TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/Eglate

Nicola Sacco · 23.05.2013, 16:33

Hallo,
ich versuche alles so kurz wie möglich zu schildern, ohne etwas zu vergessen. Vielleicht benutze ich manchmal seltsame Formuliereungen, ich bin noch nicht so bewandert mit Computern, aber auf dem Weg.
Alles begann mit dem Fund von TR/Spy.zBot.kumd mit dem Dateinamen ruir.exe durch meinen Avira Antivirusschutz. Diese wurde in Quarantäne verschoben, aber später wieder als Bedrohung erkannt.

Danach ist mir eine gerade fertig gestellte Gimp-Datei im Nirvana verschwunden: Die Datei war noch vorhanden, nur die getane (zwischendurch immer mal wieder gespeicherte) Arbeit nicht mehr. Ich weiß nicht, ob es da einen Zusammenhang gibt

Der Gimp-Error wurde bezeichnet als Kernel Date Inpage Error (Ich habe die technischen Infos aufgeschrieben, wenn Bedarf besteht). Es sollte ein "Speicherabbild des physischen Speichers erstellt" werden (

was auch immer das bedeutet), das hat aber die Datei auch nicht retten können.
Alles was passierte war, dass das Operating System nicht gefunden werden konnte. Runter und wieder Hochfahren hat wenigstens das wieder in Gang bekommen.

Zudem ist der -eh schon alte- Laptop noch viel langsamer geworden, als er vorher war: Er benötigt nun 8 Minuten zum Hochfahren und ebensolange zum Herunterfahren.

Neben diesen Problemen hat der Laptop kaum noch Speicher frei, ein externes Speichermedium (USB-Stick) ist unterwegs, im Moment müssen wir mit 1GB Freiraum auskommen.

Ich habe angefangen, der Anleitung zu folgen, was für den ersten Thread auf dem Board erwartet wird. Dabei hat AVG hat mir den Zugriff verweigert.

Meine Frau meinte sie könnte erst ein paar andere Sachen probieren, was sie auch tat:
- die Registry gereinigt
- unbenutzte Programme gelöscht

Allerdings sind die Probleme geblieben. Neuerdings fährt der Laptop sich auch gerne einfach mal herunter und wieder rauf. Was besonders gut ankommt, wenn du gerade damit arbeiten musst (als DJ z.B.).

Da die Probleme immer krasser werden, habe ich nun einen zweiten Anlauf gemacht hier zu posten. Dabei ist allerdings keine zweite Extras.txt Datei eintsatnden, weshalb ich die alte mitschicke.
Beim Benutzen von GMER gab es zwei Mal die Meldung "Datenverlust beim Schreiben. C:/$Mft konnte nicht ganz gespeichert werden".

Ich habe auch Aviras Luke Filewalker nochmal scannen lassen, was auch nur 3,5 Stunden dauerte

. Dabei wurde ein weiterer Virus gefunden: SpybotSd162.exe in C:/Zusatzprogramme. Dieser konnte in Quarantäne verschoben werden.
Zudem wurde JAVA/Jogek.cak gefunden in C:/Dokumente und Einstellungen/Laptop/Lokale Einstellungen/Anwendungsdaten. Aber 15 andere betroffene Dateien mit Spuren des Virus konnten nicht repariert werden.

Ich habe überlegt, was ich in der letzten Zeit mit dem Computer (riskantes) gemacht habe und alles was mir dazu einfällt sind:
- Ad-ons für Mozilla (allerdings nur von der Originalseite)
- irische Fonts als zip-Dateien heruntergeladen und geöffnet (auf mir bekannten Seiten für frei verfügbare Fonts leider nicht zu haben, deshalb von einer Irland-Thematischen-Homepage)

Also bitte hilf mir jemand, der/die sich dazu in der Lage fühlt, bevor meine Frau ein neues Betriebssystem aufsetzt

, zwei Tage lang schlecht gelaunt ist wegen der unerwarteten Schwierigkeiten damit. Und mir anschließend rät keine individuellen Einstellungen mehr vorzunehmen, um den Rechner nicht -ihrer Meinung nach- unnötig zu beschäftigen.

Tausend Dank,
Nicola

PS: Hier die Scans:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 20.05.2013 17:48:33 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Laptop\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,36 Mb Total Physical Memory | 516,79 Mb Available Physical Memory | 50,55% Memory free
2,40 Gb Paging File | 1,90 Gb Available in Paging File | 78,93% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 0,79 Gb Free Space | 2,12% Space Free | Partition Type: NTFS
 
Computer Name: THINKPAD-1F443C | User Name: Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.07 11:36:09 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.25 13:29:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Laptop\Desktop\OTL.exe
PRC - [2013.04.13 11:41:47 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.13 11:41:04 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.04.13 11:40:58 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.10.10 01:05:20 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2012.10.09 23:12:23 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.03.21 13:42:38 | 000,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2004.10.14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2003.06.24 14:34:38 | 000,126,976 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.16 02:47:38 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll
MOD - [2013.05.16 02:41:33 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2013.05.16 02:41:28 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013.04.13 11:41:54 | 000,397,704 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2013.02.15 15:51:03 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll
MOD - [2013.01.10 04:29:35 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013.01.10 04:28:43 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013.01.10 04:25:47 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013.01.10 04:25:09 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012.05.25 19:18:28 | 001,675,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2756.37527__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2012.05.25 19:18:28 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2756.37783__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2012.05.25 19:18:28 | 000,233,472 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2756.37480__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2012.05.25 19:18:28 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2756.37542__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2012.05.25 19:18:28 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2756.37773__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2012.05.25 19:18:28 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2756.37518__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2012.05.25 19:18:28 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2756.37541__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2012.05.25 19:18:28 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2756.37651__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2012.05.25 19:18:28 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2756.37502__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2012.05.25 19:18:27 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2756.37817__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2012.05.25 19:18:27 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2756.37725__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2012.05.25 19:18:07 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2756.37825__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2012.05.25 19:18:07 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2756.37534__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2012.05.25 19:18:07 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2756.37495__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2012.05.25 19:18:06 | 000,331,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2756.37735__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2012.05.25 19:18:06 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2756.37742__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2012.05.25 19:18:06 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2756.37734__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2012.05.25 19:18:06 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2756.37533__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2012.05.25 19:18:05 | 000,167,936 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.2756.37719__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll
MOD - [2012.05.25 19:18:05 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.2756.37724__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll
MOD - [2012.05.25 19:18:04 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2756.37663__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2012.05.25 19:18:04 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2756.37504__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2012.05.25 19:18:04 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2756.37757__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2012.05.25 19:18:04 | 000,208,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2756.37549__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2012.05.25 19:18:04 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2756.37687__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2012.05.25 19:18:04 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2756.37660__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2012.05.25 19:18:04 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2756.37685__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2012.05.25 19:18:03 | 000,917,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2756.37776__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2012.05.25 19:18:03 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2756.37555__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2012.05.25 19:18:03 | 000,475,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2756.37654__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2012.05.25 19:18:03 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2756.37711__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2012.05.25 19:18:03 | 000,323,584 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2756.37645__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2012.05.25 19:18:03 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2756.37563__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2012.05.25 19:18:03 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2756.37652__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2012.05.25 19:18:03 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2756.37561__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2012.05.25 19:18:03 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2756.37710__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2012.05.25 19:18:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2756.37659__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2012.05.25 19:18:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2665.42157__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2012.05.25 19:18:02 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2665.42187__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2012.05.25 19:18:02 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2012.05.25 19:18:02 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2665.42166__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2012.05.25 19:18:02 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2012.05.25 19:18:02 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2012.05.25 19:18:01 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2665.42152__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2012.05.25 19:18:01 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2665.42162__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2012.05.25 19:18:01 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2012.05.25 19:18:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2665.42198__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2012.05.25 19:18:01 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2665.42149__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2012.05.25 19:18:01 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2665.42240__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2012.05.25 19:18:01 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2665.42151__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2012.05.25 19:18:01 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2665.42178__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2012.05.25 19:18:01 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2012.05.25 19:18:01 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2665.42161__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2012.05.25 19:18:01 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2665.42156__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2012.05.25 19:18:01 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2012.05.25 19:18:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2665.42168__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2012.05.25 19:18:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2665.42177__90ba9c70f846762e\DEM.OS.dll
MOD - [2012.05.25 19:18:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2665.42179__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2012.05.25 19:18:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2012.05.25 19:18:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2665.42164__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2012.05.25 19:18:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2012.05.25 19:18:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2012.05.25 19:18:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2665.42187__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2012.05.25 19:18:00 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2012.05.25 19:18:00 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2012.05.25 19:18:00 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2012.05.25 19:18:00 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2012.05.25 19:18:00 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2012.05.25 19:18:00 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2012.05.25 19:18:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll
MOD - [2012.05.25 19:18:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2012.05.25 19:18:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2665.42167__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2012.05.25 19:18:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2012.05.25 19:18:00 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2665.42185__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2012.05.25 19:18:00 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2012.05.25 19:18:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2012.05.25 19:17:59 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2665.42187__90ba9c70f846762e\APM.Foundation.dll
MOD - [2012.05.25 19:17:59 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2665.42150__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2012.05.25 19:17:59 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2012.05.25 19:17:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2665.42160__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2012.05.25 19:17:55 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2756.37851__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2012.05.25 19:17:55 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2756.37789_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2012.05.25 19:17:55 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2756.37475__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2012.05.25 19:17:54 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2756.37799__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2012.05.25 19:17:54 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2756.37796__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2012.05.25 19:17:54 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2665.42158__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2012.05.25 19:17:54 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2665.42169__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2012.05.25 19:17:53 | 000,466,944 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2756.37512__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2012.05.25 19:17:53 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2756.37789__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2012.05.25 19:17:53 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2756.37478__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2012.05.25 19:17:53 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2665.42165__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2012.05.25 19:17:53 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2665.42196__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2012.05.25 19:17:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2665.42154__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2012.05.25 19:17:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2665.42167__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2012.05.25 19:17:52 | 001,503,232 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2756.37489__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2012.05.25 19:17:52 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2756.37479__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2012.05.25 19:17:52 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2756.37476__90ba9c70f846762e\AEM.Server.dll
MOD - [2012.05.25 19:17:52 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2665.42160__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2012.05.25 19:17:52 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2756.37798__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2012.05.25 19:17:52 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2012.05.25 19:17:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2665.42188__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013.04.19 20:04:49 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.13 11:41:47 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.13 11:40:58 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.04.11 23:01:13 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.10 01:05:20 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012.10.09 23:12:23 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2007.03.21 13:42:38 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (acs)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013.04.13 11:42:21 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.04.13 11:42:21 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013.04.13 11:42:20 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.04.13 11:42:20 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.07.24 23:25:29 | 000,715,248 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2007.07.03 18:46:24 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007.06.21 18:26:20 | 002,156,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.05.02 11:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006.08.28 23:12:00 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006.08.28 23:11:00 | 000,247,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2006.08.28 23:10:00 | 000,728,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006.04.25 19:00:00 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2006.01.17 17:32:44 | 003,325,312 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2005.11.07 05:58:30 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005.10.09 21:35:28 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1454471165-1214440339-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
IE - HKU\S-1-5-21-1454471165-1214440339-1801674531-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1454471165-1214440339-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1454471165-1214440339-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ie"
FF - prefs.js..extensions.enabledAddons: searchdictcc%40roughael:3.4
FF - prefs.js..extensions.enabledAddons: printPages2Pdf%40reinhold.ripper:0.1.9.0
FF - prefs.js..extensions.enabledAddons: Stratiform%40SoapySpew:3.0.1
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
FF - prefs.js..extensions.enabledAddons: gmailnoads%40mywebber.com:3.9.1
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.7
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.8.307
FF - prefs.js..extensions.enabledAddons: stefanvandamme%40stefanvd.net:2.2.0.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.http: "http-proxy"
FF - prefs.js..network.proxy.http_port: 8080
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.11 23:01:14 | 000,000,000 | ---D | M]
 
[2012.05.25 21:25:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Extensions
[2013.05.08 20:58:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions
[2013.04.10 04:17:20 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013.04.10 04:42:24 | 000,000,000 | ---D | M] ("Bricks for Firefox") -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\{1f052e2a-b7b9-11d9-945f-00e08161165f}
[2013.04.10 04:17:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.04.10 04:17:26 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\donottrackplus@abine.com
[2013.04.10 01:06:03 | 000,000,000 | ---D | M] (Print pages to PDF) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\printPages2Pdf@reinhold.ripper
[2013.04.10 04:17:26 | 000,275,665 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\artur.dubovoy@gmail.com.xpi
[2013.04.10 04:17:21 | 000,021,861 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\gmailnoads@mywebber.com.xpi
[2013.04.10 01:05:56 | 000,037,531 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\searchdictcc@roughael.xpi
[2013.05.03 20:17:38 | 000,651,215 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\stefanvandamme@stefanvd.net.xpi
[2013.04.10 01:06:06 | 000,240,755 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\Stratiform@SoapySpew.xpi
[2013.04.10 03:52:13 | 000,005,490 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi
[2013.05.08 20:58:10 | 000,870,680 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.07 02:06:18 | 000,007,919 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Mozilla\Firefox\Profiles\xvrzr0ca.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js
[2013.04.11 23:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.11 23:00:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.04.11 23:01:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.10.11 09:37:23 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.11 09:37:23 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.10.11 09:37:23 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 09:37:23 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.11 09:37:23 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 09:37:23 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1454471165-1214440339-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-1454471165-1214440339-1801674531-1003..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-1214440339-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.5 89.101.160.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1785EA1-B905-498B-B3D1-DAC99A03222D}: DhcpNameServer = 89.101.160.5 89.101.160.4
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\psfus: DllName - (psqlpwd.dll) - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Laptop\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Laptop\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.05.25 18:44:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.15 15:33:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013.05.10 00:15:49 | 000,000,000 | ---D | C] -- C:\Programme\Inkscape
[2013.05.08 20:40:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\UbiSoft
[2013.05.08 20:38:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Laptop\Lokale Einstellungen\Anwendungsdaten\Help
[2013.05.08 20:38:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Help
[2013.05.08 19:44:20 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\WINDOWS\System32\tm20dec.ax
[2013.05.08 19:44:12 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Musik
[2013.05.08 19:43:32 | 000,000,000 | ---D | C] -- C:\Programme\donald duck spiel
[2013.05.08 19:41:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Laptop\WINDOWS
[2013.04.27 00:22:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2013.04.27 00:13:21 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Laptop\Recent
[2013.04.26 23:53:10 | 000,000,000 | ---D | C] -- C:\Programme\Eusing Free Registry Cleaner
[2013.04.25 13:29:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Laptop\Desktop\OTL.exe
[2013.04.23 19:32:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Taod
[2013.04.23 19:32:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Niidmo
[2013.04.23 19:32:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Eglate
[2013.02.12 00:58:32 | 142,608,624 | ---- | C] (Microsoft Corporation) -- C:\Programme\wlsetup-all_de_16.4.3505.0912.exe
[2013.02.12 00:17:01 | 063,842,784 | ---- | C] (DVDVideoSoft Ltd.                                           ) -- C:\Programme\FreeStudio_6.0.0.128.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.20 15:05:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.05.20 15:00:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.20 15:00:25 | 1072,091,136 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.17 00:52:37 | 000,093,711 | ---- | M] () -- C:\Dokumente und Einstellungen\Laptop\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2013.05.16 17:19:08 | 000,455,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.05.16 02:42:35 | 000,492,998 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.05.16 02:42:35 | 000,473,248 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.05.16 02:42:35 | 000,091,210 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.05.16 02:42:35 | 000,076,342 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.05.16 02:21:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.05.15 02:26:48 | 000,000,696 | ---- | M] () -- C:\WINDOWS\disney.ini
[2013.05.08 19:44:16 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013.05.08 19:44:16 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013.05.05 15:01:28 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2013.04.25 14:02:48 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Laptop\Desktop\gmer_2.1.19163.exe
[2013.04.25 13:29:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Laptop\Desktop\OTL.exe
[2013.04.25 13:18:38 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Laptop\defogger_reenable
[2013.04.25 13:16:54 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Laptop\Desktop\Defogger.exe
[2013.04.21 00:04:01 | 000,096,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Laptop\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.17 00:52:37 | 000,093,711 | ---- | C] () -- C:\Dokumente und Einstellungen\Laptop\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2013.05.10 00:29:43 | 000,000,677 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Inkscape.lnk
[2013.05.08 19:44:07 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2013.05.08 19:44:07 | 000,005,672 | ---- | C] () -- C:\WINDOWS\System32\quartz.vxd
[2013.05.08 19:41:54 | 000,000,696 | ---- | C] () -- C:\WINDOWS\disney.ini
[2013.04.27 00:17:30 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013.04.25 14:02:45 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Laptop\Desktop\gmer_2.1.19163.exe
[2013.04.25 13:18:15 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Laptop\defogger_reenable
[2013.04.25 13:16:52 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Laptop\Desktop\Defogger.exe
[2013.02.07 02:45:32 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2013.01.24 01:34:35 | 000,340,214 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.11.07 14:23:22 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012.11.05 13:27:47 | 000,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\Laptop\.gtk-bookmarks
[2012.10.11 20:39:54 | 000,038,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Laptop\Startmenü.rar
[2012.10.03 15:22:29 | 000,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2012.07.26 19:48:45 | 000,000,140 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2012.07.26 19:12:22 | 000,001,152 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2012.05.28 23:21:59 | 000,096,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Laptop\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.25 21:22:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.05.25 19:32:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.05.25 19:31:24 | 000,455,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.05.25 19:22:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2012.05.25 19:22:13 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2012.05.25 19:13:16 | 000,972,072 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012.05.25 19:13:15 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2012.05.25 19:13:15 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012.05.25 19:13:14 | 000,144,357 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012.05.25 18:47:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.05.25 18:40:21 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
 
========== ZeroAccess Check ==========
 
[2012.05.25 19:14:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.02.28 20:49:18 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.03 22:50:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net
[2012.10.21 17:57:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FileOpen
[2013.01.23 19:17:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake
[2012.10.21 18:38:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nitro
[2012.10.18 20:18:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap Games
[2013.05.07 12:17:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\.minecraft
[2013.05.01 02:30:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\BitTorrent
[2012.10.11 16:23:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\DAEMON Tools
[2012.10.21 18:02:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Downloaded Installations
[2012.12.03 17:03:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\DVDVideoSoft
[2013.02.12 02:34:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\DVDVideoSoftIEHelpers
[2013.04.25 12:20:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Eglate
[2013.01.02 19:38:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\EuroTalk
[2012.10.21 17:57:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\FileOpen
[2013.05.10 00:30:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\inkscape
[2012.10.10 00:41:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\LolClient
[2013.04.23 19:32:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Niidmo
[2012.10.21 18:20:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Nitro
[2012.12.03 02:45:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\OpenOffice.org
[2012.07.24 23:45:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Opera
[2013.04.25 11:21:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Laptop\Anwendungsdaten\Taod
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 25.04.2013 13:30:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Laptop\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,36 Mb Total Physical Memory | 547,45 Mb Available Physical Memory | 53,55% Memory free
2,40 Gb Paging File | 1,92 Gb Available in Paging File | 79,76% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 1,09 Gb Free Space | 2,92% Space Free | Partition Type: NTFS
 
Computer Name: THINKPAD-1F443C | User Name: Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-1454471165-1214440339-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\otalcmd\TOTALCMD.EXE" = C:\Programme\otalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Programme\BitTorrent\BitTorrent.exe" = C:\Programme\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"G:\Spiele\StarCraft II\StarCraft II.exe" = G:\Spiele\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher
"G:\Spiele\StarCraft II\sc2-x.x.x.x-1.5.0.22342-enUS-Downloader.exe" = G:\Spiele\StarCraft II\sc2-x.x.x.x-1.5.0.22342-enUS-Downloader.exe:*:Enabled:Blizzard Downloader
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1040\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1040\Agent.exe:*:Enabled:Blizzard Agent -- (Blizzard Entertainment)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1363\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1363\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""Call of Warhammer - Part1"" = "Call of Warhammer - Part1"
""Call of Warhammer - Part2"" = "Call of Warhammer - Part2"
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{059AE497-59F8-D7B5-1DAA-FCF4BC1B7C58}" = Catalyst Control Center Localization Chinese Traditional
"{11169D60-471D-AAC1-A727-51FC104223CB}" = CCC Help Italian
"{163FC91B-DA1C-9DAA-0184-344B91C3E7FE}" = CCC Help German
"{1656575C-F009-CFA2-4685-055318C707E3}" = Catalyst Control Center Localization Swedish
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{24F90735-7DE4-7A27-3964-C90B4D9F67B8}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2CDF078C-6D1C-B243-9620-BF85F35E28DD}" = ccc-core-static
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{378002DD-C967-EF30-E337-61E67942F68E}" = Catalyst Control Center Graphics Full Existing
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4526E521-18BC-4C01-8563-5CCE47AAC01C}" = ThinkVantage Fingerprint Software 5.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B51ECD5-C2D1-7CFE-C88A-880BF38C7889}" = CCC Help Spanish
"{50CFCD01-A327-5D4B-012A-4D89353DA130}" = Catalyst Control Center Localization Dutch
"{538FDA9C-DD91-2E2F-6F25-D42081EDF7F1}" = CCC Help Chinese Traditional
"{605333A6-963F-480C-A358-1301CAA6CFF6}" = TES Construction Set
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6D32481F-53C1-F104-9FEF-5BFC4754D92F}" = Catalyst Control Center Localization Portuguese
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74FF7A9D-4E55-3229-52A7-134F766A3716}" = Catalyst Control Center Localization Chinese Standard
"{7E48FF00-7536-22BA-3E9A-6FD01767443F}" = Catalyst Control Center Core Implementation
"{833CEF67-C0D7-0AA3-B74B-E52ADD3CE6B6}" = CCC Help Portuguese
"{8485F313-4B62-42F3-ADD8-0DE34A4DDAEF}" = Thinkpad Wireless LAN Adapters Software (11a/b/g/n)
"{89FC04CE-C79E-BF2A-5573-314C3C0217DA}" = CCC Help Japanese
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BCB35EE-A631-7B05-B298-CF1486CBFF5E}" = Skins
"{8C8643DD-0D2B-E72B-5F98-4092778D3526}" = Catalyst Control Center Localization French
"{8F3E0B73-FFEA-9C0A-D511-16853C9A1FB6}" = Catalyst Control Center Localization Spanish
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9AD8A944-31B5-4C6B-86D5-AC58F23497AA}" = easyC V4 for Cortex
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9AFFA0-5758-68E3-BA5A-109DF60D72F7}" = CCC Help Korean
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E63A58-18FE-8831-BB9E-242515A18820}" = ccc-utility
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{B13A120F-D46D-9F48-2E23-D4669281EC03}" = Catalyst Control Center Graphics Full New
"{B279DA2D-982B-1304-896C-E404378538AB}" = CCC Help Dutch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B515962D-C979-44AC-9912-F7BB499B4B2C}" = VirtualDJ Home FREE
"{B6669941-2CCC-5267-13C5-2C9F8388515E}" = Catalyst Control Center Localization Italian
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE0B22AB-B352-7531-DEA9-7C82F1716454}" = CCC Help English
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C197A4E3-3897-AC35-38DA-EA226CA998BE}" = Catalyst Control Center Localization German
"{CA272BE1-F552-443C-B317-D82F021B3F74}" = Introduction to easyC V4 for Cortex 3.3.4.6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC6F8E02-185E-D81E-D286-B16C99D7D010}" = CCC Help French
"{DE459E52-1272-4F45-B5C5-679C78FA0DCD}" = easyC V4 for Cortex
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EC67B83A-316C-FA07-D458-A7CE32640F34}" = Catalyst Control Center Localization Korean
"{EDD030C6-0CBD-E188-ED6C-1A05AE6E7B77}" = ccc-core-preinstall
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3285A15-1837-F47D-594B-DB1FEA898388}" = CCC Help Chinese Standard
"{F3302177-39F9-3E21-9C17-730E516445AD}" = CCC Help Swedish
"{F34FB75D-D496-C946-24CC-DE0A77536429}" = Catalyst Control Center Localization Japanese
"{F382EB43-3C67-4A5E-B794-09FFE2DAC93A}" = map&guide 11 professional
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Army Builder V2.2c" = Army Builder V2.2c
"ATI Display Driver" = ATI Display Driver
"Autodesk's VEX Robotics Curriculum 2011" = Autodesk's VEX Robotics Curriculum 2011
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = ThinkPad Integrated 56K Modem
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV Player" = FLV Player 2.0, build 24
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GeoGebra 4.2" = GeoGebra 4.2
"GIMP-2_is1" = GIMP 2.8.2
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.48.2
"IrfanView" = IrfanView (remove only)
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OnScreenDisplay" = Anzeige am Bildschirm
"Opera 11.61.1250" = Opera 11.61
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel(R) PROSet/Wireless Software
"ReplayMusic5.45" = Replay Music 5
"RESIDENT EVIL2" = RESIDENT EVIL2
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Totalcmd" = Total Commander (Remove or Repair)
"TreeSize" = TreeSize
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR archiver
"ZoomPlayer" = Zoom Player (remove only)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.04.2013 07:21:20 | Computer Name = THINKPAD-1F443C | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 09.04.2013 15:47:22 | Computer Name = THINKPAD-1F443C | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 09.04.2013 22:16:24 | Computer Name = THINKPAD-1F443C | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 11.04.2013 06:38:51 | Computer Name = THINKPAD-1F443C | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 16.04.2013 16:38:12 | Computer Name = THINKPAD-1F443C | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 winword.exe, P2 12.0.4518.1014, P3
 ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
 
Error - 17.04.2013 04:26:22 | Computer Name = THINKPAD-1F443C | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 24.04.2013 04:31:02 | Computer Name = THINKPAD-1F443C | Source = MsiInstaller | ID = 11609
Description = 
 
[ System Events ]
Error - 25.04.2013 06:15:00 | Computer Name = THINKPAD-1F443C | Source = ati2mtag | ID = 43034
Description = Unknown EDID version
 
Error - 25.04.2013 06:15:00 | Computer Name = THINKPAD-1F443C | Source = ati2mtag | ID = 43034
Description = Unknown EDID version
 
Error - 25.04.2013 06:15:00 | Computer Name = THINKPAD-1F443C | Source = ati2mtag | ID = 43034
Description = Unknown EDID version
 
Error - 25.04.2013 06:15:00 | Computer Name = THINKPAD-1F443C | Source = ati2mtag | ID = 43034
Description = Unknown EDID version
 
Error - 25.04.2013 06:15:00 | Computer Name = THINKPAD-1F443C | Source = ati2mtag | ID = 43034
Description = Unknown EDID version
 
Error - 25.04.2013 07:23:13 | Computer Name = THINKPAD-1F443C | Source = ati2mtag | ID = 43034
Description = Unknown EDID version
 
Error - 25.04.2013 07:23:13 | Computer Name = THINKPAD-1F443C | Source = ati2mtag | ID = 43034
Description = Unknown EDID version
 
Error - 25.04.2013 07:23:13 | Computer Name = THINKPAD-1F443C | Source = ati2mtag | ID = 43034
Description = Unknown EDID version
 
Error - 25.04.2013 07:23:13 | Computer Name = THINKPAD-1F443C | Source = ati2mtag | ID = 43034
Description = Unknown EDID version
 
Error - 25.04.2013 07:23:13 | Computer Name = THINKPAD-1F443C | Source = ati2mtag | ID = 43034
Description = Unknown EDID version
 
 
< End of report >

--- --- ---
GMER Logfile:

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-20 19:05:27
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS424040M9AT00 rev.MA2OA71A 37,26GB
Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\Laptop\LOKALE~1\Temp\kwtdrpob.sys


---- System - GMER 2.1 ----

SSDT            F7B1DB3C                                                                                                             ZwClose
SSDT            F7B1DAF6                                                                                                             ZwCreateKey
SSDT            F7B1DB46                                                                                                             ZwCreateSection
SSDT            F7B1DAEC                                                                                                             ZwCreateThread
SSDT            F7B1DAFB                                                                                                             ZwDeleteKey
SSDT            F7B1DB05                                                                                                             ZwDeleteValueKey
SSDT            F7B1DB37                                                                                                             ZwDuplicateObject
SSDT            F7B1DB0A                                                                                                             ZwLoadKey
SSDT            F7B1DAD8                                                                                                             ZwOpenProcess
SSDT            F7B1DADD                                                                                                             ZwOpenThread
SSDT            F7B1DB5F                                                                                                             ZwQueryValueKey
SSDT            F7B1DB14                                                                                                             ZwReplaceKey
SSDT            F7B1DB50                                                                                                             ZwRequestWaitReplyPort
SSDT            F7B1DB0F                                                                                                             ZwRestoreKey
SSDT            F7B1DB4B                                                                                                             ZwSetContextThread
SSDT            F7B1DB55                                                                                                             ZwSetSecurityObject
SSDT            F7B1DB00                                                                                                             ZwSetValueKey
SSDT            F7B1DB5A                                                                                                             ZwSystemDebugControl
SSDT            F7B1DAE7                                                                                                             ZwTerminateProcess

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                              SynTP.sys
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                              mouclass.sys
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                              SynTP.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0x79 0xBE 0xBE 0x8E ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x2F 0xF8 0xF4 0xD5 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0xBB 0xDC 0x11 0x4F ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x79 0xBE 0xBE 0x8E ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x2F 0xF8 0xF4 0xD5 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xBB 0xDC 0x11 0x4F ...

---- EOF - GMER 2.1 ----

--- --- ---

TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/Eglate

Log-Analyse und Auswertung: TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/Eglate

TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/Eglate

Ähnliche Themen: TR/spy.zBot.kumd in C:/Dokumente und Einstellungen/Laptop/Anwendungsdaten/Eglate