|
Plagegeister aller Art und deren Bekämpfung: Win 7 - Prof - 64 bit macht sich manchmal selbstständigWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.04.2010, 19:35 | #1 |
| Win 7 - Prof - 64 bit macht sich manchmal selbstständig Hi Leute, die Verselbstständigung hat u.a. jene Merkmale: - BS fährt selbstständig runter - Beim Ansehen von DVD's wird eine Pausenfkt. selbstständig durchgeführt - Sound des PC's deaktiviert sich selbstständig - Im Windows-Explorer öffnen sich selbstständig Ordner - Im Firefox öffnen sich selbstständig Funktionsmenüs - etc. - Zuletzt waren auf einmal im Outlook alle PW's der Konten gelöscht Also eigentlich eher weniger ein böswilliger Schaden, sondern mehr ein Ärgernis. So, als wenn jemand sagen würde, "Hallo, ich bin noch da". Diese Probleme habe ich 1 - 2x am Tag für so ca. 10 - 20 Minuten. Standartmäßig habe ich die InternetSecurity 2010 von GData. Dazu habe ich dann The Cleaner 2011 installiert der auch promt ne Malware fand: [01.04.2010 22:16:37]Session>Started [01.04.2010 22:16:37]Startup>The Cleaner 2011 7.2.0.3510 [01.04.2010 22:16:37]> [01.04.2010 22:16:37]>=== UNREGISTERED === [01.04.2010 22:16:37]> [01.04.2010 22:16:37]Startup>AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ [01.04.2010 22:16:37]Startup>Windows 7 64-bit [01.04.2010 22:16:37]Startup>UAC enabled. [01.04.2010 22:16:37]Startup>Memory load: 51% [01.04.2010 22:16:37]Startup>Physical memory: 6143Mb [01.04.2010 22:16:37]Startup>Malware Database: C:\Program Files (x86)\The Cleaner\malware.abs [01.04.2010 22:16:37]Startup>Registry Database: C:\Program Files (x86)\The Cleaner\registry.abs [01.04.2010 22:16:37]Startup>Files Database: C:\Program Files (x86)\The Cleaner\files.abs [01.04.2010 22:16:37]Startup>Filespect Database: C:\Program Files (x86)\The Cleaner\filespect.abs [01.04.2010 22:16:37]Startup>DeepScan Database: C:\Program Files (x86)\The Cleaner\deepscan.abs [01.04.2010 22:16:37]Startup>Whitelist Database: C:\Users\***\AppData\Roaming\thecleaner\whitelist.abs [01.04.2010 22:16:37]Startup>Malware Database Version 1357 [01.04.2010 22:17:08]Scan>Smart Scan started. [01.04.2010 22:17:10]Scan>[R] 11: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges=1 (should be 0): Display Properties Hijack [01.04.2010 22:28:20]Scan>Scan of 17129 objects completed in 11 Minuten, 10 Sekunden [01.04.2010 22:28:20]Scan>Malware detected. [01.04.2010 22:33:16]Repair>Repairing items... [01.04.2010 22:33:16]Repair Registry>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges [01.04.2010 22:33:16]Repair>Repairs completed. Dachte es wäre damit erledigt gewesen. Tauschte die PW's aus und änderte die Netz-Klasse in meiner Fritzbox vorsichtshalber. Aber 2 Stunden später war das Problem/ der "Gast"? aber wieder da. So gehe ich mal davon aus, das es ein Trojaner ist, denn wie sollte es denn so schnell möglich sein die neue IP zu finden? Hatte in der Zwischenzeit TrojanHunter 5.3, MS Security Essentials und a-suared Free installiert. Deren Scans waren alle ohne Befund. Heute habe ich mir dann von G-Data die Start-CD erstellt um den mbr zu scannen. Leider hängt das Programm sich auf der Linuxoberfläche auf. CCleaner habe ich intalliert. Das Programm Malwarebytes fand dann: Adware.Win32.MyWebSearch Der vollständige Scan war ohne Befund. RIST läuft wie ich es mir gedacht habe nicht, weil dieses HijackThis nicht unter Win 7 läuft. Ich bekomme hier die Fehlermeldung: Line -1: Error: Variable used without being declared Könnt Ihr mir ein Programm nennen mit dem ich den mbr scannen kann und wenn unter dem BS, welches da eben unter Win 7 64 bit lauffähig ist? Und das andere, für den Fall, das ich nicht um eine Neuinstellation herumkomme, wie kann ich meine offnen Ports 80 und 8080 in der Fritzbox absichern. Sonst ist es ja wohl nur eine Frage der Zeit, bis ich das gleiche Problem wieder habe. Das Programm Advanced Port Scanner v1.3 zeigt mir auf auf meinem Rechner die Ports 135 (loc-srv), 139 (netbios-ssn) und 445 (microsoft-ds) als offen an. Muss ich die offen lassen? Auf der Microsoft-Webseite gibt es folgenden eintrag: Sicherheitsupdate für Windows 7 Prä-Betaversionen für x64-Systeme (KB958644) Es wurde eine Sicherheitslücke entdeckt, durch die ein authentifizierter Angreifer remote in ein Microsoft Windows-System eindringen und die Steuerung übernehmen könnte. Will ich es installieren bekomme ich den Hinweis, dass das Update nicht für diesen Computer geeignet ist. Vielen Dank im Voraus für Eure Hilfe und Tipps. |
09.04.2010, 12:11 | #2 | |||||||
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 - Prof - 64 bit macht sich manchmal selbstständig Hallo und
__________________Zitat:
Zitat:
Zitat:
Zitat:
Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Zitat:
Man sollte immer möglichst zusehen, dass man nicht von außen auf die Konfigurationsseite des Routers kommen kann! Zitat:
Wenn Du den Dienst beendest um diese Ports zu schließen, können bestimmte Dinge nicht genutzt werden (Googlesuchen nach Port 135 usw. erklärt Dir mehr) Zitat:
__________________ |
09.04.2010, 14:47 | #3 |
| Win 7 - Prof - 64 bit macht sich manchmal selbstständig OTL-Scan - Teil 1:
__________________OTL logfile created on: 09.04.2010 14:56:25 - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\***\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 75,00% Memory free 12,00 Gb Paging File | 10,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 69,99 Gb Free Space | 62,67% Space Free | Partition Type: NTFS Drive D: | 25,39 Gb Total Space | 23,10 Gb Free Space | 90,98% Space Free | Partition Type: NTFS Drive E: | 40,04 Gb Total Space | 6,59 Gb Free Space | 16,46% Space Free | Partition Type: NTFS Drive F: | 21,49 Gb Total Space | 12,06 Gb Free Space | 56,14% Space Free | Partition Type: NTFS Drive G: | 40,04 Gb Total Space | 9,57 Gb Free Space | 23,89% Space Free | Partition Type: NTFS Drive H: | 59,35 Gb Total Space | 0,31 Gb Free Space | 0,52% Space Free | Partition Type: NTFS Drive I: | 7,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive J: | 7,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools) PRC - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools) PRC - C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools) PRC - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files (x86)\a-squared Free\a2service.exe (Emsi Software GmbH) PRC - C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) PRC - C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG) PRC - C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Program Files (x86)\Nuance\PDF Create! 6\PdfCreate6Hook.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) PRC - C:\Windows\SysWOW64\PSIService.exe () PRC - C:\Program Files (x86)\Common Files\ACD Systems\DE\DevDetect.exe (ACD Systems, Ltd.) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files (x86)\Spyware Doctor\smum32.dll (PC Tools) MOD - C:\Program Files (x86)\Spyware Doctor\pctgmhk.dll (PC Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (Irmon) -- C:\Windows\SysNative\irmon.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (moohelp) -- C:\Program Files (x86)\The Cleaner\mhelper.exe (MooSoft Development LLC) SRV - (sdCoreService) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools) SRV - (sdAuxService) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools) SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG) SRV - (a2free) -- C:\Program Files (x86)\a-squared Free\a2service.exe (Emsi Software GmbH) SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) SRV - (AVKService) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\Windows\SysWOW64\PSIService.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G DATA Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation) DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation) DRV - (pfc) -- C:\Windows\SysWOW64\drivers\pfc.sys (Padus, Inc.) DRV - (CSC) -- C:\Windows\CSC [2010.03.11 12:45:23 | 000,000,000 | ---D | M] DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 86 63 3F 0D C1 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "softonic-de3 Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:defficial" FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.08 16:04:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.08 16:04:34 | 000,000,000 | ---D | M] [2010.03.11 14:18:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.04.08 19:13:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\j8ef1fwb.default\extensions [2010.04.08 19:13:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\j8ef1fwb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.04.01 22:01:34 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\j8ef1fwb.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.03.16 11:42:56 | 000,000,927 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\j8ef1fwb.default\searchplugins\conduit.xml [2010.03.11 14:56:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.03.11 14:56:26 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Device Detector] File not found O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [Nuance PDF Create! 6-reminder] C:\Program Files (x86)\Nuance\PDF Create! 6\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF6 Registry Controller] C:\Program Files (x86)\Nuance\PDF Create! 6\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Create! 6\pdfcreate6hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKCU..\Run: [tcactive] C:\Program Files (x86)\The Cleaner\tcap.exe (MooSoft Development Inc) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.121.57.10 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe) - c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe () O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.08 20:43:25 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2010.04.08 20:43:24 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2010.04.08 20:43:24 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2010.04.08 20:40:53 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys [2010.04.08 20:40:53 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys [2010.04.08 20:40:39 | 000,230,904 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys [2010.04.08 20:40:17 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys [2010.04.08 20:39:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor [2010.04.08 20:39:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PC Tools [2010.04.08 20:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010.04.08 20:39:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2010.04.08 19:22:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2010.04.08 19:22:34 | 000,000,000 | ---D | C] -- C:\rsit [2010.04.08 19:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.04.08 17:46:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.04.08 17:45:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.04.08 17:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.04.08 17:45:55 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.04.08 17:45:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.04.08 16:04:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.04.08 16:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.04.08 12:24:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrojanHunter 5.3 [2010.04.08 12:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2010.04.08 11:53:24 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\a-squared Free [2010.04.08 11:53:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\a-squared Free [2010.04.07 21:57:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Wireshark [2010.04.07 21:40:47 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\PDF-Favoriten [2010.04.07 20:42:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware [2010.04.07 20:42:25 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Essentials [2010.04.02 21:54:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\IsolatedStorage [2010.04.02 21:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Earth 3D [2010.04.02 19:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Port Scanner [2010.04.01 22:47:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics [2010.04.01 22:27:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Diagnostics [2010.04.01 22:14:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\thecleaner [2010.04.01 22:14:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Cleaner [2010.04.01 22:06:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Conduit [2010.04.01 22:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2010.04.01 21:27:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Zeon [2010.04.01 21:11:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR [2010.04.01 20:56:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nero [2010.03.31 10:24:52 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll [2010.03.31 10:24:52 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll [2010.03.31 10:24:52 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2010.03.31 10:24:52 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll [2010.03.31 10:24:52 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll [2010.03.31 10:24:52 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2010.03.31 10:24:51 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll [2010.03.31 10:24:51 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2010.03.26 11:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance [2010.03.26 11:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\zeon [2010.03.26 11:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared [2010.03.26 11:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuance [2010.03.26 11:11:53 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2010.03.24 19:19:06 | 000,000,000 | ---D | C] -- C:\Medion [2010.03.23 23:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\visagesoft [2010.03.21 14:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe [2010.03.20 09:31:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NAVIGON [2010.03.19 13:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2010.03.19 13:32:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink [2010.03.19 13:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink [2010.03.19 13:30:24 | 000,505,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll [2010.03.19 13:30:24 | 000,353,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll [2010.03.19 13:30:24 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll [2010.03.19 13:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2010.03.18 23:07:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chami [2010.03.18 23:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\phase5 [2010.03.18 15:31:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ikanos Consulting [2010.03.18 15:19:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games [2010.03.18 15:12:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ACD Systems [2010.03.18 15:12:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ACD Systems [2010.03.18 15:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ACD Systems [2010.03.18 15:11:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ACD Systems [2010.03.18 15:11:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ACD Systems [2010.03.18 15:10:14 | 000,010,368 | ---- | C] (Padus, Inc.) -- C:\Windows\SysWow64\drivers\pfc.sys [2010.03.18 15:07:52 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2010.03.17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2010.03.17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts [2010.03.16 23:28:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2010.03.16 16:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskTBar [2010.03.16 13:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2010.03.16 13:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2010.03.16 13:13:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2010.03.16 13:13:07 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2010.03.16 13:12:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe [2010.03.15 17:15:02 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Meine Snapfire Shows [2010.03.15 17:13:51 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Meine PSP-Dateien [2010.03.15 17:13:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Corel [2010.03.15 17:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel [2010.03.15 17:11:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Spool [2010.03.15 17:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel [2010.03.15 17:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel [2010.03.15 17:02:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010.03.15 16:59:44 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2010.03.15 16:56:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office Outlook Connector [2010.03.15 16:56:42 | 000,061,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys [2010.03.15 16:56:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2010.03.15 16:56:41 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live [2010.03.15 16:56:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework [2010.03.15 16:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive [2010.03.15 16:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2010.03.15 16:54:44 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2010.03.15 16:54:44 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2010.03.15 16:54:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2010.03.15 16:47:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2010.03.15 16:46:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2010.03.15 16:46:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2010.03.14 00:17:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\rollercoaster_tracks [2010.03.13 21:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\eXPert PDF 5 [2010.03.13 18:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software [2010.03.12 13:11:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe [2010.03.12 11:14:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows SideShow [2010.03.11 20:16:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2010.03.11 20:08:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Eraser 6 [2010.03.11 17:52:16 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.03.11 17:52:16 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2010.03.11 17:52:16 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2010.03.11 17:52:15 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.03.11 17:52:15 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2010.03.11 17:52:15 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2010.03.11 17:52:14 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2010.03.11 17:52:14 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2010.03.11 17:52:14 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe [2010.03.11 17:52:05 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2010.03.11 17:52:03 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2010.03.11 17:52:02 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2010.03.11 17:52:02 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll [2010.03.11 17:52:02 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll [2010.03.11 17:52:01 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2010.03.11 17:52:00 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2010.03.11 17:52:00 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2010.03.11 17:51:59 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2010.03.11 17:51:59 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2010.03.11 17:51:59 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2010.03.11 17:51:59 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2010.03.11 17:51:59 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2010.03.11 17:51:58 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll [2010.03.11 17:51:58 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll [2010.03.11 17:51:58 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll [2010.03.11 17:51:58 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll [2010.03.11 17:51:58 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe [2010.03.11 17:51:58 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe [2010.03.11 17:51:58 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe [2010.03.11 17:51:58 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe [2010.03.11 17:51:58 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe [2010.03.11 17:51:58 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe [2010.03.11 17:51:58 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe [2010.03.11 17:51:58 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll [2010.03.11 17:51:58 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll [2010.03.11 17:51:58 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll [2010.03.11 17:51:58 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll [2010.03.11 17:51:57 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe [2010.03.11 17:51:56 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2010.03.11 17:51:56 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2010.03.11 17:51:56 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2010.03.11 17:51:56 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2010.03.11 17:51:55 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2010.03.11 17:51:55 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll [2010.03.11 17:51:55 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll [2010.03.11 17:51:55 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll [2010.03.11 17:51:55 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll [2010.03.11 17:51:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2010.03.11 17:51:55 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll [2010.03.11 17:51:55 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll [2010.03.11 17:51:55 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll [2010.03.11 17:51:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2010.03.11 17:51:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2010.03.11 17:51:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2010.03.11 17:51:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2010.03.11 17:51:46 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll [2010.03.11 16:56:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\G DATA [2010.03.11 15:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeMind [2010.03.11 15:47:32 | 000,000,000 | ---D | C] -- C:\Programme\Tor-IM-Browser [2010.03.11 15:47:26 | 000,000,000 | ---D | C] -- C:\Programme\TCPView [2010.03.11 15:45:08 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2010.03.11 15:44:40 | 000,455,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll [2010.03.11 15:44:40 | 000,182,784 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2010.03.11 15:44:40 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2010.03.11 15:44:40 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2010.03.11 15:44:23 | 000,000,000 | ---D | C] -- C:\Programme\Java [2010.03.11 15:31:12 | 000,506,368 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll [2010.03.11 15:28:08 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DVDVideoSoft [2010.03.11 15:28:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2010.03.11 15:28:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2010.03.11 15:26:51 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR [2010.03.11 15:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2010.03.11 15:17:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google [2010.03.11 15:16:01 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\gegl-0.0 [2010.03.11 15:16:01 | 000,000,000 | ---D | C] -- C:\Users\***\.gimp-2.6 [2010.03.11 15:15:08 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0 [2010.03.11 15:13:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ZoomBrowser EX [2010.03.11 15:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser [2010.03.11 15:08:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Canon [2010.03.11 15:06:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2010.03.11 15:06:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple [2010.03.11 15:06:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2010.03.11 15:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2010.03.11 15:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010.03.11 15:05:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2010.03.11 15:05:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2010.03.11 15:02:10 | 000,106,224 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys [2010.03.11 14:55:13 | 000,034,760 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2010.03.11 14:27:24 | 000,074,184 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2010.03.11 14:27:02 | 000,042,952 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys [2010.03.11 14:26:49 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARASpi64.dll [2010.03.11 14:26:49 | 000,019,496 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2010.03.11 14:26:41 | 000,048,584 | ---- | C] (G DATA Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2010.03.11 14:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA [2010.03.11 14:26:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G DATA [2010.03.11 14:26:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G DATA [2010.03.11 14:23:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations [2010.03.11 14:18:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla [2010.03.11 14:18:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla [2010.03.11 14:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010.03.11 14:16:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia [2010.03.11 14:16:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe [2010.03.11 14:16:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2010.03.11 13:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2010.03.11 13:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2010.03.11 13:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2010.03.11 13:45:01 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010.03.11 13:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2010.03.11 13:43:23 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2010.03.11 13:43:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2010.03.11 13:42:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help [2010.03.11 13:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2010.03.11 13:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2010.03.11 13:42:26 | 000,000,000 | RH-D | C] -- C:\MSOCache [2010.03.11 13:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2010.03.11 13:34:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2010.03.11 13:34:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2010.03.11 13:34:32 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation [2010.03.11 13:33:54 | 000,930,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpinst.exe [2010.03.11 13:33:54 | 000,068,200 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2010.03.11 13:33:54 | 000,065,640 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2010.03.11 13:33:54 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd [2010.03.11 13:33:53 | 020,469,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2010.03.11 13:33:53 | 014,924,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2010.03.11 13:33:53 | 004,321,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2010.03.11 13:33:51 | 011,862,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2010.03.11 13:33:51 | 004,645,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvencodemft.dll [2010.03.11 13:33:51 | 004,338,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvencodemft.dll [2010.03.11 13:33:51 | 000,386,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll [2010.03.11 13:33:51 | 000,318,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll [2010.03.11 13:33:49 | 009,388,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2010.03.11 13:33:49 | 005,416,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2010.03.11 13:33:49 | 004,325,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2010.03.11 13:33:49 | 004,077,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2010.03.11 13:33:49 | 004,061,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2010.03.11 13:33:49 | 002,332,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2010.03.11 13:33:49 | 002,243,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2010.03.11 13:33:48 | 016,051,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2010.03.11 13:33:48 | 011,639,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2010.03.11 13:33:48 | 001,579,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2010.03.11 13:33:48 | 001,280,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2010.03.11 13:33:48 | 000,202,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod189.dll [2010.03.11 13:33:48 | 000,202,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll [2010.03.11 13:33:46 | 000,000,000 | ---D | C] -- C:\NVIDIA [2010.03.11 13:32:04 | 000,000,000 | ---D | C] -- C:\Programme\Canon [2010.03.11 13:32:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2010.03.11 13:31:39 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Canon [2010.03.11 13:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2010.03.11 13:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd [2010.03.11 13:26:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Leadertech [2010.03.11 13:26:19 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2010.03.11 13:25:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd [2010.03.11 13:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd [2010.03.11 13:25:49 | 000,000,000 | ---D | C] -- C:\Programme\Logitech [2010.03.11 13:25:20 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\LogiShrd [2010.03.11 13:25:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Logitech [2010.03.11 13:25:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Logishrd [2010.03.11 13:22:26 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010.03.11 13:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2010.03.11 13:04:15 | 000,000,000 | R--D | C] -- C:\Users\***\Searches [2010.03.11 13:03:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities [2010.03.11 13:03:49 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts [2010.03.11 13:03:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore [2010.03.11 13:03:38 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft [2010.03.11 13:03:38 | 000,000,000 | R--D | C] -- C:\Users\***\Videos [2010.03.11 13:03:38 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games [2010.03.11 13:03:38 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures [2010.03.11 13:03:38 | 000,000,000 | R--D | C] -- C:\Users\***\Music [2010.03.11 13:03:38 | 000,000,000 | R--D | C] -- C:\Users\***\Links [2010.03.11 13:03:38 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites [2010.03.11 13:03:38 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads [2010.03.11 13:03:38 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [2010.03.11 13:03:38 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop [2010.03.11 13:03:38 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen [2010.03.11 13:03:38 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf [2010.03.11 13:03:38 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files [2010.03.11 13:03:38 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü [2010.03.11 13:03:38 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo [2010.03.11 13:03:38 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent [2010.03.11 13:03:38 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung [2010.03.11 13:03:38 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen [2010.03.11 13:03:38 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos [2010.03.11 13:03:38 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik [2010.03.11 13:03:38 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien [2010.03.11 13:03:38 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder [2010.03.11 13:03:38 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung [2010.03.11 13:03:38 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies [2010.03.11 13:03:38 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten [2010.03.11 13:03:38 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten [2010.03.11 13:03:38 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData [2010.03.11 13:03:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp [2010.03.11 13:03:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft [2010.03.11 13:03:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs [2010.03.11 13:03:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2010.03.11 13:03:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2010.03.11 13:03:20 | 000,000,000 | -HSD | C] -- C:\Recovery [2010.03.11 13:03:20 | 000,000,000 | -HSD | C] -- C:\Programme [2010.03.11 13:03:20 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2010.03.11 13:03:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2010.03.11 13:03:20 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2010.03.11 13:03:20 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2010.03.11 13:03:20 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2010.03.11 13:03:20 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2010.03.11 13:03:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2010.03.11 13:03:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2010.03.11 12:47:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2010.03.11 12:47:39 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010.03.11 12:44:48 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2010.03.11 12:44:28 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010.03.11 12:43:22 | 000,000,000 | ---D | C] -- C:\Windows\Panther |
09.04.2010, 14:49 | #4 |
| Win 7 - Prof - 64 bit macht sich manchmal selbstständig OTL-Scan - Teil 2: ========== Files - Modified Within 30 Days ========== [2010.04.09 14:59:14 | 001,572,864 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.04.09 14:27:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.04.09 14:27:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.04.09 10:59:34 | 000,014,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.04.09 10:59:34 | 000,014,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.04.09 10:43:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.04.09 10:43:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.04.09 10:43:43 | 536,322,047 | -HS- | M] () -- C:\hiberfil.sys [2010.04.08 20:40:53 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2010.04.08 19:21:41 | 000,005,486 | ---- | M] () -- C:\Users\***\Documents\cc_20100408_192138.reg [2010.04.08 19:21:06 | 000,031,708 | ---- | M] () -- C:\Users\***\Documents\cc_20100408_192058.reg [2010.04.08 19:13:22 | 000,001,889 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.04.08 17:46:02 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.08 17:37:52 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.04.08 16:07:22 | 002,815,769 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.04.08 16:04:24 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.04.08 12:25:51 | 000,059,392 | R--- | M] () -- C:\Windows\SysWow64\streamhlp.dll [2010.04.08 11:53:47 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\a-squared Free.lnk [2010.04.07 20:42:26 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.04.06 12:57:12 | 000,001,494 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010.04.02 21:53:52 | 000,002,062 | ---- | M] () -- C:\Users\Public\Desktop\Bing Maps 3D.lnk [2010.04.02 18:42:57 | 000,744,339 | ---- | M] () -- C:\Users\*** \Desktop\PAVARK.exe [2010.04.01 23:03:58 | 000,009,347 | ---- | M] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).EML [2010.04.01 22:26:47 | 078,577,664 | ---- | M] () -- C:\Users\***\Documents\1.04.10 [2010.04.01 22:14:50 | 000,109,328 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.04.01 22:14:29 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\The Cleaner 2011.lnk [2010.03.30 19:36:58 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{4ed45dbf-3c0c-11df-881c-0019665cdf0b}.TMContainer00000000000000000002.regtrans-ms [2010.03.30 19:36:58 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{4ed45dbf-3c0c-11df-881c-0019665cdf0b}.TMContainer00000000000000000001.regtrans-ms [2010.03.30 19:36:58 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{4ed45dbf-3c0c-11df-881c-0019665cdf0b}.TM.blf [2010.03.30 12:01:02 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.03.30 12:01:02 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.03.30 12:01:02 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.03.30 12:01:02 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.03.30 12:01:02 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.03.29 15:24:46 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.03.27 15:45:13 | 000,413,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.03.26 11:12:15 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\PDF Create-Assistent.lnk [2010.03.24 19:19:58 | 000,000,952 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2010.03.20 09:32:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.03.20 09:31:07 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\NAVIGON Fresh.lnk [2010.03.19 13:33:04 | 000,002,112 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 9.lnk [2010.03.19 13:29:07 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll [2010.03.19 13:29:06 | 000,505,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll [2010.03.19 13:29:06 | 000,353,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll [2010.03.18 15:12:00 | 000,000,252 | ---- | M] () -- C:\Windows\system.ini [2010.03.18 15:10:14 | 000,010,368 | ---- | M] (Padus, Inc.) -- C:\Windows\SysWow64\drivers\pfc.sys [2010.03.17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2010.03.17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts [2010.03.16 13:28:29 | 000,004,767 | ---- | M] () -- C:\Windows\Irremote.ini [2010.03.16 13:14:38 | 000,002,726 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2010.03.15 17:15:40 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{f0f8f74f-3032-11df-824c-0019665cdf0b}.TMContainer00000000000000000002.regtrans-ms [2010.03.15 17:15:40 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{f0f8f74f-3032-11df-824c-0019665cdf0b}.TMContainer00000000000000000001.regtrans-ms [2010.03.15 17:15:40 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{f0f8f74f-3032-11df-824c-0019665cdf0b}.TM.blf [2010.03.14 21:03:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010.03.12 11:49:40 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{8a1cd82f-2db9-11df-9ed8-0019665cdf0b}.TMContainer00000000000000000002.regtrans-ms [2010.03.12 11:49:40 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{8a1cd82f-2db9-11df-9ed8-0019665cdf0b}.TMContainer00000000000000000001.regtrans-ms [2010.03.12 11:49:40 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{8a1cd82f-2db9-11df-9ed8-0019665cdf0b}.TM.blf [2010.03.12 11:10:20 | 000,001,243 | ---- | M] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk [2010.03.11 17:57:09 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini [2010.03.11 16:16:13 | 000,012,984 | ---- | M] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).CAL [2010.03.11 16:15:31 | 000,038,452 | ---- | M] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2010.03.11 15:49:07 | 000,001,889 | ---- | M] () -- C:\Users\***\Desktop\FreeMind.lnk [2010.03.11 15:44:27 | 000,455,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll [2010.03.11 15:44:27 | 000,182,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2010.03.11 15:44:27 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2010.03.11 15:44:27 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2010.03.11 15:02:10 | 000,106,224 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys [2010.03.11 14:57:16 | 000,074,184 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2010.03.11 14:56:54 | 000,042,952 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys [2010.03.11 14:55:20 | 000,048,584 | ---- | M] (G DATA Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2010.03.11 14:55:13 | 000,034,760 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2010.03.11 14:18:49 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.03.11 13:26:19 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2010.03.11 13:06:04 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.03.11 13:06:04 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.03.11 13:06:04 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.03.11 13:03:38 | 000,000,020 | -HS- | M] () -- C:\Users\***\ntuser.ini [2010.03.11 12:48:55 | 000,054,699 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010.03.11 12:48:55 | 000,054,699 | ---- | M] () -- C:\Windows\SysNative\license.rtf ========== Files Created - No Company Name ========== [2010.04.08 20:43:26 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2010.04.08 20:43:25 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip [2010.04.08 20:43:25 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml [2010.04.08 20:43:25 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml [2010.04.08 20:43:25 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip [2010.04.08 20:40:53 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat [2010.04.08 20:40:39 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat [2010.04.08 20:40:25 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2010.04.08 20:40:17 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat [2010.04.08 19:21:39 | 000,005,486 | ---- | C] () -- C:\Users\***\Documents\cc_20100408_192138.reg [2010.04.08 19:21:02 | 000,031,708 | ---- | C] () -- C:\Users\***\Documents\cc_20100408_192058.reg [2010.04.08 19:13:22 | 000,001,889 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.04.08 17:46:02 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.08 17:37:52 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.04.08 16:04:24 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.04.08 12:24:32 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll [2010.04.08 11:53:47 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\a-squared Free.lnk [2010.04.07 21:25:55 | 000,002,045 | ---- | C] () -- C:\Users\***\Desktop\Control Panel All Tasks List.lnk [2010.04.07 20:42:26 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.04.02 21:53:51 | 000,002,062 | ---- | C] () -- C:\Users\Public\Desktop\Bing Maps 3D.lnk [2010.04.02 18:42:57 | 000,744,339 | ---- | C] () -- C:\Users\***\Desktop\PAVARK.exe [2010.04.01 22:26:22 | 078,577,664 | ---- | C] () -- C:\Users\***\Documents\1.04.10 [2010.04.01 22:14:29 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\The Cleaner 2011.lnk [2010.03.30 19:36:57 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{4ed45dbf-3c0c-11df-881c-0019665cdf0b}.TMContainer00000000000000000002.regtrans-ms [2010.03.30 19:36:57 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{4ed45dbf-3c0c-11df-881c-0019665cdf0b}.TMContainer00000000000000000001.regtrans-ms [2010.03.30 19:36:57 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{4ed45dbf-3c0c-11df-881c-0019665cdf0b}.TM.blf [2010.03.26 11:12:29 | 000,001,494 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.03.26 11:12:15 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\PDF Create-Assistent.lnk [2010.03.20 09:32:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.03.20 09:31:07 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\NAVIGON Fresh.lnk [2010.03.19 13:33:04 | 000,002,112 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 9.lnk [2010.03.16 13:28:29 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2010.03.16 13:14:38 | 000,002,726 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2010.03.15 17:13:52 | 000,000,952 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2010.03.15 17:08:51 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{f0f8f74f-3032-11df-824c-0019665cdf0b}.TMContainer00000000000000000002.regtrans-ms [2010.03.15 17:08:51 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{f0f8f74f-3032-11df-824c-0019665cdf0b}.TMContainer00000000000000000001.regtrans-ms [2010.03.15 17:08:51 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{f0f8f74f-3032-11df-824c-0019665cdf0b}.TM.blf [2010.03.14 21:03:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010.03.13 18:22:28 | 000,014,336 | ---- | C] () -- C:\Windows\SysWow64\vsmon1.dll [2010.03.12 11:49:40 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{8a1cd82f-2db9-11df-9ed8-0019665cdf0b}.TMContainer00000000000000000002.regtrans-ms [2010.03.12 11:49:40 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{8a1cd82f-2db9-11df-9ed8-0019665cdf0b}.TMContainer00000000000000000001.regtrans-ms [2010.03.12 11:49:40 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{8a1cd82f-2db9-11df-9ed8-0019665cdf0b}.TM.blf [2010.03.11 16:16:13 | 000,012,984 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).CAL [2010.03.11 16:15:31 | 000,038,452 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2010.03.11 16:03:47 | 000,009,347 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).EML [2010.03.11 15:49:07 | 000,001,889 | ---- | C] () -- C:\Users\***\Desktop\FreeMind.lnk [2010.03.11 15:28:08 | 000,001,243 | ---- | C] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk [2010.03.11 15:17:37 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.03.11 15:17:36 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.03.11 14:18:49 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.03.11 13:33:54 | 000,009,163 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2010.03.11 13:03:38 | 001,572,864 | -HS- | C] () -- C:\Users\***\NTUSER.DAT [2010.03.11 13:03:38 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.03.11 13:03:38 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.03.11 13:03:38 | 000,262,144 | -HS- | C] () -- C:\Users\***\ntuser.dat.LOG1 [2010.03.11 13:03:38 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.03.11 13:03:38 | 000,000,020 | -HS- | C] () -- C:\Users\***\ntuser.ini [2010.03.11 13:03:38 | 000,000,000 | -HS- | C] () -- C:\Users\***\ntuser.dat.LOG2 [2010.03.11 12:44:28 | 536,322,047 | -HS- | C] () -- C:\hiberfil.sys [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2002.03.21 16:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\UNACEV2.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 240 bytes -> C:\ProgramData\Temp:07C8C7C8 @Alternate Data Stream - 20 bytes -> C:\Users\***\Desktop\PAVARK.exe:License @Alternate Data Stream - 172 bytes -> C:\ProgramData\TempFC5A2B2 @Alternate Data Stream - 143 bytes -> C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).EML:OECustomProperty @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8 < End of report > ========== Files Created - No Company Name ========== [2010.04.08 20:43:26 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2010.04.08 20:43:25 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip [2010.04.08 20:43:25 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml [2010.04.08 20:43:25 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml [2010.04.08 20:43:25 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip [2010.04.08 20:40:53 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat [2010.04.08 20:40:39 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat [2010.04.08 20:40:25 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2010.04.08 20:40:17 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat [2010.04.08 19:21:39 | 000,005,486 | ---- | C] () -- C:\Users\***\Documents\cc_20100408_192138.reg [2010.04.08 19:21:02 | 000,031,708 | ---- | C] () -- C:\Users\***\Documents\cc_20100408_192058.reg [2010.04.08 19:13:22 | 000,001,889 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.04.08 17:46:02 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.08 17:37:52 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.04.08 16:04:24 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.04.08 12:24:32 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll [2010.04.08 11:53:47 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\a-squared Free.lnk [2010.04.07 21:25:55 | 000,002,045 | ---- | C] () -- C:\Users\***\Desktop\Control Panel All Tasks List.lnk [2010.04.07 20:42:26 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.04.02 21:53:51 | 000,002,062 | ---- | C] () -- C:\Users\Public\Desktop\Bing Maps 3D.lnk [2010.04.02 18:42:57 | 000,744,339 | ---- | C] () -- C:\Users\***\Desktop\PAVARK.exe [2010.04.01 22:26:22 | 078,577,664 | ---- | C] () -- C:\Users\***\Documents\1.04.10 [2010.04.01 22:14:29 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\The Cleaner 2011.lnk [2010.03.30 19:36:57 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{4ed45dbf-3c0c-11df-881c-0019665cdf0b}.TMContainer00000000000000000002.regtrans-ms [2010.03.30 19:36:57 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{4ed45dbf-3c0c-11df-881c-0019665cdf0b}.TMContainer00000000000000000001.regtrans-ms [2010.03.30 19:36:57 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{4ed45dbf-3c0c-11df-881c-0019665cdf0b}.TM.blf [2010.03.26 11:12:29 | 000,001,494 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.03.26 11:12:15 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\PDF Create-Assistent.lnk [2010.03.20 09:32:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.03.20 09:31:07 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\NAVIGON Fresh.lnk [2010.03.19 13:33:04 | 000,002,112 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 9.lnk [2010.03.16 13:28:29 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2010.03.16 13:14:38 | 000,002,726 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2010.03.15 17:13:52 | 000,000,952 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2010.03.15 17:08:51 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{f0f8f74f-3032-11df-824c-0019665cdf0b}.TMContainer00000000000000000002.regtrans-ms [2010.03.15 17:08:51 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{f0f8f74f-3032-11df-824c-0019665cdf0b}.TMContainer00000000000000000001.regtrans-ms [2010.03.15 17:08:51 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{f0f8f74f-3032-11df-824c-0019665cdf0b}.TM.blf [2010.03.14 21:03:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010.03.13 18:22:28 | 000,014,336 | ---- | C] () -- C:\Windows\SysWow64\vsmon1.dll [2010.03.12 11:49:40 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{8a1cd82f-2db9-11df-9ed8-0019665cdf0b}.TMContainer00000000000000000002.regtrans-ms [2010.03.12 11:49:40 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{8a1cd82f-2db9-11df-9ed8-0019665cdf0b}.TMContainer00000000000000000001.regtrans-ms [2010.03.12 11:49:40 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{8a1cd82f-2db9-11df-9ed8-0019665cdf0b}.TM.blf [2010.03.11 16:16:13 | 000,012,984 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).CAL [2010.03.11 16:15:31 | 000,038,452 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2010.03.11 16:03:47 | 000,009,347 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).EML [2010.03.11 15:49:07 | 000,001,889 | ---- | C] () -- C:\Users\***\Desktop\FreeMind.lnk [2010.03.11 15:28:08 | 000,001,243 | ---- | C] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk [2010.03.11 15:17:37 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.03.11 15:17:36 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.03.11 14:18:49 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.03.11 13:33:54 | 000,009,163 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2010.03.11 13:03:38 | 001,572,864 | -HS- | C] () -- C:\Users\***\NTUSER.DAT [2010.03.11 13:03:38 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.03.11 13:03:38 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.03.11 13:03:38 | 000,262,144 | -HS- | C] () -- C:\Users\***\ntuser.dat.LOG1 [2010.03.11 13:03:38 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.03.11 13:03:38 | 000,000,020 | -HS- | C] () -- C:\Users\***\ntuser.ini [2010.03.11 13:03:38 | 000,000,000 | -HS- | C] () -- C:\Users\***\ntuser.dat.LOG2 [2010.03.11 12:44:28 | 536,322,047 | -HS- | C] () -- C:\hiberfil.sys [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2002.03.21 16:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\UNACEV2.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 240 bytes -> C:\ProgramData\Temp:07C8C7C8 @Alternate Data Stream - 20 bytes -> C:\Users\***\Desktop\PAVARK.exe:License @Alternate Data Stream - 172 bytes -> C:\ProgramData\TempFC5A2B2 @Alternate Data Stream - 143 bytes -> C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).EML:OECustomProperty @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8 < End of report > |
09.04.2010, 15:01 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 - Prof - 64 bit macht sich manchmal selbstständig Log ist sauber. Ist vllt nur Deine Maus oder Tastatur kaputt? Das würde evtl erklären warum sich Menüs von allein öffnen.
__________________ Logfiles bitte immer in CODE-Tags posten |
09.04.2010, 15:04 | #6 | ||||||
| Win 7 - Prof - 64 bit macht sich manchmal selbstständigZitat:
Zitat:
Zitat:
Zitat:
Kann man die Logs hier unterbringen in einer Art 2ten Fenter? Also das nur ein kleiner Ausschnitt zu sehen ist, den man dann dort scrollen kann? Zitat:
Zitat:
|
09.04.2010, 15:06 | #7 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 - Prof - 64 bit macht sich manchmal selbstständigZitat:
Zitat:
(kann eigentlich nicht sein, AFAIR lief die nur bis März 2010)
__________________ Logfiles bitte immer in CODE-Tags posten |
09.04.2010, 15:10 | #8 | |
| Win 7 - Prof - 64 bit macht sich manchmal selbstständigZitat:
Tastatur, schnurgebunden von Typhoon Mouse, Laser, schnurlos Logitech MX 1100 Kann man das nur durch auswechseln testen oder gibt es da noch eine andere Variante? |
09.04.2010, 15:11 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 - Prof - 64 bit macht sich manchmal selbstständig Nö, teste andere Eingabegeräte, anders kann man das IMHO nicht.
__________________ Logfiles bitte immer in CODE-Tags posten |
09.04.2010, 15:12 | #10 | |
| Win 7 - Prof - 64 bit macht sich manchmal selbstständigZitat:
Beta kenne ich in dem Zusammenhang, das etwas noch nicht 100% ausgereift ist oder so. Oder nicht? Bei einer Sicherheitslücke und mit den Problemen dachte schlimmer werden kann es wohl nicht... Habe normales Win 7 |
09.04.2010, 15:14 | #11 |
| Win 7 - Prof - 64 bit macht sich manchmal selbstständig Vielen Dank soweit erst mal, werde mich dann nächste Woche wieder melden - komme am WE zu nichts - also längeres testen. Gruß Stephan |
14.04.2010, 20:05 | #12 |
| Win 7 - Prof - 64 bit macht sich manchmal selbstständig Es war wirklich die Tastatur. Vielen lieben Dank für die Hilfe. (Thread kann geschlossen werden.) |
Themen zu Win 7 - Prof - 64 bit macht sich manchmal selbstständig |
amd athlon, auf einmal, computer, dvd, essentials, fehlermeldung, firefox, folge, frage, free, fritzbox, g-data, hijackthis, hängt, malware, malwarebytes, microsoft, ms security essentials, neue, neue ip, ports, probleme, programm, registry, security, software, sound, trojaner, win 7 64 bit, windows-explorer |