Browser (Firefox,Chrome,...) extrem langsam. Virus, Malware, etc.?

brackig · 20.09.2010, 19:11

Hallo zusammen,

ich habe ein Problem. Meine Browser sind allesamt sehr langsam seit ich vor einer Woch Windows 7 aufgesetzt habe. Meine Vermutung, dass ein Virus der Grund für die Perfomance Probleme ist wurde evtl. durch einen Malwarebytes' Systemcheck bestätigt. Siehe logfile:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20.09.2010 19:45:35
mbam-log-2010-09-20 (19-45-35).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 116197
Laufzeit: 7 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.82,93.188.161.222 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b352f526-7969-4a8f-a62e-4a647ca48c75}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.82,93.188.161.222 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{de7bbe69-16d9-46ab-a43f-2d3894c53f7d}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.82,93.188.161.222 -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Ein Antivir-Systemscan ergab außerdem, dass die Malware:

'TR/Crypt.XPACK.Gen'
'TR/Crypt.PEPM.Gen'

an mehreren Stellen meines Systems gefunden wurde.

Hijackthis bringt das folgende zutage:

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:56:50, on 20.09.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TraXEx\TraXEx.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Malwarebytes' Anti-Malware\malware-bytes.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Marc\Downloads\HiJackThis204 (1).exe
C:\Windows\system32\DllHost.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Logitech . Produktregistrierung.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O4 - Startup: speedfan - Verknüpfung.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: TraXEx 3.3.lnk = C:\Program Files\TraXEx\TraXEx.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: IE-Spuren löschen - {6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - C:\Program Files\TraXEx\Integration\TraXEx Internet Explorer.lnk
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Löschautomat - {8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - C:\Program Files\TraXEx\Integration\TraXEx Löschautomat.lnk
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
 
--
End of file - 8386 bytes

--- --- ---

Ich frage mich nun ob das Problem durch das Löschen der von Malwarebytes gefunden Bazillen gelöst ist oder ob ich insgesamt ein ,möglicherweise durch die Neuinstallation von Windows 7, systemimmanentes Sicherheitsproblem habe. Vielleicht aktive backdoors usw.

Da ich mich leider mit solchen Problemen nicht so gut auskenne hoffe ich nun, dass mir einer aus dem Forum helfen kann. Ich bedanke mich schon mal auch bei denen die mir nicht helfen können, sich aber die Zeit nehmen mein Problem zu lesen.

cosinus · 21.09.2010, 12:12

Zitat:

Datenbank Version: 4052

Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

brackig · 21.09.2010, 13:33

Hallo Arne,

danke für deiner Antwort. Habe heute morgen nochmal einen Vollscan mit vorheriger Aktualisierung durchgeführt. Das ist das logfile:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4660

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

21.09.2010 10:42:31
mbam-log-2010-09-21 (10-42-31).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 131893
Laufzeit: 5 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 21.09.2010, 17:40

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

brackig · 21.09.2010, 18:08

Also OTL ergab:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 21.09.2010 19:03:17 - Run 2
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Marc\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,01 Gb Total Space | 31,65 Gb Free Space | 41,64% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 39,50 Gb Free Space | 27,43% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 68,08 Gb Total Space | 49,05 Gb Free Space | 72,04% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARC-PC
Current User Name: Marc
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Marc\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Users\Marc\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\SpeedFan\speedfan.exe (Almico Software (Almico's Home Page))
PRC - C:\Programme\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Programme\TraXEx\TraXEx.exe (Alexander Miehlke Softwareentwicklung)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Stardock\ObjectDock\ObjectDock.exe (Stardock)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Marc\Downloads\OTL (1).exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Stardock\ObjectDock\DockShellHook.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymSMR130) -- C:\Windows\System32\drivers\SymSMR130.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100921.003\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100921.003\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (vdrvroot) -- C:\Windows\SYSTEM32\DRIVERS\VDRVROOT.SYS (Microsoft Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100901.003\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\system32\drivers\NIS\1201000.025\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\system32\drivers\NIS\1201000.025\SYMNETS.SYS (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1201000.025\Ironx86.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100920.001\IDSvix86.sys (Symantec Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1201000.025\SYMDS.SYS (Symantec Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (SABI) -- C:\Windows\System32\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 13 6D 0E F5 53 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2010.09.21 11:48:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2010.09.21 11:47:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.19 22:28:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.21 15:20:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.09.20 20:15:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.09.21 15:20:24 | 000,000,000 | ---D | M]
 
[2010.09.19 22:28:22 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\mozilla\Extensions
[2010.09.14 12:14:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.09.19 22:28:22 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\m0rv296h.default\extensions
[2010.09.19 22:27:34 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan - Verknüpfung.lnk = C:\Programme\SpeedFan\speedfan.exe (Almico Software (Almico's Home Page))
O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: IE-Spuren löschen - {6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - C:\Program Files\TraXEx\Integration\TraXEx Internet Explorer.lnk ()
O9 - Extra Button: Löschautomat - {8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - C:\Program Files\TraXEx\Integration\TraXEx Löschautomat.lnk ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.21 17:01:02 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Windows Live
[2010.09.21 17:00:04 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2010.09.21 14:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010.09.21 13:20:30 | 000,063,536 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymSMR130.SYS
[2010.09.21 13:08:13 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\NPE
[2010.09.21 11:47:57 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010.09.21 11:47:57 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared
[2010.09.21 11:47:57 | 000,000,000 | ---D | C] -- C:\Programme\Symantec
[2010.09.21 11:47:36 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.sys
[2010.09.21 11:47:36 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.sys
[2010.09.21 11:47:36 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.sys
[2010.09.21 11:47:36 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\symnets.sys
[2010.09.21 11:47:36 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\Ironx86.sys
[2010.09.21 11:47:36 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.sys
[2010.09.21 11:47:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2010.09.21 11:47:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1201000.025
[2010.09.21 11:47:17 | 000,000,000 | ---D | C] -- C:\Programme\Norton Internet Security
[2010.09.21 11:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.09.21 11:47:04 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller
[2010.09.21 11:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.09.21 11:26:15 | 000,032,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VDRVROOT.SYS
[2010.09.20 22:42:17 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Opera
[2010.09.20 22:42:17 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Opera
[2010.09.20 22:42:05 | 000,000,000 | ---D | C] -- C:\Programme\Opera
[2010.09.20 21:07:29 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\SUPERAntiSpyware.com
[2010.09.20 21:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.09.20 21:06:05 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.09.20 20:56:43 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.09.20 18:49:36 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Malwarebytes
[2010.09.20 18:45:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.20 18:45:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.20 18:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.20 18:32:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.20 07:41:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.09.19 22:42:59 | 000,000,000 | ---D | C] -- C:\Programme\TraXEx
[2010.09.19 22:42:39 | 000,000,000 | ---D | C] -- C:\Programme\Kill-ID für Chrome
[2010.09.19 22:27:33 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2010.09.19 18:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.09.19 15:52:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010.09.17 13:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010.09.17 13:51:09 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2010.09.17 13:50:02 | 000,105,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2010.09.17 13:50:02 | 000,064,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapo32v.dll
[2010.09.17 13:50:02 | 000,026,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2010.09.17 13:49:53 | 011,008,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.09.17 13:49:53 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.09.17 13:49:53 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.09.17 13:49:51 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.09.17 13:49:51 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.09.17 13:49:51 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.09.17 13:49:51 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.09.17 13:49:51 | 000,314,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll
[2010.09.17 13:49:49 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.09.17 13:49:49 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1922.dll
[2010.09.17 13:49:49 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010.09.17 13:49:42 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010.09.17 13:46:17 | 000,000,000 | ---D | C] -- C:\Programme\SystemRequirementsLab
[2010.09.17 13:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.09.17 12:53:12 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\skypePM
[2010.09.17 12:52:40 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Skype
[2010.09.17 12:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.09.17 12:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010.09.17 11:47:19 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2010.09.17 11:36:10 | 000,000,000 | ---D | C] -- C:\Programme\Adobe Media Player
[2010.09.17 11:34:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe AIR
[2010.09.17 11:30:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Macrovision Shared
[2010.09.16 22:41:00 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Ashampoo
[2010.09.16 16:32:41 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.09.16 16:30:54 | 000,000,000 | ---D | C] -- C:\Programme\Scan2PDF
[2010.09.16 16:29:53 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\IrfanView
[2010.09.16 16:29:53 | 000,000,000 | ---D | C] -- C:\Programme\IrfanView
[2010.09.16 16:14:37 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.09.15 16:18:45 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\USB
[2010.09.15 16:18:44 | 000,000,000 | R--D | C] -- C:\Users\Marc\Documents\Desktop
[2010.09.15 11:44:04 | 000,000,000 | ---D | C] -- C:\Users\Marc\Application Data
[2010.09.15 09:30:59 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Stardock
[2010.09.15 09:30:58 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Stardock
[2010.09.15 09:30:26 | 000,000,000 | ---D | C] -- C:\Programme\Stardock
[2010.09.15 09:30:26 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Stardock
[2010.09.14 23:59:59 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.09.14 23:59:59 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.09.14 23:59:59 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.09.14 23:55:53 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.09.14 23:47:54 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\BuildAGadget Content
[2010.09.14 23:38:47 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\XWindows Dock
[2010.09.14 23:28:14 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Windows SideBar
[2010.09.14 22:20:23 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\DivX
[2010.09.14 22:15:30 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.09.14 22:15:30 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.09.14 22:15:29 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.09.14 22:15:23 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.09.14 22:15:23 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.09.14 22:15:14 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.09.14 22:14:51 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.09.14 22:14:46 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.09.14 22:14:46 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.09.14 22:14:46 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.09.14 22:14:46 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.09.14 22:14:46 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.09.14 22:14:23 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.09.14 22:14:21 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.09.14 22:14:18 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.09.14 22:14:17 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.09.14 22:14:17 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.09.14 22:14:15 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.09.14 22:14:15 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.09.14 22:14:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.09.14 22:14:11 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.09.14 22:14:11 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.09.14 22:14:11 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.09.14 22:14:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.09.14 22:14:11 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.09.14 22:14:11 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.09.14 22:14:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.09.14 22:14:02 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.09.14 22:14:01 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.09.14 22:14:01 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.09.14 22:14:01 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.09.14 22:14:01 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.09.14 22:14:01 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.09.14 22:14:01 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.09.14 22:14:01 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.09.14 22:14:01 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.09.14 22:13:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.14 22:13:54 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.09.14 22:13:48 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.09.14 22:13:48 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.09.14 22:13:48 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.09.14 22:02:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2010.09.14 22:00:34 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Google
[2010.09.14 22:00:33 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2010.09.14 22:00:27 | 000,000,000 | ---D | C] -- C:\Programme\DivX
[2010.09.14 21:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.09.14 21:51:18 | 000,000,000 | ---D | C] -- C:\Programme\SpeedFan
[2010.09.14 21:44:41 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader
[2010.09.14 21:44:31 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010.09.14 21:44:31 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.09.14 21:44:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.09.14 21:44:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.09.14 21:44:15 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2010.09.14 21:30:07 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Cooliris
[2010.09.14 21:12:21 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN
[2010.09.14 21:12:20 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010.09.14 21:12:20 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010.09.14 21:11:54 | 000,000,000 | ---D | C] -- C:\Programme\Winamp Detect
[2010.09.14 21:11:39 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2010.09.14 21:11:36 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Winamp
[2010.09.14 21:11:36 | 000,000,000 | ---D | C] -- C:\Programme\Winamp
[2010.09.14 21:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WinClon
[2010.09.14 21:04:16 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010.09.14 21:04:10 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.09.14 21:02:31 | 000,345,600 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\Windows\SetLCDStretchMode.exe
[2010.09.14 21:02:20 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010.09.14 21:02:20 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010.09.14 20:47:13 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\ashampoo
[2010.09.14 20:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2010.09.14 20:46:49 | 000,000,000 | ---D | C] -- C:\Programme\Ashampoo
[2010.09.14 19:57:38 | 000,028,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdimon.dll
[2010.09.14 19:56:22 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2010.09.14 19:53:48 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.09.14 19:53:48 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.09.14 19:53:48 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010.09.14 19:51:12 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.09.14 19:35:04 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2010.09.14 18:45:50 | 000,064,000 | ---- | C] (LSI Corporation) -- C:\Windows\System32\agrsmdel.exe
[2010.09.14 18:45:50 | 000,013,824 | ---- | C] (LSI Corporation) -- C:\Windows\System32\agrscoin.dll
[2010.09.14 18:45:37 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2010.09.14 18:44:58 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2010.09.14 18:44:58 | 000,000,000 | ---D | C] -- C:\Programme\Intel
[2010.09.14 16:32:11 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Photographie
[2010.09.14 16:18:21 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Bewerbung Marc Bauersachs
[2010.09.14 16:17:17 | 000,000,000 | R--D | C] -- C:\Users\Marc\Documents\Alte Dokumente
[2010.09.14 16:17:10 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Vanessa
[2010.09.14 16:06:13 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\UNI
[2010.09.14 16:06:13 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Email
[2010.09.14 16:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.09.14 16:02:36 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.09.14 16:01:41 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\LaTex_Projekte
[2010.09.14 15:55:28 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Adobe
[2010.09.14 15:45:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.09.14 15:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010.09.14 15:18:34 | 000,604,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE
[2010.09.14 15:17:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2010.09.14 15:17:32 | 002,754,336 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2010.09.14 15:17:32 | 000,971,264 | ---- | C] (Samsung Electronics Co., LTD) -- C:\Windows\System32\EDSPropPageExt.dll
[2010.09.14 15:17:32 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2010.09.14 15:17:32 | 000,088,064 | ---- | C] (Samsung Electronics Co,. LTD) -- C:\Windows\System32\EDSAPODll.dll
[2010.09.14 15:17:32 | 000,000,000 | -H-D | C] -- C:\Programme\Temp
[2010.09.14 15:17:32 | 000,000,000 | ---D | C] -- C:\Programme\Realtek
[2010.09.14 15:17:31 | 000,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010.09.14 15:11:24 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Leadertech
[2010.09.14 15:11:08 | 000,016,400 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2010.09.14 15:10:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2010.09.14 15:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2010.09.14 15:10:27 | 000,000,000 | ---D | C] -- C:\Programme\Logitech
[2010.09.14 15:09:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\LogiShrd
[2010.09.14 15:09:41 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Logitech
[2010.09.14 15:09:41 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Logishrd
[2010.09.14 14:46:42 | 000,000,000 | ---D | C] -- C:\Programme\Synaptics
[2010.09.14 14:45:09 | 000,000,000 | ---D | C] -- C:\Windows\CU
[2010.09.14 14:43:53 | 000,000,000 | ---D | C] -- C:\Programme\Atheros Client Installation Program
[2010.09.14 14:43:18 | 002,823,680 | ---- | C] (Askey Computer Corporation.) -- C:\Windows\System32\AInst3141.exe
[2010.09.14 14:42:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InstallShield
[2010.09.14 14:40:51 | 000,000,000 | ---D | C] -- C:\Programme\Vimicro Corporation
[2010.09.14 14:40:31 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\InstallShield
[2010.09.14 14:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SAMSUNG
[2010.09.14 14:39:43 | 000,010,752 | ---- | C] (SAMSUNG ELECTRONICS) -- C:\Windows\System32\drivers\SABI.sys
[2010.09.14 14:39:40 | 000,000,000 | -H-D | C] -- C:\Programme\InstallShield Installation Information
[2010.09.14 14:39:40 | 000,000,000 | ---D | C] -- C:\Programme\Samsung
[2010.09.14 12:28:02 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.09.14 12:21:21 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Macromedia
[2010.09.14 12:21:21 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Adobe
[2010.09.14 12:21:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010.09.14 12:14:26 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Thunderbird
[2010.09.14 12:14:26 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Thunderbird
[2010.09.14 12:14:20 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird
[2010.09.14 12:12:50 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Mozilla
[2010.09.14 12:12:49 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Mozilla
[2010.09.14 12:10:00 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.09.14 12:06:54 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Deterministic Networks
[2010.09.14 12:06:53 | 000,000,000 | ---D | C] -- C:\Programme\Cisco Systems
[2010.09.14 12:06:23 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.09.14 11:47:18 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Diagnostics
[2010.09.14 11:42:54 | 000,000,000 | R--D | C] -- C:\Users\Marc\Searches
[2010.09.14 11:42:42 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Identities
[2010.09.14 11:42:40 | 000,000,000 | R--D | C] -- C:\Users\Marc\Contacts
[2010.09.14 11:42:32 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\VirtualStore
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Vorlagen
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\AppData\Local\Verlauf
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\AppData\Local\Temporary Internet Files
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Startmenü
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\SendTo
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Recent
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Netzwerkumgebung
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Lokale Einstellungen
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Documents\Eigene Videos
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Documents\Eigene Musik
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Eigene Dateien
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Documents\Eigene Bilder
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Druckumgebung
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Cookies
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\AppData\Local\Anwendungsdaten
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Anwendungsdaten
[2010.09.14 11:42:28 | 000,000,000 | --SD | C] -- C:\Users\Marc\AppData\Roaming\Microsoft
[2010.09.14 11:42:28 | 000,000,000 | R--D | C] -- C:\Users\Marc\Videos
[2010.09.14 11:42:28 | 000,000,000 | R--D | C] -- C:\Users\Marc\Saved Games
[2010.09.14 11:42:28 | 000,000,000 | R--D | C] -- C:\Users\Marc\Pictures
[2010.09.14 11:42:28 | 000,000,000 | R--D | C] -- C:\Users\Marc\Music
[2010.09.14 11:42:28 | 000,000,000 | R--D | C] -- C:\Users\Marc\Links
[2010.09.14 11:42:28 | 000,000,000 | R--D | C] -- C:\Users\Marc\Favorites
[2010.09.14 11:42:28 | 000,000,000 | R--D | C] -- C:\Users\Marc\Downloads
[2010.09.14 11:42:28 | 000,000,000 | R--D | C] -- C:\Users\Marc\Documents
[2010.09.14 11:42:28 | 000,000,000 | R--D | C] -- C:\Users\Marc\Desktop
[2010.09.14 11:42:28 | 000,000,000 | -H-D | C] -- C:\Users\Marc\AppData
[2010.09.14 11:42:28 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Temp
[2010.09.14 11:42:28 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Microsoft
[2010.09.14 11:42:28 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Media Center Programs
[2010.09.14 11:42:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.09.14 11:42:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.09.14 11:42:19 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.09.14 11:42:19 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.09.14 11:42:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.09.14 11:42:19 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.09.14 11:42:19 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.09.14 11:42:19 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.09.14 11:42:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.09.14 11:42:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.09.14 11:15:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.09.14 11:11:45 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.09.08 16:40:08 | 000,000,000 | ---D | C] -- C:\Downloads
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.21 19:04:39 | 001,310,720 | -HS- | M] () -- C:\Users\Marc\NTUSER.DAT
[2010.09.21 18:34:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1870652309-3662751225-592833481-1000UA.job
[2010.09.21 16:47:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.21 15:23:13 | 000,089,264 | ---- | M] () -- C:\Users\Marc\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.09.21 14:34:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1870652309-3662751225-592833481-1000Core.job
[2010.09.21 13:26:25 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.21 13:26:25 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.21 13:20:49 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\SymSMR130.dat
[2010.09.21 13:20:30 | 000,063,536 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SymSMR130.SYS
[2010.09.21 13:18:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.21 13:18:38 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.21 13:17:25 | 001,336,494 | -H-- | M] () -- C:\Users\Marc\AppData\Local\IconCache.db
[2010.09.21 11:48:12 | 000,955,984 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1201000.025\Cat.DB
[2010.09.21 11:47:57 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010.09.21 11:47:57 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010.09.21 11:47:57 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010.09.21 11:26:15 | 000,032,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VDRVROOT.SYS
[2010.09.21 01:18:46 | 001,498,506 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.21 01:18:46 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.21 01:18:46 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.21 01:18:46 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.21 01:18:46 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.19 22:43:03 | 000,001,061 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TraXEx 3.3.lnk
[2010.09.19 18:47:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010.09.17 13:05:30 | 002,288,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.09.17 12:53:13 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010.09.16 16:13:24 | 000,001,330 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2010.09.15 16:09:39 | 000,000,000 | -H-- | M] () -- C:\Users\Marc\Documents\Default.rdp
[2010.09.15 12:35:03 | 000,000,387 | ---- | M] () -- C:\Windows\win.ini
[2010.09.15 12:33:07 | 000,001,398 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan - Verknüpfung.lnk
[2010.09.15 09:30:59 | 000,002,020 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2010.09.14 21:51:18 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2010.09.14 21:44:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010.09.14 21:44:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.09.14 21:44:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.09.14 21:44:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.09.14 21:01:55 | 000,345,600 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Windows\SetLCDStretchMode.exe
[2010.09.14 19:57:45 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2010.09.14 19:19:52 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2010.09.14 18:45:32 | 000,064,000 | ---- | M] (LSI Corporation) -- C:\Windows\System32\agrsmdel.exe
[2010.09.14 18:45:31 | 000,013,824 | ---- | M] (LSI Corporation) -- C:\Windows\System32\agrscoin.dll
[2010.09.14 16:01:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.09.14 14:46:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010.09.14 14:39:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SABI_01009.Wdf
[2010.09.14 12:09:47 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010.09.14 12:07:52 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2010.09.14 12:06:55 | 000,002,641 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2010.09.14 11:48:57 | 000,524,288 | -HS- | M] () -- C:\Users\Marc\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.09.14 11:48:57 | 000,524,288 | -HS- | M] () -- C:\Users\Marc\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.09.14 11:48:57 | 000,065,536 | -HS- | M] () -- C:\Users\Marc\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.09.14 11:42:29 | 000,000,020 | -HS- | M] () -- C:\Users\Marc\ntuser.ini
[2010.09.14 11:16:24 | 000,057,035 | ---- | M] () -- C:\Windows\System32\license.rtf
 
========== Files Created - No Company Name ==========
 
[2010.09.21 14:29:09 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1870652309-3662751225-592833481-1000UA.job
[2010.09.21 14:29:08 | 000,001,062 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1870652309-3662751225-592833481-1000Core.job
[2010.09.21 13:20:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\SymSMR130.dat
[2010.09.21 11:48:00 | 000,955,984 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\Cat.DB
[2010.09.21 11:47:57 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010.09.21 11:47:57 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010.09.21 11:47:29 | 000,003,373 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.inf
[2010.09.21 11:47:29 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.inf
[2010.09.21 11:47:29 | 000,001,445 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNet.inf
[2010.09.21 11:47:29 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.inf
[2010.09.21 11:47:29 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.inf
[2010.09.21 11:47:29 | 000,000,741 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\Iron.inf
[2010.09.21 11:47:20 | 000,007,446 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNet.cat
[2010.09.21 11:47:20 | 000,007,444 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.cat
[2010.09.21 11:47:20 | 000,007,442 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.cat
[2010.09.21 11:47:20 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.cat
[2010.09.21 11:47:20 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.cat
[2010.09.21 11:47:20 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\iron.cat
[2010.09.21 11:47:20 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\isolate.ini
[2010.09.19 22:43:03 | 000,001,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TraXEx 3.3.lnk
[2010.09.17 13:49:53 | 000,009,596 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010.09.17 12:53:13 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.09.16 16:13:24 | 000,001,330 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2010.09.15 16:09:39 | 000,000,000 | -H-- | C] () -- C:\Users\Marc\Documents\Default.rdp
[2010.09.15 12:32:50 | 000,001,398 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan - Verknüpfung.lnk
[2010.09.15 09:30:59 | 000,002,020 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2010.09.14 21:51:12 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2010.09.14 19:57:45 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.09.14 16:01:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.09.14 14:46:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010.09.14 14:43:18 | 000,001,202 | ---- | C] () -- C:\Windows\System32\WLL3141.cfgx
[2010.09.14 14:39:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SABI_01009.Wdf
[2010.09.14 12:06:55 | 000,002,641 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2010.09.14 12:06:46 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2010.09.14 11:42:29 | 000,524,288 | -HS- | C] () -- C:\Users\Marc\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.09.14 11:42:29 | 000,524,288 | -HS- | C] () -- C:\Users\Marc\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.09.14 11:42:29 | 000,262,144 | -HS- | C] () -- C:\Users\Marc\ntuser.dat.LOG1
[2010.09.14 11:42:29 | 000,065,536 | -HS- | C] () -- C:\Users\Marc\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.09.14 11:42:29 | 000,000,020 | -HS- | C] () -- C:\Users\Marc\ntuser.ini
[2010.09.14 11:42:29 | 000,000,000 | -HS- | C] () -- C:\Users\Marc\ntuser.dat.LOG2
[2010.09.14 11:42:28 | 001,310,720 | -HS- | C] () -- C:\Users\Marc\NTUSER.DAT
[2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009.09.28 09:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
< End of report >

--- --- ---

und dann noch:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 21.09.2010 19:03:18 - Run 2
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Marc\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,01 Gb Total Space | 31,65 Gb Free Space | 41,64% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 39,50 Gb Free Space | 27,43% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 68,08 Gb Total Space | 49,05 Gb Free Space | 72,04% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARC-PC
Current User Name: Marc
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Users\Marc\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp - Kopie.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp - Kopie.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp - Kopie.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX-Setup
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Kill-ID für Chrome_is1" = Kill-ID 1.2.4.0 für Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"NIS" = Norton Internet Security
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock" = ObjectDock
"Scan2PDF_is1" = Scan2PDF 1.6
"SP6" = Logitech SetPoint 6.15
"SpeedFan" = SpeedFan (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TraXEx_is1" = TraXEx 3.3
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.09.2010 14:30:50 | Computer Name = Marc-PC | Source = VSS | ID = 8193
Description = 
 
Error - 20.09.2010 14:31:27 | Computer Name = Marc-PC | Source = VSS | ID = 8193
Description = 
 
Error - 20.09.2010 14:32:39 | Computer Name = Marc-PC | Source = VSS | ID = 8193
Description = 
 
Error - 20.09.2010 16:24:29 | Computer Name = Marc-PC | Source = VSS | ID = 8193
Description = 
 
Error - 20.09.2010 16:41:45 | Computer Name = Marc-PC | Source = VSS | ID = 8193
Description = 
 
Error - 20.09.2010 19:10:50 | Computer Name = Marc-PC | Source = VSS | ID = 8193
Description = 
 
Error - 21.09.2010 04:35:33 | Computer Name = Marc-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000161bb  ID des fehlerhaften
 Prozesses: 0x310  Startzeit der fehlerhaften Anwendung: 0x01cb5967c754c6b9  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 3268b0f3-c55b-11df-ae82-d86da67d42e4
 
Error - 21.09.2010 04:37:38 | Computer Name = Marc-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000161bb  ID des fehlerhaften
 Prozesses: 0x5fc  Startzeit der fehlerhaften Anwendung: 0x01cb59681227a7f6  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 7ce11de6-c55b-11df-ae82-d86da67d42e4
 
Error - 21.09.2010 05:14:56 | Computer Name = Marc-PC | Source = VSS | ID = 8193
Description = 
 
[ System Events ]
Error - 21.09.2010 04:35:14 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.09.2010 04:35:14 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.09.2010 04:35:14 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.09.2010 04:35:14 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.09.2010 04:35:34 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benutzerprofildienst" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 21.09.2010 04:35:34 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 21.09.2010 04:37:34 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart 
des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:   %%1056
 
Error - 21.09.2010 04:37:38 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benutzerprofildienst" wurde unerwartet beendet. Dies ist
 bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 21.09.2010 04:37:38 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
 Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 21.09.2010 07:20:27 | Computer Name = Marc-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
 initialisieren.
 
 
< End of report >

--- --- ---

brackig · 21.09.2010, 18:09

Also OTL ergab:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 21.09.2010 19:03:17 - Run 2
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Marc\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,01 Gb Total Space | 31,65 Gb Free Space | 41,64% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 39,50 Gb Free Space | 27,43% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 68,08 Gb Total Space | 49,05 Gb Free Space | 72,04% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARC-PC
Current User Name: Marc
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Marc\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Users\Marc\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\SpeedFan\speedfan.exe (Almico Software (Almico's Home Page))
PRC - C:\Programme\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Programme\TraXEx\TraXEx.exe (Alexander Miehlke Softwareentwicklung)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Stardock\ObjectDock\ObjectDock.exe (Stardock)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Marc\Downloads\OTL (1).exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Stardock\ObjectDock\DockShellHook.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymSMR130) -- C:\Windows\System32\drivers\SymSMR130.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100921.003\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100921.003\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (vdrvroot) -- C:\Windows\SYSTEM32\DRIVERS\VDRVROOT.SYS (Microsoft Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100901.003\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\system32\drivers\NIS\1201000.025\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\system32\drivers\NIS\1201000.025\SYMNETS.SYS (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1201000.025\Ironx86.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100920.001\IDSvix86.sys (Symantec Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1201000.025\SYMDS.SYS (Symantec Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (SABI) -- C:\Windows\System32\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 13 6D 0E F5 53 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2010.09.21 11:48:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2010.09.21 11:47:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.19 22:28:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.21 15:20:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.09.20 20:15:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.09.21 15:20:24 | 000,000,000 | ---D | M]
 
[2010.09.19 22:28:22 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\mozilla\Extensions
[2010.09.14 12:14:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.09.19 22:28:22 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\m0rv296h.default\extensions
[2010.09.19 22:27:34 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan - Verknüpfung.lnk = C:\Programme\SpeedFan\speedfan.exe (Almico Software (Almico's Home Page))
O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: IE-Spuren löschen - {6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - C:\Program Files\TraXEx\Integration\TraXEx Internet Explorer.lnk ()
O9 - Extra Button: Löschautomat - {8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - C:\Program Files\TraXEx\Integration\TraXEx Löschautomat.lnk ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.21 17:01:02 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Windows Live
[2010.09.21 17:00:04 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2010.09.21 14:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010.09.21 13:20:30 | 000,063,536 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymSMR130.SYS
[2010.09.21 13:08:13 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\NPE
[2010.09.21 11:47:57 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010.09.21 11:47:57 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared
[2010.09.21 11:47:57 | 000,000,000 | ---D | C] -- C:\Programme\Symantec
[2010.09.21 11:47:36 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.sys
[2010.09.21 11:47:36 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.sys
[2010.09.21 11:47:36 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.sys
[2010.09.21 11:47:36 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\symnets.sys
[2010.09.21 11:47:36 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\Ironx86.sys
[2010.09.21 11:47:36 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.sys
[2010.09.21 11:47:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2010.09.21 11:47:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1201000.025
[2010.09.21 11:47:17 | 000,000,000 | ---D | C] -- C:\Programme\Norton Internet Security
[2010.09.21 11:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.09.21 11:47:04 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller
[2010.09.21 11:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.09.21 11:26:15 | 000,032,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VDRVROOT.SYS
[2010.09.20 22:42:17 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Opera
[2010.09.20 22:42:17 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Opera
[2010.09.20 22:42:05 | 000,000,000 | ---D | C] -- C:\Programme\Opera
[2010.09.20 21:07:29 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\SUPERAntiSpyware.com
[2010.09.20 21:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.09.20 21:06:05 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.09.20 20:56:43 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.09.20 18:49:36 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Malwarebytes
[2010.09.20 18:45:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.20 18:45:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.20 18:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.20 18:32:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.20 07:41:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.09.19 22:42:59 | 000,000,000 | ---D | C] -- C:\Programme\TraXEx
[2010.09.19 22:42:39 | 000,000,000 | ---D | C] -- C:\Programme\Kill-ID für Chrome
[2010.09.19 22:27:33 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2010.09.19 18:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.09.19 15:52:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010.09.17 13:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010.09.17 13:51:09 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2010.09.17 13:50:02 | 000,105,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2010.09.17 13:50:02 | 000,064,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapo32v.dll
[2010.09.17 13:50:02 | 000,026,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2010.09.17 13:49:53 | 011,008,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.09.17 13:49:53 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.09.17 13:49:53 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.09.17 13:49:51 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.09.17 13:49:51 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.09.17 13:49:51 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.09.17 13:49:51 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.09.17 13:49:51 | 000,314,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll
[2010.09.17 13:49:49 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.09.17 13:49:49 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1922.dll
[2010.09.17 13:49:49 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010.09.17 13:49:42 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010.09.17 13:46:17 | 000,000,000 | ---D | C] -- C:\Programme\SystemRequirementsLab
[2010.09.17 13:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.09.17 12:53:12 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\skypePM
[2010.09.17 12:52:40 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Skype
[2010.09.17 12:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.09.17 12:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010.09.17 11:47:19 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2010.09.17 11:36:10 | 000,000,000 | ---D | C] -- C:\Programme\Adobe Media Player
[2010.09.17 11:34:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe AIR
[2010.09.17 11:30:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Macrovision Shared
[2010.09.16 22:41:00 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Ashampoo
[2010.09.16 16:32:41 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.09.16 16:30:54 | 000,000,000 | ---D | C] -- C:\Programme\Scan2PDF
[2010.09.16 16:29:53 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\IrfanView
[2010.09.16 16:29:53 | 000,000,000 | ---D | C] -- C:\Programme\IrfanView
[2010.09.16 16:14:37 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.09.15 16:18:45 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\USB
[2010.09.15 16:18:44 | 000,000,000 | R--D | C] -- C:\Users\Marc\Documents\Desktop
[2010.09.15 11:44:04 | 000,000,000 | ---D | C] -- C:\Users\Marc\Application Data
[2010.09.15 09:30:59 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Stardock
[2010.09.15 09:30:58 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Stardock
[2010.09.15 09:30:26 | 000,000,000 | ---D | C] -- C:\Programme\Stardock
[2010.09.15 09:30:26 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Stardock
[2010.09.14 23:59:59 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.09.14 23:59:59 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.09.14 23:59:59 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.09.14 23:55:53 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.09.14 23:47:54 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\BuildAGadget Content
[2010.09.14 23:38:47 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\XWindows Dock
[2010.09.14 23:28:14 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Windows SideBar
[2010.09.14 22:20:23 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\DivX
[2010.09.14 22:15:30 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.09.14 22:15:30 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.09.14 22:15:29 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.09.14 22:15:23 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.09.14 22:15:23 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.09.14 22:15:14 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.09.14 22:14:51 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.09.14 22:14:46 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.09.14 22:14:46 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.09.14 22:14:46 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.09.14 22:14:46 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.09.14 22:14:46 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.09.14 22:14:23 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.09.14 22:14:21 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.09.14 22:14:18 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.09.14 22:14:17 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.09.14 22:14:17 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.09.14 22:14:15 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.09.14 22:14:15 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.09.14 22:14:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.09.14 22:14:11 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.09.14 22:14:11 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.09.14 22:14:11 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.09.14 22:14:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.09.14 22:14:11 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.09.14 22:14:11 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.09.14 22:14:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.09.14 22:14:02 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.09.14 22:14:01 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.09.14 22:14:01 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.09.14 22:14:01 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.09.14 22:14:01 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.09.14 22:14:01 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.09.14 22:14:01 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.09.14 22:14:01 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.09.14 22:14:01 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.09.14 22:13:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.14 22:13:54 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.09.14 22:13:48 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.09.14 22:13:48 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.09.14 22:13:48 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.09.14 22:02:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2010.09.14 22:00:34 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Google
[2010.09.14 22:00:33 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2010.09.14 22:00:27 | 000,000,000 | ---D | C] -- C:\Programme\DivX
[2010.09.14 21:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.09.14 21:51:18 | 000,000,000 | ---D | C] -- C:\Programme\SpeedFan
[2010.09.14 21:44:41 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader
[2010.09.14 21:44:31 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010.09.14 21:44:31 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.09.14 21:44:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.09.14 21:44:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.09.14 21:44:15 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2010.09.14 21:30:07 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Cooliris
[2010.09.14 21:12:21 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN
[2010.09.14 21:12:20 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010.09.14 21:12:20 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010.09.14 21:11:54 | 000,000,000 | ---D | C] -- C:\Programme\Winamp Detect
[2010.09.14 21:11:39 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2010.09.14 21:11:36 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Winamp
[2010.09.14 21:11:36 | 000,000,000 | ---D | C] -- C:\Programme\Winamp
[2010.09.14 21:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WinClon
[2010.09.14 21:04:16 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010.09.14 21:04:10 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.09.14 21:02:31 | 000,345,600 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\Windows\SetLCDStretchMode.exe
[2010.09.14 21:02:20 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010.09.14 21:02:20 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010.09.14 20:47:13 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\ashampoo
[2010.09.14 20:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2010.09.14 20:46:49 | 000,000,000 | ---D | C] -- C:\Programme\Ashampoo
[2010.09.14 19:57:38 | 000,028,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdimon.dll
[2010.09.14 19:56:22 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2010.09.14 19:53:48 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.09.14 19:53:48 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.09.14 19:53:48 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010.09.14 19:51:12 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.09.14 19:35:04 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2010.09.14 18:45:50 | 000,064,000 | ---- | C] (LSI Corporation) -- C:\Windows\System32\agrsmdel.exe
[2010.09.14 18:45:50 | 000,013,824 | ---- | C] (LSI Corporation) -- C:\Windows\System32\agrscoin.dll
[2010.09.14 18:45:37 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2010.09.14 18:44:58 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2010.09.14 18:44:58 | 000,000,000 | ---D | C] -- C:\Programme\Intel
[2010.09.14 16:32:11 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Photographie
[2010.09.14 16:18:21 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Bewerbung Marc Bauersachs
[2010.09.14 16:17:17 | 000,000,000 | R--D | C] -- C:\Users\Marc\Documents\Alte Dokumente
[2010.09.14 16:17:10 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Vanessa
[2010.09.14 16:06:13 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\UNI
[2010.09.14 16:06:13 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Email
[2010.09.14 16:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.09.14 16:02:36 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.09.14 16:01:41 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\LaTex_Projekte
[2010.09.14 15:55:28 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Adobe
[2010.09.14 15:45:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.09.14 15:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010.09.14 15:18:34 | 000,604,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE
[2010.09.14 15:17:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2010.09.14 15:17:32 | 002,754,336 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2010.09.14 15:17:32 | 000,971,264 | ---- | C] (Samsung Electronics Co., LTD) -- C:\Windows\System32\EDSPropPageExt.dll
[2010.09.14 15:17:32 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2010.09.14 15:17:32 | 000,088,064 | ---- | C] (Samsung Electronics Co,. LTD) -- C:\Windows\System32\EDSAPODll.dll
[2010.09.14 15:17:32 | 000,000,000 | -H-D | C] -- C:\Programme\Temp
[2010.09.14 15:17:32 | 000,000,000 | ---D | C] -- C:\Programme\Realtek
[2010.09.14 15:17:31 | 000,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010.09.14 15:11:24 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Leadertech
[2010.09.14 15:11:08 | 000,016,400 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2010.09.14 15:10:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2010.09.14 15:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2010.09.14 15:10:27 | 000,000,000 | ---D | C] -- C:\Programme\Logitech
[2010.09.14 15:09:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\LogiShrd
[2010.09.14 15:09:41 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Logitech
[2010.09.14 15:09:41 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Logishrd
[2010.09.14 14:46:42 | 000,000,000 | ---D | C] -- C:\Programme\Synaptics
[2010.09.14 14:45:09 | 000,000,000 | ---D | C] -- C:\Windows\CU
[2010.09.14 14:43:53 | 000,000,000 | ---D | C] -- C:\Programme\Atheros Client Installation Program
[2010.09.14 14:43:18 | 002,823,680 | ---- | C] (Askey Computer Corporation.) -- C:\Windows\System32\AInst3141.exe
[2010.09.14 14:42:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InstallShield
[2010.09.14 14:40:51 | 000,000,000 | ---D | C] -- C:\Programme\Vimicro Corporation
[2010.09.14 14:40:31 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\InstallShield
[2010.09.14 14:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SAMSUNG
[2010.09.14 14:39:43 | 000,010,752 | ---- | C] (SAMSUNG ELECTRONICS) -- C:\Windows\System32\drivers\SABI.sys
[2010.09.14 14:39:40 | 000,000,000 | -H-D | C] -- C:\Programme\InstallShield Installation Information
[2010.09.14 14:39:40 | 000,000,000 | ---D | C] -- C:\Programme\Samsung
[2010.09.14 12:28:02 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.09.14 12:21:21 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Macromedia
[2010.09.14 12:21:21 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Adobe
[2010.09.14 12:21:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010.09.14 12:14:26 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Thunderbird
[2010.09.14 12:14:26 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Thunderbird
[2010.09.14 12:14:20 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird
[2010.09.14 12:12:50 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Mozilla
[2010.09.14 12:12:49 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Mozilla
[2010.09.14 12:10:00 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.09.14 12:06:54 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Deterministic Networks
[2010.09.14 12:06:53 | 000,000,000 | ---D | C] -- C:\Programme\Cisco Systems
[2010.09.14 12:06:23 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.09.14 11:47:18 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Diagnostics
[2010.09.14 11:42:54 | 000,000,000 | R--D | C] -- C:\Users\Marc\Searches
[2010.09.14 11:42:42 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Identities
[2010.09.14 11:42:40 | 000,000,000 | R--D | C] -- C:\Users\Marc\Contacts
[2010.09.14 11:42:32 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\VirtualStore
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Vorlagen
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\AppData\Local\Verlauf
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\AppData\Local\Temporary Internet Files
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Startmenü
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\SendTo
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Recent
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Netzwerkumgebung
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Lokale Einstellungen
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Documents\Eigene Videos
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Documents\Eigene Musik
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Eigene Dateien
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Documents\Eigene Bilder
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Druckumgebung
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Cookies
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\AppData\Local\Anwendungsdaten
[2010.09.14 11:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Marc\Anwendungsdaten
[2010.09.14 11:42:28 | 000,000,000 | --SD | C] -- C:\Users\Marc\AppData\Roaming\Microsoft
[2010.09.14 11:42:28 | 000,000,000 | R--D | C] -- C:\Users\Marc\Videos
[2010.09.14 11:42:28 | 000,000,000 | R--D | C] -- C:\Users\Marc\Saved Games
[2010.09.14 11:42:28 | 000,000,000 | R--D | C] -- C:\Users\Marc\Pictures
[2010.09.14 11:42:28 | 000,000,000 | R--D | C] -- C:\Users\Marc\Music
[2010.09.14 11:42:28 | 000,000,000 | R--D | C] -- C:\Users\Marc\Links
[2010.09.14 11:42:28 | 000,000,000 | R--D | C] -- C:\Users\Marc\Favorites
[2010.09.14 11:42:28 | 000,000,000 | R--D | C] -- C:\Users\Marc\Downloads
[2010.09.14 11:42:28 | 000,000,000 | R--D | C] -- C:\Users\Marc\Documents
[2010.09.14 11:42:28 | 000,000,000 | R--D | C] -- C:\Users\Marc\Desktop
[2010.09.14 11:42:28 | 000,000,000 | -H-D | C] -- C:\Users\Marc\AppData
[2010.09.14 11:42:28 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Temp
[2010.09.14 11:42:28 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Microsoft
[2010.09.14 11:42:28 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Media Center Programs
[2010.09.14 11:42:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.09.14 11:42:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.09.14 11:42:19 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.09.14 11:42:19 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.09.14 11:42:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.09.14 11:42:19 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.09.14 11:42:19 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.09.14 11:42:19 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.09.14 11:42:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.09.14 11:42:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.09.14 11:15:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.09.14 11:11:45 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.09.08 16:40:08 | 000,000,000 | ---D | C] -- C:\Downloads
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.21 19:04:39 | 001,310,720 | -HS- | M] () -- C:\Users\Marc\NTUSER.DAT
[2010.09.21 18:34:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1870652309-3662751225-592833481-1000UA.job
[2010.09.21 16:47:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.21 15:23:13 | 000,089,264 | ---- | M] () -- C:\Users\Marc\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.09.21 14:34:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1870652309-3662751225-592833481-1000Core.job
[2010.09.21 13:26:25 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.21 13:26:25 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.21 13:20:49 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\SymSMR130.dat
[2010.09.21 13:20:30 | 000,063,536 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SymSMR130.SYS
[2010.09.21 13:18:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.21 13:18:38 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.21 13:17:25 | 001,336,494 | -H-- | M] () -- C:\Users\Marc\AppData\Local\IconCache.db
[2010.09.21 11:48:12 | 000,955,984 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1201000.025\Cat.DB
[2010.09.21 11:47:57 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010.09.21 11:47:57 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010.09.21 11:47:57 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010.09.21 11:26:15 | 000,032,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VDRVROOT.SYS
[2010.09.21 01:18:46 | 001,498,506 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.21 01:18:46 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.21 01:18:46 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.21 01:18:46 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.21 01:18:46 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.19 22:43:03 | 000,001,061 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TraXEx 3.3.lnk
[2010.09.19 18:47:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010.09.17 13:05:30 | 002,288,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.09.17 12:53:13 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010.09.16 16:13:24 | 000,001,330 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2010.09.15 16:09:39 | 000,000,000 | -H-- | M] () -- C:\Users\Marc\Documents\Default.rdp
[2010.09.15 12:35:03 | 000,000,387 | ---- | M] () -- C:\Windows\win.ini
[2010.09.15 12:33:07 | 000,001,398 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan - Verknüpfung.lnk
[2010.09.15 09:30:59 | 000,002,020 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2010.09.14 21:51:18 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2010.09.14 21:44:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010.09.14 21:44:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.09.14 21:44:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.09.14 21:44:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.09.14 21:01:55 | 000,345,600 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Windows\SetLCDStretchMode.exe
[2010.09.14 19:57:45 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2010.09.14 19:19:52 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2010.09.14 18:45:32 | 000,064,000 | ---- | M] (LSI Corporation) -- C:\Windows\System32\agrsmdel.exe
[2010.09.14 18:45:31 | 000,013,824 | ---- | M] (LSI Corporation) -- C:\Windows\System32\agrscoin.dll
[2010.09.14 16:01:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.09.14 14:46:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010.09.14 14:39:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SABI_01009.Wdf
[2010.09.14 12:09:47 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010.09.14 12:07:52 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2010.09.14 12:06:55 | 000,002,641 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2010.09.14 11:48:57 | 000,524,288 | -HS- | M] () -- C:\Users\Marc\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.09.14 11:48:57 | 000,524,288 | -HS- | M] () -- C:\Users\Marc\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.09.14 11:48:57 | 000,065,536 | -HS- | M] () -- C:\Users\Marc\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.09.14 11:42:29 | 000,000,020 | -HS- | M] () -- C:\Users\Marc\ntuser.ini
[2010.09.14 11:16:24 | 000,057,035 | ---- | M] () -- C:\Windows\System32\license.rtf
 
========== Files Created - No Company Name ==========
 
[2010.09.21 14:29:09 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1870652309-3662751225-592833481-1000UA.job
[2010.09.21 14:29:08 | 000,001,062 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1870652309-3662751225-592833481-1000Core.job
[2010.09.21 13:20:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\SymSMR130.dat
[2010.09.21 11:48:00 | 000,955,984 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\Cat.DB
[2010.09.21 11:47:57 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010.09.21 11:47:57 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010.09.21 11:47:29 | 000,003,373 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.inf
[2010.09.21 11:47:29 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.inf
[2010.09.21 11:47:29 | 000,001,445 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNet.inf
[2010.09.21 11:47:29 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.inf
[2010.09.21 11:47:29 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.inf
[2010.09.21 11:47:29 | 000,000,741 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\Iron.inf
[2010.09.21 11:47:20 | 000,007,446 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNet.cat
[2010.09.21 11:47:20 | 000,007,444 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.cat
[2010.09.21 11:47:20 | 000,007,442 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.cat
[2010.09.21 11:47:20 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.cat
[2010.09.21 11:47:20 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.cat
[2010.09.21 11:47:20 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\iron.cat
[2010.09.21 11:47:20 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\isolate.ini
[2010.09.19 22:43:03 | 000,001,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TraXEx 3.3.lnk
[2010.09.17 13:49:53 | 000,009,596 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010.09.17 12:53:13 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.09.16 16:13:24 | 000,001,330 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2010.09.15 16:09:39 | 000,000,000 | -H-- | C] () -- C:\Users\Marc\Documents\Default.rdp
[2010.09.15 12:32:50 | 000,001,398 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan - Verknüpfung.lnk
[2010.09.15 09:30:59 | 000,002,020 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2010.09.14 21:51:12 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2010.09.14 19:57:45 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.09.14 16:01:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.09.14 14:46:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010.09.14 14:43:18 | 000,001,202 | ---- | C] () -- C:\Windows\System32\WLL3141.cfgx
[2010.09.14 14:39:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SABI_01009.Wdf
[2010.09.14 12:06:55 | 000,002,641 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2010.09.14 12:06:46 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2010.09.14 11:42:29 | 000,524,288 | -HS- | C] () -- C:\Users\Marc\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.09.14 11:42:29 | 000,524,288 | -HS- | C] () -- C:\Users\Marc\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.09.14 11:42:29 | 000,262,144 | -HS- | C] () -- C:\Users\Marc\ntuser.dat.LOG1
[2010.09.14 11:42:29 | 000,065,536 | -HS- | C] () -- C:\Users\Marc\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.09.14 11:42:29 | 000,000,020 | -HS- | C] () -- C:\Users\Marc\ntuser.ini
[2010.09.14 11:42:29 | 000,000,000 | -HS- | C] () -- C:\Users\Marc\ntuser.dat.LOG2
[2010.09.14 11:42:28 | 001,310,720 | -HS- | C] () -- C:\Users\Marc\NTUSER.DAT
[2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009.09.28 09:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
< End of report >

--- --- ---

und dann noch:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 21.09.2010 19:03:18 - Run 2
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Marc\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,01 Gb Total Space | 31,65 Gb Free Space | 41,64% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 39,50 Gb Free Space | 27,43% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 68,08 Gb Total Space | 49,05 Gb Free Space | 72,04% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARC-PC
Current User Name: Marc
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Users\Marc\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp - Kopie.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp - Kopie.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp - Kopie.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX-Setup
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Kill-ID für Chrome_is1" = Kill-ID 1.2.4.0 für Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"NIS" = Norton Internet Security
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock" = ObjectDock
"Scan2PDF_is1" = Scan2PDF 1.6
"SP6" = Logitech SetPoint 6.15
"SpeedFan" = SpeedFan (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TraXEx_is1" = TraXEx 3.3
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.09.2010 14:30:50 | Computer Name = Marc-PC | Source = VSS | ID = 8193
Description = 
 
Error - 20.09.2010 14:31:27 | Computer Name = Marc-PC | Source = VSS | ID = 8193
Description = 
 
Error - 20.09.2010 14:32:39 | Computer Name = Marc-PC | Source = VSS | ID = 8193
Description = 
 
Error - 20.09.2010 16:24:29 | Computer Name = Marc-PC | Source = VSS | ID = 8193
Description = 
 
Error - 20.09.2010 16:41:45 | Computer Name = Marc-PC | Source = VSS | ID = 8193
Description = 
 
Error - 20.09.2010 19:10:50 | Computer Name = Marc-PC | Source = VSS | ID = 8193
Description = 
 
Error - 21.09.2010 04:35:33 | Computer Name = Marc-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000161bb  ID des fehlerhaften
 Prozesses: 0x310  Startzeit der fehlerhaften Anwendung: 0x01cb5967c754c6b9  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 3268b0f3-c55b-11df-ae82-d86da67d42e4
 
Error - 21.09.2010 04:37:38 | Computer Name = Marc-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000161bb  ID des fehlerhaften
 Prozesses: 0x5fc  Startzeit der fehlerhaften Anwendung: 0x01cb59681227a7f6  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 7ce11de6-c55b-11df-ae82-d86da67d42e4
 
Error - 21.09.2010 05:14:56 | Computer Name = Marc-PC | Source = VSS | ID = 8193
Description = 
 
[ System Events ]
Error - 21.09.2010 04:35:14 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.09.2010 04:35:14 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.09.2010 04:35:14 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.09.2010 04:35:14 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.09.2010 04:35:34 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benutzerprofildienst" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 21.09.2010 04:35:34 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 21.09.2010 04:37:34 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart 
des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:   %%1056
 
Error - 21.09.2010 04:37:38 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benutzerprofildienst" wurde unerwartet beendet. Dies ist
 bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 21.09.2010 04:37:38 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
 Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 21.09.2010 07:20:27 | Computer Name = Marc-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
 initialisieren.
 
 
< End of report >

--- --- ---

cosinus · 22.09.2010, 07:14

Zitat:

O4 - HKLM..\Run: [AdobeCS4ServiceManager]

gewerblich genutzter PC? So eine CS4-Suite ist im Privatbereich unüblich.

brackig · 22.09.2010, 09:06

Zitat:

Zitat von cosinus

gewerblich genutzter PC? So eine CS4-Suite ist im Privatbereich unüblich.

Jepp! Wird privat und gewerblich an der Uni genutzt. Wieso?

Danke und Gruss
Marc

cosinus · 22.09.2010, 12:04

Weil die Lizenzen sauteuer sind und sowas dann gern illegal gecrackt genutzt wird.

brackig · 22.09.2010, 12:55

Verstehe. Weiß zwar nicht was das mit meinem Problem zu tun hat aber gut.

Ich habe jetzt meine Maschine mit CCleaner aufgeräumt und SUPERAntiSpyware laufen lassen. Ergab: Keine Funde. Auch norton internet security 2011 findet nichts mehr. Meine browser laufen auch wieder ganz normal. Lag das jetzt an denen?

Zitat:

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.82,93.188.161.222 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b352f526-7969-4a8f-a62e-4a647ca48c75}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.82,93.188.161.222 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{de7bbe69-16d9-46ab-a43f-2d3894c53f7d}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.82,93.188.161.222 -> Quarantined and deleted successfully.

Zu meiner frage mit den aktiven backdoors. Kannst du an den OTL bzw. HJT logs was erkennen? Wie gesagt kenne mich da nicht aus und möchte ausschließen, das da was nicht in Ordnung ist.

Viele Grüße
Marc

cosinus · 22.09.2010, 13:23

Zitat:

. Weiß zwar nicht was das mit meinem Problem zu tun hat aber gut.

Na, Cracks sind illegal und meistens verseucht. Sehr oft kommt die Infektion durch ein Keygen oder Crack sofern sowas ausgeführt wurde. Da im TB illegale Software nicht toleriert wird, wird nur noch auf FORMAT C hingewiesen. Aber Du hast ja kein Crack/Keygen ausgeführt, oder?

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

22.09.2010, 12:04	#9
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Browser (Firefox,Chrome,...) extrem langsam. Virus, Malware, etc.? Weil die Lizenzen sauteuer sind und sowas dann gern illegal gecrackt genutzt wird. __________________ Logfiles bitte immer in CODE-Tags posten

Browser (Firefox,Chrome,...) extrem langsam. Virus, Malware, etc.?

Plagegeister aller Art und deren Bekämpfung: Browser (Firefox,Chrome,...) extrem langsam. Virus, Malware, etc.?