000000 ____D C:\Users\Admin\AppData\Local\Power2Go
2012-02-25 13:46 - 2012-02-25 13:46 - 0000174 ___SH C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-25 13:46 - 2012-02-25 13:46 - 0000020 ___SH C:\Users\Admin\ntuser.ini
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\Vorlagen
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\Startmenü
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\Netzwerkumgebung
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\Lokale Einstellungen
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\Eigene Dateien
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\Druckumgebung
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\Documents\Eigene Videos
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\Documents\Eigene Musik
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\Documents\Eigene Bilder
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\AppData\Local\Verlauf
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\AppData\Local\Temporary Internet Files
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\AppData\Local\Anwendungsdaten
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 __SHD C:\Users\Admin\Anwendungsdaten
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Intel
2012-02-25 13:46 - 2012-02-25 13:46 - 0000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2012-02-25 07:31 - 2011-09-15 12:31 - 0000000 ____D C:\Users\***\Documents\Uni
2012-02-25 07:23 - 2011-09-15 12:57 - 0000000 ____D C:\Users\***\Documents\Adressen
2012-02-18 03:16 - 2011-09-04 02:36 - 0000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-02-16 07:37 - 2011-05-14 10:10 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-16 07:36 - 2011-09-02 09:41 - 0000174 ___SH C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-15 22:37 - 2011-09-02 10:33 - 1527912 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-02-15 22:37 - 2011-09-02 10:33 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-02-15 22:37 - 2011-05-01 14:30 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 22:35 - 2011-05-01 14:29 - 54585368 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-14 13:30 - 2012-02-14 13:30 - 0000000 ____D C:\Users\***\AppData\Local\{E1D95FF2-28EB-486C-B6AB-989992BFAAE5}
2012-02-14 13:30 - 2012-02-14 13:30 - 0000000 ____D C:\Users\***\AppData\Local\{2BF54160-4C32-4CEE-B8AC-F5C24CC90242}
2012-02-14 12:35 - 2012-02-14 12:35 - 0018520 ____A C:\Windows\System32\iglhxs64.vp
2012-02-14 09:55 - 2012-02-14 09:55 - 5886232 ____A (Intel Corporation) C:\Windows\System32\GfxUI.exe
2012-02-14 09:55 - 2012-02-14 09:55 - 0511768 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
2012-02-14 09:55 - 2012-02-14 09:55 - 0440600 ____A (Intel Corporation) C:\Windows\System32\igfxpers.exe
2012-02-14 09:55 - 2012-02-14 09:55 - 0398616 ____A (Intel Corporation) C:\Windows\System32\hkcmd.exe
2012-02-14 09:55 - 2012-02-14 09:55 - 0276248 ____A (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2012-02-14 09:55 - 2012-02-14 09:55 - 0250136 ____A (Intel Corporation) C:\Windows\System32\igfxext.exe
2012-02-14 09:55 - 2012-02-14 09:55 - 0184600 ____A (Intel Corporation) C:\Windows\System32\difx64.exe
2012-02-14 09:55 - 2012-02-14 09:55 - 0170264 ____A (Intel Corporation) C:\Windows\System32\igfxtray.exe
2012-02-14 09:53 - 2012-02-14 09:53 - 0090112 ____A (Intel Corporation) C:\Windows\System32\igfxCoIn_v2653.dll
2012-02-14 09:47 - 2012-02-14 09:47 - 14692224 ____A (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys
2012-02-14 09:47 - 2012-02-14 09:47 - 0963912 ____A C:\Windows\SysWOW64\igkrng600.bin
2012-02-14 09:47 - 2012-02-14 09:47 - 0963912 ____A C:\Windows\System32\igkrng600.bin
2012-02-14 09:47 - 2012-02-14 09:47 - 0261208 ____A C:\Windows\SysWOW64\igfcg600m.bin
2012-02-14 09:47 - 2012-02-14 09:47 - 0261208 ____A C:\Windows\System32\igfcg600m.bin
2012-02-14 09:47 - 2012-02-14 09:47 - 0079360 ____A C:\Windows\System32\igdde64.dll
2012-02-14 09:47 - 2011-06-08 11:35 - 8086528 ____A (Intel Corporation) C:\Windows\System32\igdumd64.dll
2012-02-14 09:44 - 2012-02-14 09:44 - 0058880 ____A C:\Windows\SysWOW64\igdde32.dll
2012-02-14 09:44 - 2011-06-08 11:34 - 6120960 ____A (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2012-02-14 09:42 - 2012-02-14 09:42 - 9605632 ____A (Intel Corporation) C:\Windows\System32\igd10umd64.dll
2012-02-14 09:35 - 2011-06-08 11:34 - 7794688 ____A (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2012-02-14 09:07 - 2012-02-14 09:07 - 18125312 ____A C:\Windows\System32\ig4icd64.dll
2012-02-14 08:59 - 2012-02-14 08:59 - 13209600 ____A C:\Windows\SysWOW64\ig4icd32.dll
2012-02-14 08:58 - 2012-02-14 08:58 - 0221099 ____A C:\Windows\System32\Gfxres.th-TH.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0191775 ____A C:\Windows\System32\Gfxres.ru-RU.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0161613 ____A C:\Windows\System32\Gfxres.ja-JP.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0146675 ____A C:\Windows\System32\Gfxres.ko-KR.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0144338 ____A C:\Windows\System32\Gfxres.ro-RO.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0143155 ____A C:\Windows\System32\Gfxres.tr-TR.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0142664 ____A C:\Windows\System32\Gfxres.pt-BR.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0142335 ____A C:\Windows\System32\Gfxres.nl-NL.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0141644 ____A C:\Windows\System32\Gfxres.pt-PT.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0141435 ____A C:\Windows\System32\Gfxres.sv-SE.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0140923 ____A C:\Windows\System32\Gfxres.pl-PL.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0140122 ____A C:\Windows\System32\Gfxres.sk-SK.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0139487 ____A C:\Windows\System32\Gfxres.hr-HR.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0136451 ____A C:\Windows\System32\Gfxres.sl-SI.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0136369 ____A C:\Windows\System32\Gfxres.nb-NO.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0124962 ____A C:\Windows\System32\Gfxres.zh-TW.resources
2012-02-14 08:58 - 2012-02-14 08:58 - 0123467 ____A C:\Windows\System32\Gfxres.zh-CN.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0440320 ____A (Intel Corporation) C:\Windows\System32\igfxrell.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0439808 ____A (Intel Corporation) C:\Windows\System32\igfxrfra.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0439808 ____A (Intel Corporation) C:\Windows\System32\igfxresn.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0439296 ____A (Intel Corporation) C:\Windows\System32\igfxrrus.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0439296 ____A (Intel Corporation) C:\Windows\System32\igfxrrom.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0438784 ____A (Intel Corporation) C:\Windows\System32\igfxrptg.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0438784 ____A (Intel Corporation) C:\Windows\System32\igfxrplk.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0438784 ____A (Intel Corporation) C:\Windows\System32\igfxrnld.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0438784 ____A (Intel Corporation) C:\Windows\System32\igfxrita.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0438784 ____A (Intel Corporation) C:\Windows\System32\igfxrhrv.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0438784 ____A (Intel Corporation) C:\Windows\System32\igfxrdeu.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0438272 ____A (Intel Corporation) C:\Windows\System32\igfxrsky.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0438272 ____A (Intel Corporation) C:\Windows\System32\igfxrhun.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0438272 ____A (Intel Corporation) C:\Windows\System32\igfxrfin.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0438272 ____A (Intel Corporation) C:\Windows\System32\igfxrcsy.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0437760 ____A (Intel Corporation) C:\Windows\System32\igfxrtrk.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0437760 ____A (Intel Corporation) C:\Windows\System32\igfxrsve.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0437760 ____A (Intel Corporation) C:\Windows\System32\igfxrslv.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0437760 ____A (Intel Corporation) C:\Windows\System32\igfxrptb.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0437760 ____A (Intel Corporation) C:\Windows\System32\igfxrnor.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0437248 ____A (Intel Corporation) C:\Windows\System32\igfxrtha.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0437248 ____A (Intel Corporation) C:\Windows\System32\igfxrdan.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0435712 ____A (Intel Corporation) C:\Windows\System32\igfxrheb.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0435712 ____A (Intel Corporation) C:\Windows\System32\igfxrara.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0432128 ____A (Intel Corporation) C:\Windows\System32\igfxrjpn.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0430592 ____A (Intel Corporation) C:\Windows\System32\igfxrkor.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0429056 ____A (Intel Corporation) C:\Windows\System32\igfxrcht.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0428544 ____A (Intel Corporation) C:\Windows\System32\igfxrchs.lrc
2012-02-14 08:57 - 2012-02-14 08:57 - 0410624 ____A (Intel Corporation) C:\Windows\System32\igfxTMM.dll
2012-02-14 08:57 - 2012-02-14 08:57 - 0386048 ____A (Intel Corporation) C:\Windows\System32\igfxpph.dll
2012-02-14 08:57 - 2012-02-14 08:57 - 0207830 ____A C:\Windows\System32\Gfxres.el-GR.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0164334 ____A C:\Windows\System32\Gfxres.ar-SA.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0157226 ____A C:\Windows\System32\Gfxres.he-IL.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0148033 ____A C:\Windows\System32\Gfxres.it-IT.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0145687 ____A C:\Windows\System32\Gfxres.es-ES.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0145579 ____A C:\Windows\System32\Gfxres.de-DE.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0143805 ____A C:\Windows\System32\Gfxres.fr-FR.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0142189 ____A C:\Windows\System32\Gfxres.hu-HU.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0140885 ____A C:\Windows\System32\Gfxres.cs-CZ.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0140549 ____A C:\Windows\System32\Gfxres.fi-FI.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0135868 ____A C:\Windows\System32\Gfxres.da-DK.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0131317 ____A C:\Windows\System32\Gfxres.en-US.resources
2012-02-14 08:57 - 2012-02-14 08:57 - 0126976 ____A (Intel Corporation) C:\Windows\System32\igfxcpl.cpl
2012-02-14 08:57 - 2012-02-14 08:57 - 0028672 ____A (Intel Corporation) C:\Windows\System32\igfxexps.dll
2012-02-14 08:57 - 2011-06-08 11:35 - 0063488 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.dll
2012-02-14 08:56 - 2012-02-14 08:56 - 9007616 ____A (Intel Corporation) C:\Windows\System32\igfxress.dll
2012-02-14 08:56 - 2012-02-14 08:56 - 0430080 ____A (Intel Corporation) C:\Windows\System32\igfxdev.dll
2012-02-14 08:56 - 2012-02-14 08:56 - 0286208 ____A (Intel Corporation) C:\Windows\System32\igfxrenu.lrc
2012-02-14 08:56 - 2012-02-14 08:56 - 0172032 ____A (Intel Corporation) C:\Windows\System32\gfxSrvc.dll
2012-02-14 08:56 - 2012-02-14 08:56 - 0142336 ____A (Intel Corporation) C:\Windows\System32\igfxdo.dll
2012-02-14 08:56 - 2012-02-14 08:56 - 0110592 ____A (Intel Corporation) C:\Windows\System32\hccutils.dll
2012-02-14 08:56 - 2012-02-14 08:56 - 0009216 ____A ( ) C:\Windows\System32\IGFXDEVLib.dll
2012-02-14 08:55 - 2012-02-14 08:55 - 0025088 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2012-02-14 08:54 - 2012-02-14 08:54 - 0321024 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2012-02-14 08:53 - 2012-02-14 08:53 - 2967040 ____A (Intel Corporation) C:\Windows\System32\igfxcmjit64.dll
2012-02-14 08:53 - 2012-02-14 08:53 - 2321408 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2012-02-14 08:53 - 2012-02-14 08:53 - 0524800 ____A (Intel Corporation) C:\Windows\System32\iglhsip64.dll
2012-02-14 08:53 - 2012-02-14 08:53 - 0519680 ____A (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2012-02-14 08:53 - 2012-02-14 08:53 - 0237056 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2012-02-14 08:53 - 2012-02-14 08:53 - 0213504 ____A (Intel Corporation) C:\Windows\System32\iglhcp64.dll
2012-02-14 08:53 - 2012-02-14 08:53 - 0193024 ____A (Intel Corporation) C:\Windows\System32\igfxcmrt64.dll
2012-02-14 08:53 - 2012-02-14 08:53 - 0177152 ____A (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2012-02-14 08:53 - 2012-02-14 08:53 - 0059425 ____A C:\Windows\System32\iglhxo64.vp
2012-02-14 08:53 - 2012-02-14 08:53 - 0059398 ____A C:\Windows\System32\iglhxg64.vp
2012-02-14 08:53 - 2012-02-14 08:53 - 0059230 ____A C:\Windows\System32\iglhxc64.vp
2012-02-14 08:53 - 2012-02-14 08:53 - 0059104 ____A C:\Windows\System32\iglhxc64_dev.vp
2012-02-14 08:53 - 2012-02-14 08:53 - 0058796 ____A C:\Windows\System32\iglhxg64_dev.vp
2012-02-14 08:53 - 2012-02-14 08:53 - 0058109 ____A C:\Windows\System32\iglhxo64_dev.vp
2012-02-14 08:53 - 2012-02-14 08:53 - 0000264 ____A C:\Windows\System32\GfxUI.exe.config
2012-02-12 15:59 - 2012-02-12 15:59 - 0478290 ____A C:\Users\***\Desktop\Geschirrspüler.pdf
2012-02-12 15:56 - 2012-02-12 15:56 - 0593296 ____A C:\Users\***\Desktop\Bosch Spüler.pdf
2012-02-12 12:39 - 2012-02-03 12:35 - 0000000 ____D C:\Users\***\AppData\Roaming\Naixah
2012-02-03 12:41 - 2012-02-03 12:35 - 0000000 ____D C:\Users\***\AppData\Roaming\Ihutpa
2012-01-31 15:56 - 2012-01-31 15:56 - 0000000 ____D C:\Users\***\AppData\Local\Unity
2012-01-31 15:56 - 2012-01-31 15:56 - 0000000 ____D C:\Users\***\AppData\Local\Deployment
2012-01-31 15:56 - 2012-01-31 15:56 - 0000000 ____D C:\Users\***\AppData\Local\Apps\2.0
2012-01-28 19:03 - 2011-09-18 15:49 - 0006144 ____A C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-01-25 14:47 - 2012-01-25 14:47 - 0013484 ____A C:\Users\***\Desktop\§ 986 BGB neutral.docx
2012-01-24 14:37 - 2012-01-24 14:37 - 0003125 ____A C:\Users\***\Desktop\Rudern 2012 - Verknüpfung.lnk
2012-01-22 15:29 - 2012-01-22 15:28 - 0000000 ____D C:\Users\***\Desktop\AHOI
2012-01-13 20:06 - 2012-02-15 22:25 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-12 12:39 - 2011-09-02 09:42 - 0095568 ____A C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2012-01-11 15:35 - 2011-09-02 13:34 - 0002023 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-01-04 02:44 - 2012-02-15 22:25 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 02:44 - 2012-02-15 22:25 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 00:59 - 2012-02-15 22:25 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 00:58 - 2012-02-15 22:25 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2011-12-29 22:26 - 2012-02-15 22:25 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2011-12-29 21:27 - 2012-02-15 22:25 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2011-12-27 19:59 - 2012-02-15 22:25 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-12-19 14:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-12-16 00:46 - 2012-02-15 22:25 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2011-12-15 23:52 - 2012-02-15 22:25 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2011-12-15 13:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\de-DE
2011-12-15 13:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\de-DE

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4007.12 MB
Available physical RAM: 3398.01 MB
Total Pagefile: 4005.32 MB
Available Pagefile: 3388.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Boot) (Fixed) (Total:657.54 GB) (Free:574.54 GB) NTFS
2 Drive d: (Recover) (Fixed) (Total:37.99 GB) (Free:13.84 GB) NTFS
7 Drive j: () (Removable) (Total:0.97 GB) (Free:0.97 GB) FAT
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 4096 KB
Disk 1 Online 997 MB 0 B

==========================================================

Last Boot: 2012-03-11 06:41

======================= End Of Log ==========================

Psychotic · 13.03.2012, 11:21

Da habe ich den Baustein nicht auf frst64.exe angepasst - sei beruhigt, ist alles in Ordnung!

Du führst FRST aber schon in den Reparaturoptionen aus und hast Windows nicht gestartet?

Wie kommst du denn auf das Sicherheitscenter?

Wie auch immer: Wir haben noch gar keine Eingriffe am System vorgenommen - dem System ist NICHT zu trauen!

ralle622 · 13.03.2012, 11:25

Ich hatte den Computer vorher normal gestartet und im Sicherheitscenter vorbeigeschaut. Für FRST habe ich Windows nicht gestartet.

Psychotic · 13.03.2012, 11:37

Fix mit FRST

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

3 mfeavfk01;
C:\Users\***\AppData\Local\8012f6bf
C:\$RECYCLE.BIN
C:\Users\***\AppData\Roaming\Naixah
C:\Users\***\AppData\Roaming\Ihutpa

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST64.exe erneut und klicke den Fix Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Schritt 1: ComboFix

Starte Windows!

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lösche die vorhandene Combofix.exe von dienem Desktop und
downloade dir bitte Combofix von einem dieser Downloadspiegel neu:

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

ralle622 · 13.03.2012, 11:48

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 11-03-2012
Ran by SYSTEM at 2012-03-13 11:45:31 R:1
Running from J:\

==============================================

3 mfeavfk01; service not found.
C:\Users\***\AppData\Local\8012f6bf moved successfully.
C:\$RECYCLE.BIN moved successfully.
C:\Users\***\AppData\Roaming\Naixah moved successfully.
C:\Users\***\AppData\Roaming\Ihutpa moved successfully.

==== End of Fixlog ====

combofix folgt...

ralle622 · 13.03.2012, 12:05

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-03-12.03 - Admin 13.03.2012  11:53:56.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4007.2534 [GMT 1:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-13 bis 2012-03-13  ))))))))))))))))))))))))))))))
.
.
2012-03-13 19:15 . 2012-03-13 19:16	--------	d-----w-	C:\FRST
2012-03-13 11:00 . 2012-03-13 11:00	--------	d-----w-	c:\users\***\AppData\Local\temp
2012-03-13 11:00 . 2012-03-13 11:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-11 18:56 . 2012-03-11 18:56	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-11 18:56 . 2012-03-11 18:56	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-11 18:56 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-09 20:00 . 2012-03-09 20:38	--------	d-----w-	c:\programdata\SecTaskMan
2012-03-09 20:00 . 2012-03-09 20:00	--------	d-----w-	c:\program files (x86)\Security Task Manager
2012-03-01 22:22 . 2012-03-01 22:22	--------	d-----w-	c:\windows\SysWow64\Adobe
2012-02-26 11:48 . 2012-02-26 11:49	--------	d-----w-	c:\users\Aushilfe
2012-02-25 21:46 . 2012-03-11 22:43	--------	d-----w-	c:\users\Admin
2012-02-16 06:25 . 2012-01-04 10:44	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-16 06:25 . 2012-01-04 08:58	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2012-02-16 06:25 . 2011-12-30 06:26	515584	----a-w-	c:\windows\system32\timedate.cpl
2012-02-16 06:25 . 2011-12-30 05:27	478720	----a-w-	c:\windows\SysWow64\timedate.cpl
2012-02-16 06:25 . 2012-01-14 04:06	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-02-16 06:25 . 2011-12-28 03:59	498688	----a-w-	c:\windows\system32\drivers\afd.sys
2012-02-16 06:25 . 2011-12-16 08:46	634880	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-16 06:25 . 2011-12-16 07:52	690688	----a-w-	c:\windows\SysWow64\msvcrt.dll
2012-02-14 17:55 . 2012-02-14 17:55	276248	----a-w-	c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 17:55 . 2012-02-14 17:55	5886232	----a-w-	c:\windows\system32\GfxUI.exe
2012-02-14 17:55 . 2012-02-14 17:55	511768	----a-w-	c:\windows\system32\igfxsrvc.exe
2012-02-14 17:55 . 2012-02-14 17:55	440600	----a-w-	c:\windows\system32\igfxpers.exe
2012-02-14 17:55 . 2012-02-14 17:55	398616	----a-w-	c:\windows\system32\hkcmd.exe
2012-02-14 17:55 . 2012-02-14 17:55	250136	----a-w-	c:\windows\system32\igfxext.exe
2012-02-14 17:55 . 2012-02-14 17:55	184600	----a-w-	c:\windows\system32\difx64.exe
2012-02-14 17:55 . 2012-02-14 17:55	170264	----a-w-	c:\windows\system32\igfxtray.exe
2012-02-14 17:53 . 2012-02-14 17:53	90112	----a-w-	c:\windows\system32\igfxCoIn_v2653.dll
2012-02-14 17:47 . 2012-02-14 17:47	14692224	----a-w-	c:\windows\system32\drivers\igdkmd64.sys
2012-02-14 17:47 . 2012-02-14 17:47	963912	----a-w-	c:\windows\SysWow64\igkrng600.bin
2012-02-14 17:47 . 2012-02-14 17:47	963912	----a-w-	c:\windows\system32\igkrng600.bin
2012-02-14 17:47 . 2012-02-14 17:47	79360	----a-w-	c:\windows\system32\igdde64.dll
2012-02-14 17:47 . 2012-02-14 17:47	261208	----a-w-	c:\windows\SysWow64\igfcg600m.bin
2012-02-14 17:47 . 2012-02-14 17:47	261208	----a-w-	c:\windows\system32\igfcg600m.bin
2012-02-14 17:44 . 2012-02-14 17:44	58880	----a-w-	c:\windows\SysWow64\igdde32.dll
2012-02-14 17:42 . 2012-02-14 17:42	9605632	----a-w-	c:\windows\system32\igd10umd64.dll
2012-02-14 17:07 . 2012-02-14 17:07	18125312	----a-w-	c:\windows\system32\ig4icd64.dll
2012-02-14 16:59 . 2012-02-14 16:59	13209600	----a-w-	c:\windows\SysWow64\ig4icd32.dll
2012-02-14 16:56 . 2012-02-14 16:56	110592	----a-w-	c:\windows\system32\hccutils.dll
2012-02-14 16:56 . 2012-02-14 16:56	9216	----a-w-	c:\windows\system32\IGFXDEVLib.dll
2012-02-14 16:56 . 2012-02-14 16:56	430080	----a-w-	c:\windows\system32\igfxdev.dll
2012-02-14 16:56 . 2012-02-14 16:56	172032	----a-w-	c:\windows\system32\gfxSrvc.dll
2012-02-14 16:56 . 2012-02-14 16:56	286208	----a-w-	c:\windows\system32\igfxrenu.lrc
2012-02-14 16:56 . 2012-02-14 16:56	142336	----a-w-	c:\windows\system32\igfxdo.dll
2012-02-14 16:56 . 2012-02-14 16:56	9007616	----a-w-	c:\windows\system32\igfxress.dll
2012-02-14 16:55 . 2012-02-14 16:55	25088	----a-w-	c:\windows\SysWow64\igfxexps32.dll
2012-02-14 16:54 . 2012-02-14 16:54	321024	----a-w-	c:\windows\SysWow64\igfxdv32.dll
2012-02-14 16:53 . 2012-02-14 16:53	524800	----a-w-	c:\windows\system32\iglhsip64.dll
2012-02-14 16:53 . 2012-02-14 16:53	519680	----a-w-	c:\windows\SysWow64\iglhsip32.dll
2012-02-14 16:53 . 2012-02-14 16:53	2967040	----a-w-	c:\windows\system32\igfxcmjit64.dll
2012-02-14 16:53 . 2012-02-14 16:53	237056	----a-w-	c:\windows\SysWow64\igfxcmrt32.dll
2012-02-14 16:53 . 2012-02-14 16:53	2321408	----a-w-	c:\windows\SysWow64\igfxcmjit32.dll
2012-02-14 16:53 . 2012-02-14 16:53	213504	----a-w-	c:\windows\system32\iglhcp64.dll
2012-02-14 16:53 . 2012-02-14 16:53	193024	----a-w-	c:\windows\system32\igfxcmrt64.dll
2012-02-14 16:53 . 2012-02-14 16:53	177152	----a-w-	c:\windows\SysWow64\iglhcp32.dll
2012-02-12 20:39 . 2012-03-12 20:04	--------	d-----w-	C:\QUARANTINE
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 15:37 . 2011-05-14 18:10	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-14 17:47 . 2011-06-08 19:35	8086528	----a-w-	c:\windows\system32\igdumd64.dll
2012-02-14 17:44 . 2011-06-08 19:34	6120960	----a-w-	c:\windows\SysWow64\igdumd32.dll
2012-02-14 17:35 . 2011-06-08 19:34	7794688	----a-w-	c:\windows\SysWow64\igd10umd32.dll
2012-02-14 16:57 . 2011-06-08 19:35	63488	----a-w-	c:\windows\system32\igfxsrvc.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-03-12_19.57.02   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-13 09:49 . 2012-03-13 09:49	12167              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-03-12 19:54 . 2012-03-12 19:54	12167              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-11-21 03:09 . 2012-03-13 10:48	47492              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-13 10:48	41618              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-02 17:42 . 2012-03-13 09:49	16010              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3360420451-3257168234-32891417-1001_UserData.bin
- 2011-09-02 17:37 . 2012-03-12 19:55	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-02 17:37 . 2012-03-13 10:46	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-02 17:37 . 2012-03-12 19:55	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-02 17:37 . 2012-03-13 10:46	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-12 19:55	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-13 10:46	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-26 11:47 . 2012-03-13 10:48	1990              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3360420451-3257168234-32891417-1003_UserData.bin
+ 2012-03-13 10:46 . 2012-03-13 10:46	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-12 19:55 . 2012-03-12 19:55	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-13 10:46 . 2012-03-13 10:46	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-12 19:55 . 2012-03-12 19:55	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-03-13 10:52	616694              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-12 19:43	616694              c:\windows\system32\perfh009.dat
- 2011-05-01 20:47 . 2012-03-12 19:43	654852              c:\windows\system32\perfh007.dat
+ 2011-05-01 20:47 . 2012-03-13 10:52	654852              c:\windows\system32\perfh007.dat
- 2009-07-14 02:36 . 2012-03-12 19:43	106816              c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-13 10:52	106816              c:\windows\system32\perfc009.dat
+ 2011-05-01 20:47 . 2012-03-13 10:52	130434              c:\windows\system32\perfc007.dat
- 2011-05-01 20:47 . 2012-03-12 19:43	130434              c:\windows\system32\perfc007.dat
- 2009-07-14 05:01 . 2012-03-12 19:54	290960              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-13 09:49	290960              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-26 12:26 . 2012-03-13 00:38	470436              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3360420451-3257168234-32891417-1004-8192.dat
- 2012-02-26 12:26 . 2012-03-12 19:54	470436              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3360420451-3257168234-32891417-1004-8192.dat
+ 2012-02-25 22:37 . 2012-03-13 00:38	947704              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3360420451-3257168234-32891417-1003-8192.dat
- 2012-02-25 22:37 . 2012-03-12 19:54	947704              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3360420451-3257168234-32891417-1003-8192.dat
+ 2011-09-02 18:17 . 2012-03-13 09:35	755436              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3360420451-3257168234-32891417-1001-8192.dat
+ 2011-06-09 16:02 . 2012-03-13 00:38	1236168              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-06-09 16:02 . 2012-02-26 10:10	1236168              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-09-02 18:17 . 2012-03-11 16:50	22125035              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3360420451-3257168234-32891417-1001-4096.dat
+ 2011-09-02 18:17 . 2012-03-13 09:35	22125035              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3360420451-3257168234-32891417-1001-4096.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-02-03 506712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-09-14 215360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
watchmi tray.lnk - c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2011-9-2 300416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-02-11 1304912]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-02-11 907600]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-02-11 997712]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
S2 GFNEXSrv;GFNEX Service;c:\program files (x86)\PHotkey\GFNEXSrv.exe [2010-10-07 159752]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 PEGAGFN;PEGAGFN;c:\program files (x86)\PHotkey\PEGAGFN.sys [2009-09-11 14344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [2010-12-06 62464]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mfeavfk01
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="E" [X]
"AmIcoSinglun64"="E" [X]
"IntelPAN"="E" [X]
"SmartAudio"="E" [X]
"BTMTrayAgent"="86)\INTEL\BLUETOOTH\BTMSHELL.DLL" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-13  12:02:28
ComboFix-quarantined-files.txt  2012-03-13 11:02
ComboFix2.txt  2012-03-12 20:50
.
Vor Suchlauf: 11 Verzeichnis(se), 616.684.253.184 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 616.632.664.064 Bytes frei
.
- - End Of File - - 505230556529D869BB20A1E5B981EBBF

--- --- ---

Psychotic · 13.03.2012, 12:11

Schritt 1: aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Schritt 2: MBAM

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen.(Hinweis: Alle Festplatten anhaken!)
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 3: OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)

Doppelklick auf die OTL.exe
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

ralle622 · 13.03.2012, 12:53

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-13 12:20:57
-----------------------------
12:20:57.349 OS Version: Windows x64 6.1.7601 Service Pack 1
12:20:57.349 Number of processors: 4 586 0x2A07
12:20:57.349 ComputerName: NOTEBOOK2011VO UserName: Admin
12:20:59.003 Initialize success
12:21:47.651 AVAST engine defs: 12031300
12:21:51.863 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:21:51.879 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
12:21:51.894 Disk 0 MBR read successfully
12:21:51.910 Disk 0 MBR scan
12:21:51.910 Disk 0 unknown MBR code
12:21:51.925 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 2048
12:21:51.941 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 673318 MB offset 208896
12:21:51.941 Disk 0 Partition - 00 0F Extended LBA 40956 MB offset 1379164160
12:21:51.972 Disk 0 Partition 3 00 12 Compaq diag NTFS 1025 MB offset 1463042048
12:21:52.003 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 38906 MB offset 1379166208
12:21:52.019 Disk 0 Partition - 00 05 Extended 129 MB offset 1458845696
12:21:52.050 Disk 0 Partition 5 00 27 Hidden NTFS WinRE 128 MB offset 1458847744
12:21:52.050 Disk 0 Partition - 00 05 Extended 896 MB offset 1538791424
12:21:52.081 Disk 0 Partition 6 00 27 Hidden NTFS WinRE 895 MB offset 1459111936
12:21:52.409 Disk 0 Partition - 00 05 Extended 1024 MB offset 1540890624
12:21:52.471 Disk 0 Partition 7 00 27 Hidden NTFS WinRE 1023 MB offset 1460946944
12:21:52.534 Disk 0 scanning C:\Windows\system32\drivers
12:22:06.886 Service scanning
12:22:37.134 Modules scanning
12:22:37.150 Disk 0 trace - called modules:
12:22:37.166
12:22:38.507 AVAST engine scan C:\Windows
12:22:41.612 AVAST engine scan C:\Windows\system32
12:24:49.813 AVAST engine scan C:\Windows\system32\drivers
12:25:03.868 AVAST engine scan C:\Users\Admin
12:26:13.741 AVAST engine scan C:\ProgramData
12:27:02.085 Scan finished successfully
12:30:55.555 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
12:30:55.555 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.03.13.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: NOTEBOOK2011VO [Administrator]

13.03.2012 12:31:55
mbam-log-2012-03-13 (12-31-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 230415
Laufzeit: 1 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 13.03.2012 12:40:07 - Run 1
OTL by OldTimer - Version 3.2.36.3     Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 65,40% Memory free
7,82 Gb Paging File | 6,37 Gb Available in Paging File | 81,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 657,54 Gb Total Space | 574,16 Gb Free Space | 87,32% Space Free | Partition Type: NTFS
Drive D: | 37,99 Gb Total Space | 13,84 Gb Free Space | 36,43% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK2011VO | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\PHotkey\POSD.exe (Pegatron Corporation)
PRC - C:\Program Files (x86)\PHotkey\PHotkey.exe (Pegatron Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\PHotkey\MsgTranAgt.exe ()
PRC - C:\Program Files (x86)\PHotkey\ASLDRSrv.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll ()
MOD - C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
SRV:64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (cphs) Intel(R) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (McTaskManager) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (McAfeeFramework) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (watchmi) -- C:\Program Files (x86)\watchmi\TvdService.exe ()
SRV - (GFNEXSrv) -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ASLDRService) -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AMPPALP) Intel(R) Centrino(R) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) Intel(R) Centrino(R) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (PEGAGFN) -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys (PEGATRON)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3360420451-3257168234-32891417-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3360420451-3257168234-32891417-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3360420451-3257168234-32891417-1003\..\SearchScopes,DefaultScope = {33318340-10F0-4AE4-BC60-541EBEB180B4}
IE - HKU\S-1-5-21-3360420451-3257168234-32891417-1003\..\SearchScopes\{33318340-10F0-4AE4-BC60-541EBEB180B4}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_enDE393
IE - HKU\S-1-5-21-3360420451-3257168234-32891417-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011.12.02 01:37:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.09.04 11:36:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
 
O1 HOSTS File: ([2012.03.12 20:56:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111202013757.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111202013757.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] E File not found
O4:64bit: - HKLM..\Run: [BTMTrayAgent] 86)\INTEL\BLUETOOTH\BTMSHELL.DLL",TRAYAPP File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] E" /TF INTEL PAN TRAY File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] E /T File not found
O4:64bit: - HKLM..\Run: [SynTPEnh] E File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3360420451-3257168234-32891417-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3360420451-3257168234-32891417-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8068FE7C-7296-400B-9019-82B7F3A7BDB2}: DhcpNameServer = 80.69.100.206 80.69.100.214
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.13 20:15:08 | 000,000,000 | ---D | C] -- C:\FRST
[2012.03.13 12:36:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.03.13 12:35:26 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.03.13 12:16:39 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012.03.13 12:16:15 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2012.03.13 12:02:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.03.13 11:52:04 | 004,435,063 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2012.03.12 20:42:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.03.12 20:42:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.03.12 20:42:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.03.12 20:42:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.03.12 20:40:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.03.12 00:02:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\WinRAR
[2012.03.11 23:44:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\dds.com
[2012.03.11 23:16:32 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.03.11 22:00:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\ElevatedDiagnostics
[2012.03.11 19:56:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2012.03.11 19:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.11 19:56:40 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.11 19:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.11 19:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.11 19:50:37 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Admin\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.09 21:43:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Adobe
[2012.03.09 21:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.03.09 21:00:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2012.03.01 23:22:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012.02.26 22:16:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Adobe
[2012.02.25 22:47:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\McAfee
[2012.02.25 22:47:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Power2Go
[2012.02.25 22:46:43 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.02.25 22:46:43 | 000,000,000 | R--D | C] -- C:\Users\Admin\Searches
[2012.02.25 22:46:43 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.02.25 22:46:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Identities
[2012.02.25 22:46:29 | 000,000,000 | R--D | C] -- C:\Users\Admin\Contacts
[2012.02.25 22:46:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\VirtualStore
[2012.02.25 22:46:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Intel
[2012.02.25 22:46:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Vorlagen
[2012.02.25 22:46:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Verlauf
[2012.02.25 22:46:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Temporary Internet Files
[2012.02.25 22:46:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Startmenü
[2012.02.25 22:46:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\SendTo
[2012.02.25 22:46:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Recent
[2012.02.25 22:46:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Netzwerkumgebung
[2012.02.25 22:46:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Lokale Einstellungen
[2012.02.25 22:46:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\Eigene Videos
[2012.02.25 22:46:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\Eigene Musik
[2012.02.25 22:46:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Eigene Dateien
[2012.02.25 22:46:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\Eigene Bilder
[2012.02.25 22:46:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Druckumgebung
[2012.02.25 22:46:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Cookies
[2012.02.25 22:46:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Anwendungsdaten
[2012.02.25 22:46:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Anwendungsdaten
[2012.02.25 22:46:15 | 000,000,000 | --SD | C] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2012.02.25 22:46:15 | 000,000,000 | R--D | C] -- C:\Users\Admin\Videos
[2012.02.25 22:46:15 | 000,000,000 | R--D | C] -- C:\Users\Admin\Saved Games
[2012.02.25 22:46:15 | 000,000,000 | R--D | C] -- C:\Users\Admin\Pictures
[2012.02.25 22:46:15 | 000,000,000 | R--D | C] -- C:\Users\Admin\Music
[2012.02.25 22:46:15 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.02.25 22:46:15 | 000,000,000 | R--D | C] -- C:\Users\Admin\Links
[2012.02.25 22:46:15 | 000,000,000 | R--D | C] -- C:\Users\Admin\Favorites
[2012.02.25 22:46:15 | 000,000,000 | R--D | C] -- C:\Users\Admin\Downloads
[2012.02.25 22:46:15 | 000,000,000 | R--D | C] -- C:\Users\Admin\Documents
[2012.02.25 22:46:15 | 000,000,000 | R--D | C] -- C:\Users\Admin\Desktop
[2012.02.25 22:46:15 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.02.25 22:46:15 | 000,000,000 | -H-D | C] -- C:\Users\Admin\AppData
[2012.02.25 22:46:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Temp
[2012.02.25 22:46:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\Roaming
[2012.02.25 22:46:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft
[2012.02.25 22:46:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2012.02.25 22:46:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2012.02.25 22:46:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover
[2012.02.16 07:34:13 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.02.16 07:34:13 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.02.16 07:34:12 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.02.16 07:34:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.02.16 07:34:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.02.16 07:34:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.02.16 07:34:11 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.02.16 07:34:11 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.02.16 07:34:11 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.02.16 07:34:10 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.02.16 07:34:10 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.02.16 07:25:54 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.02.16 07:25:52 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.02.16 07:25:52 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.02.16 07:25:37 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.02.14 18:55:04 | 000,276,248 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\IntelCpHeciSvc.exe
[2012.02.14 18:55:02 | 005,886,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe
[2012.02.14 18:55:02 | 000,511,768 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe
[2012.02.14 18:55:02 | 000,440,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe
[2012.02.14 18:55:02 | 000,398,616 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe
[2012.02.14 18:55:02 | 000,250,136 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe
[2012.02.14 18:55:02 | 000,184,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\difx64.exe
[2012.02.14 18:55:02 | 000,170,264 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe
[2012.02.14 18:53:26 | 000,090,112 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2653.dll
[2012.02.14 18:47:38 | 014,692,224 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys
[2012.02.14 18:42:58 | 009,605,632 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igd10umd64.dll
[2012.02.14 17:57:52 | 000,439,808 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc
[2012.02.14 17:57:52 | 000,439,296 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrom.lrc
[2012.02.14 17:57:52 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhrv.lrc
[2012.02.14 17:57:52 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc
[2012.02.14 17:57:52 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc
[2012.02.14 17:57:52 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc
[2012.02.14 17:57:52 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc
[2012.02.14 17:57:52 | 000,437,248 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc
[2012.02.14 17:57:50 | 000,439,296 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc
[2012.02.14 17:57:50 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc
[2012.02.14 17:57:50 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc
[2012.02.14 17:57:50 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc
[2012.02.14 17:57:50 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc
[2012.02.14 17:57:50 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc
[2012.02.14 17:57:50 | 000,432,128 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc
[2012.02.14 17:57:50 | 000,430,592 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc
[2012.02.14 17:57:48 | 000,440,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc
[2012.02.14 17:57:48 | 000,439,808 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc
[2012.02.14 17:57:48 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc
[2012.02.14 17:57:48 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc
[2012.02.14 17:57:48 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc
[2012.02.14 17:57:48 | 000,435,712 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc
[2012.02.14 17:57:46 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc
[2012.02.14 17:57:46 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc
[2012.02.14 17:57:46 | 000,437,248 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc
[2012.02.14 17:57:46 | 000,429,056 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc
[2012.02.14 17:57:46 | 000,428,544 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc
[2012.02.14 17:57:44 | 000,435,712 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc
[2012.02.14 17:57:42 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl
[2012.02.14 17:57:22 | 000,386,048 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll
[2012.02.14 17:57:18 | 000,410,624 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll
[2012.02.14 17:57:14 | 000,028,672 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll
[2012.02.14 17:56:42 | 000,110,592 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll
[2012.02.14 17:56:34 | 000,430,080 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll
[2012.02.14 17:56:34 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll
[2012.02.14 17:56:06 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc
[2012.02.14 17:56:04 | 000,142,336 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll
[2012.02.14 17:56:02 | 009,007,616 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll
[2012.02.14 17:55:06 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxexps32.dll
[2012.02.14 17:54:36 | 000,321,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll
[2012.02.14 17:53:08 | 002,967,040 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcmjit64.dll
[2012.02.14 17:53:08 | 002,321,408 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmjit32.dll
[2012.02.14 17:53:08 | 000,524,800 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\iglhsip64.dll
[2012.02.14 17:53:08 | 000,519,680 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iglhsip32.dll
[2012.02.14 17:53:08 | 000,237,056 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmrt32.dll
[2012.02.14 17:53:08 | 000,213,504 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\iglhcp64.dll
[2012.02.14 17:53:08 | 000,193,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcmrt64.dll
[2012.02.14 17:53:08 | 000,177,152 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iglhcp32.dll
[2012.02.12 21:39:01 | 000,000,000 | ---D | C] -- C:\QUARANTINE
[9 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.13 12:42:38 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.13 12:42:38 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.13 12:42:38 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.13 12:42:38 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.13 12:42:38 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.13 12:35:25 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2012.03.13 12:35:23 | 3151,327,232 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.13 12:35:22 | 621,072,534 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.13 12:30:55 | 000,000,512 | ---- | M] () -- C:\Users\Admin\Desktop\MBR.dat
[2012.03.13 12:17:20 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012.03.13 12:15:22 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2012.03.13 11:54:10 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.13 11:54:09 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.13 11:48:56 | 004,435,063 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2012.03.12 20:56:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.03.12 00:02:06 | 000,002,109 | ---- | M] () -- C:\Users\Admin\Desktop\Attach.zip
[2012.03.11 23:44:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\dds.com
[2012.03.11 23:43:18 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2012.03.11 23:41:24 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe
[2012.03.11 20:34:08 | 000,126,239 | ---- | M] () -- C:\Users\Admin\Desktop\Unbenannt4.png
[2012.03.11 19:56:41 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.11 19:50:36 | 001,008,141 | ---- | M] () -- C:\Users\Admin\Desktop\rkill.com
[2012.03.11 18:36:26 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Admin\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.09 21:05:21 | 000,196,267 | ---- | M] () -- C:\Users\Admin\Desktop\Unbenannt.png
[2012.02.26 21:58:14 | 000,387,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.16 16:37:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.02.16 07:37:57 | 001,527,912 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.14 21:35:16 | 000,018,520 | ---- | M] () -- C:\Windows\SysNative\iglhxs64.vp
[2012.02.14 18:55:04 | 000,276,248 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\IntelCpHeciSvc.exe
[2012.02.14 18:55:02 | 005,886,232 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe
[2012.02.14 18:55:02 | 000,511,768 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe
[2012.02.14 18:55:02 | 000,440,600 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe
[2012.02.14 18:55:02 | 000,398,616 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe
[2012.02.14 18:55:02 | 000,250,136 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe
[2012.02.14 18:55:02 | 000,184,600 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\difx64.exe
[2012.02.14 18:55:02 | 000,170,264 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe
[2012.02.14 18:53:26 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2653.dll
[2012.02.14 18:47:40 | 008,086,528 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll
[2012.02.14 18:47:38 | 014,692,224 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys
[2012.02.14 18:47:06 | 000,963,912 | ---- | M] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.02.14 18:47:06 | 000,963,912 | ---- | M] () -- C:\Windows\SysNative\igkrng600.bin
[2012.02.14 18:47:06 | 000,261,208 | ---- | M] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.02.14 18:47:06 | 000,261,208 | ---- | M] () -- C:\Windows\SysNative\igfcg600m.bin
[2012.02.14 18:47:06 | 000,079,360 | ---- | M] () -- C:\Windows\SysNative\igdde64.dll
[2012.02.14 18:44:54 | 006,120,960 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igdumd32.dll
[2012.02.14 18:44:24 | 000,058,880 | ---- | M] () -- C:\Windows\SysWow64\igdde32.dll
[2012.02.14 18:42:58 | 009,605,632 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igd10umd64.dll
[2012.02.14 18:35:26 | 007,794,688 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igd10umd32.dll
[2012.02.14 18:07:18 | 018,125,312 | ---- | M] () -- C:\Windows\SysNative\ig4icd64.dll
[2012.02.14 17:59:56 | 013,209,600 | ---- | M] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.02.14 17:58:08 | 000,144,338 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2012.02.14 17:58:08 | 000,139,487 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2012.02.14 17:58:06 | 000,221,099 | ---- | M] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2012.02.14 17:58:06 | 000,143,155 | ---- | M] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2012.02.14 17:58:06 | 000,124,962 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2012.02.14 17:58:06 | 000,123,467 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2012.02.14 17:58:04 | 000,191,775 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2012.02.14 17:58:04 | 000,141,435 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2012.02.14 17:58:04 | 000,140,122 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2012.02.14 17:58:04 | 000,136,451 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2012.02.14 17:58:02 | 000,142,664 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2012.02.14 17:58:02 | 000,141,644 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2012.02.14 17:58:02 | 000,140,923 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2012.02.14 17:58:00 | 000,161,613 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2012.02.14 17:58:00 | 000,146,675 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2012.02.14 17:58:00 | 000,142,335 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2012.02.14 17:58:00 | 000,136,369 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2012.02.14 17:57:58 | 000,157,226 | ---- | M] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2012.02.14 17:57:58 | 000,148,033 | ---- | M] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2012.02.14 17:57:58 | 000,143,805 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2012.02.14 17:57:58 | 000,142,189 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2012.02.14 17:57:56 | 000,207,830 | ---- | M] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2012.02.14 17:57:56 | 000,145,687 | ---- | M] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2012.02.14 17:57:56 | 000,145,579 | ---- | M] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2012.02.14 17:57:56 | 000,140,549 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2012.02.14 17:57:54 | 000,164,334 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2012.02.14 17:57:54 | 000,140,885 | ---- | M] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2012.02.14 17:57:54 | 000,135,868 | ---- | M] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2012.02.14 17:57:52 | 000,439,808 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc
[2012.02.14 17:57:52 | 000,439,296 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrrom.lrc
[2012.02.14 17:57:52 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrhrv.lrc
[2012.02.14 17:57:52 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc
[2012.02.14 17:57:52 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc
[2012.02.14 17:57:52 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc
[2012.02.14 17:57:52 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc
[2012.02.14 17:57:52 | 000,437,248 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc
[2012.02.14 17:57:50 | 000,439,296 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc
[2012.02.14 17:57:50 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc
[2012.02.14 17:57:50 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc
[2012.02.14 17:57:50 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc
[2012.02.14 17:57:50 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc
[2012.02.14 17:57:50 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc
[2012.02.14 17:57:50 | 000,432,128 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc
[2012.02.14 17:57:50 | 000,430,592 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc
[2012.02.14 17:57:48 | 000,440,320 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc
[2012.02.14 17:57:48 | 000,439,808 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc
[2012.02.14 17:57:48 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc
[2012.02.14 17:57:48 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc
[2012.02.14 17:57:48 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc
[2012.02.14 17:57:48 | 000,435,712 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc
[2012.02.14 17:57:46 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc
[2012.02.14 17:57:46 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc
[2012.02.14 17:57:46 | 000,437,248 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc
[2012.02.14 17:57:46 | 000,429,056 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc
[2012.02.14 17:57:46 | 000,428,544 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc
[2012.02.14 17:57:44 | 000,435,712 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc
[2012.02.14 17:57:44 | 000,131,317 | ---- | M] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2012.02.14 17:57:42 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl
[2012.02.14 17:57:22 | 000,386,048 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll
[2012.02.14 17:57:18 | 000,410,624 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll
[2012.02.14 17:57:14 | 000,028,672 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll
[2012.02.14 17:57:06 | 000,063,488 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.dll
[2012.02.14 17:56:42 | 000,110,592 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll
[2012.02.14 17:56:34 | 000,430,080 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll
[2012.02.14 17:56:34 | 000,172,032 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll
[2012.02.14 17:56:34 | 000,009,216 | ---- | M] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2012.02.14 17:56:06 | 000,286,208 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc
[2012.02.14 17:56:04 | 000,142,336 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll
[2012.02.14 17:56:02 | 009,007,616 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll
[2012.02.14 17:55:06 | 000,025,088 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxexps32.dll
[2012.02.14 17:54:36 | 000,321,024 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll
[2012.02.14 17:53:26 | 000,000,264 | ---- | M] () -- C:\Windows\SysNative\GfxUI.exe.config
[2012.02.14 17:53:08 | 002,967,040 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxcmjit64.dll
[2012.02.14 17:53:08 | 002,321,408 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmjit32.dll
[2012.02.14 17:53:08 | 000,524,800 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\iglhsip64.dll
[2012.02.14 17:53:08 | 000,519,680 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\iglhsip32.dll
[2012.02.14 17:53:08 | 000,237,056 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmrt32.dll
[2012.02.14 17:53:08 | 000,213,504 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\iglhcp64.dll
[2012.02.14 17:53:08 | 000,193,024 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxcmrt64.dll
[2012.02.14 17:53:08 | 000,177,152 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\iglhcp32.dll
[2012.02.14 17:53:08 | 000,059,425 | ---- | M] () -- C:\Windows\SysNative\iglhxo64.vp
[2012.02.14 17:53:08 | 000,059,398 | ---- | M] () -- C:\Windows\SysNative\iglhxg64.vp
[2012.02.14 17:53:08 | 000,059,230 | ---- | M] () -- C:\Windows\SysNative\iglhxc64.vp
[2012.02.14 17:53:08 | 000,059,104 | ---- | M] () -- C:\Windows\SysNative\iglhxc64_dev.vp
[2012.02.14 17:53:08 | 000,058,796 | ---- | M] () -- C:\Windows\SysNative\iglhxg64_dev.vp
[2012.02.14 17:53:08 | 000,058,109 | ---- | M] () -- C:\Windows\SysNative\iglhxo64_dev.vp
[9 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.13 12:35:22 | 621,072,534 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.03.13 12:30:55 | 000,000,512 | ---- | C] () -- C:\Users\Admin\Desktop\MBR.dat
[2012.03.12 20:42:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.12 20:42:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.12 20:42:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.12 20:42:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.12 20:42:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.03.12 00:02:06 | 000,002,109 | ---- | C] () -- C:\Users\Admin\Desktop\Attach.zip
[2012.03.11 23:43:18 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2012.03.11 23:41:24 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe
[2012.03.11 20:34:07 | 000,126,239 | ---- | C] () -- C:\Users\Admin\Desktop\Unbenannt4.png
[2012.03.11 19:56:41 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.11 19:50:37 | 001,008,141 | ---- | C] () -- C:\Users\Admin\Desktop\rkill.com
[2012.03.09 21:05:21 | 000,196,267 | ---- | C] () -- C:\Users\Admin\Desktop\Unbenannt.png
[2012.02.25 22:46:54 | 000,001,409 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.02.25 22:46:45 | 000,001,156 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.02.14 21:35:16 | 000,018,520 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2012.02.14 18:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.02.14 18:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin
[2012.02.14 18:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.02.14 18:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin
[2012.02.14 18:47:06 | 000,079,360 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll
[2012.02.14 18:44:24 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.02.14 18:07:18 | 018,125,312 | ---- | C] () -- C:\Windows\SysNative\ig4icd64.dll
[2012.02.14 17:59:56 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.02.14 17:58:08 | 000,144,338 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2012.02.14 17:58:08 | 000,139,487 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2012.02.14 17:58:06 | 000,221,099 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2012.02.14 17:58:06 | 000,143,155 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2012.02.14 17:58:06 | 000,124,962 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2012.02.14 17:58:06 | 000,123,467 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2012.02.14 17:58:04 | 000,191,775 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2012.02.14 17:58:04 | 000,141,435 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2012.02.14 17:58:04 | 000,140,122 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2012.02.14 17:58:04 | 000,136,451 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2012.02.14 17:58:02 | 000,142,664 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2012.02.14 17:58:02 | 000,141,644 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2012.02.14 17:58:02 | 000,140,923 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2012.02.14 17:58:00 | 000,161,613 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2012.02.14 17:58:00 | 000,146,675 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2012.02.14 17:58:00 | 000,142,335 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2012.02.14 17:58:00 | 000,136,369 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2012.02.14 17:57:58 | 000,157,226 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2012.02.14 17:57:58 | 000,148,033 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2012.02.14 17:57:58 | 000,143,805 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2012.02.14 17:57:58 | 000,142,189 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2012.02.14 17:57:56 | 000,207,830 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2012.02.14 17:57:56 | 000,145,687 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2012.02.14 17:57:56 | 000,145,579 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2012.02.14 17:57:56 | 000,140,549 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2012.02.14 17:57:54 | 000,164,334 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2012.02.14 17:57:54 | 000,140,885 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2012.02.14 17:57:54 | 000,135,868 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2012.02.14 17:57:44 | 000,131,317 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2012.02.14 17:56:34 | 000,009,216 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2012.02.14 17:53:26 | 000,000,264 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2012.02.14 17:53:08 | 000,059,425 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2012.02.14 17:53:08 | 000,059,398 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2012.02.14 17:53:08 | 000,059,230 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2012.02.14 17:53:08 | 000,059,104 | ---- | C] () -- C:\Windows\SysNative\iglhxc64_dev.vp
[2012.02.14 17:53:08 | 000,058,796 | ---- | C] () -- C:\Windows\SysNative\iglhxg64_dev.vp
[2012.02.14 17:53:08 | 000,058,109 | ---- | C] () -- C:\Windows\SysNative\iglhxo64_dev.vp
[2011.11.30 01:38:26 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011.09.02 19:33:52 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.27 02:14:00 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 13.03.2012 12:40:07 - Run 1
OTL by OldTimer - Version 3.2.36.3     Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 65,40% Memory free
7,82 Gb Paging File | 6,37 Gb Available in Paging File | 81,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 657,54 Gb Total Space | 574,16 Gb Free Space | 87,32% Space Free | Partition Type: NTFS
Drive D: | 37,99 Gb Total Space | 13,84 Gb Free Space | 36,43% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK2011VO | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D3836C5E-6824-4C9F-9B45-09C989B13EF6}" = VR-pulse Installer
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-Bit)
"{EC1369CF-15BD-4FAF-BA84-65E4788C682E}" = AMI VR-pulse OS Switcher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0DD706AF-B542-438C-999E-B30C7F625C8D}" = Intel(R) WiDi
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48106FE4-B1AF-4941-BF3D-83E6C4B7CAF3}" = Alcor Micro USB Card Reader
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C8A84AE-BCE5-E696-3DC2-D30BE2C7AA59}" = Versandhelfer
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4D1C5E-116A-4FF4-AA91-28F526868203}" = watchmi
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.2) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}" = PHotkey
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ProInst" = Intel PROSet Wireless
"Security Task Manager" = Security Task Manager 1.8d
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.03.2012 10:40:29 | Computer Name = Notebook2011vO | Source = Microsoft-Windows-Defrag | ID = 257
Description = 
 
Error - 11.03.2012 10:42:50 | Computer Name = Notebook2011vO | Source = Microsoft-Windows-Defrag | ID = 257
Description = 
 
Error - 11.03.2012 13:02:12 | Computer Name = Notebook2011vO | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 11.03.2012 17:12:45 | Computer Name = Notebook2011vO | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 12.03.2012 15:25:48 | Computer Name = Notebook2011vO | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 12.03.2012 16:06:02 | Computer Name = Notebook2011vO | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 12.03.2012 16:27:47 | Computer Name = Notebook2011vO | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 12.03.2012 18:11:31 | Computer Name = Notebook2011vO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 10.0.2.4429,
 Zeitstempel: 0x4f3cfb22  Name des fehlerhaften Moduls: xul.dll, Version: 10.0.2.4429,
 Zeitstempel: 0x4f3cf92a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x008e2849  ID des fehlerhaften
 Prozesses: 0x139c  Startzeit der fehlerhaften Anwendung: 0x01cd009d130ca088  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Thunderbird\xul.dll  Berichtskennung:
 51bf29d7-6c90-11e1-9723-bc7737bda5f5
 
Error - 13.03.2012 05:31:28 | Computer Name = Notebook2011vO | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 13.03.2012 06:56:54 | Computer Name = Notebook2011vO | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
[ System Events ]
Error - 22.12.2011 18:27:41 | Computer Name = Notebook2011vO | Source = Service Control Manager | ID = 7022
Description = Der Dienst "watchmi service" wurde nicht richtig gestartet.
 
Error - 27.12.2011 12:30:20 | Computer Name = Notebook2011vO | Source = DCOM | ID = 10010
Description = 
 
Error - 11.01.2012 16:09:34 | Computer Name = Notebook2011vO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Application Virtualization Client erreicht.
 
Error - 11.01.2012 16:09:34 | Computer Name = Notebook2011vO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Application Virtualization Client" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 11.01.2012 16:09:34 | Computer Name = Notebook2011vO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Client Virtualization Handler" ist vom Dienst "Application
 Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%1053
 
Error - 13.01.2012 16:00:58 | Computer Name = Notebook2011vO | Source = DCOM | ID = 10010
Description = 
 
Error - 13.01.2012 19:15:09 | Computer Name = Notebook2011vO | Source = Service Control Manager | ID = 7034
Description = Dienst "Bluetooth Media Service" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
Error - 15.01.2012 08:55:00 | Computer Name = Notebook2011vO | Source = Service Control Manager | ID = 7022
Description = Der Dienst "watchmi service" wurde nicht richtig gestartet.
 
Error - 15.01.2012 13:32:19 | Computer Name = Notebook2011vO | Source = DCOM | ID = 10010
Description = 
 
Error - 31.01.2012 19:09:39 | Computer Name = Notebook2011vO | Source = Service Control Manager | ID = 7034
Description = Dienst "Bluetooth OBEX Service" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
 
< End of report >

--- --- ---

Sicherheitscenterdienst u Firewall nicht aktivierbar nach smart fortress 2012

Log-Analyse und Auswertung: Sicherheitscenterdienst u Firewall nicht aktivierbar nach smart fortress 2012