![]() |
Plagegeister aller Art und deren Bekämpfung: System Langsam,Firefox öffnet falsche seiten,incredimail ruft gelöschte mails abWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
![]() | #1 |
![]() | ![]() System Langsam,Firefox öffnet falsche seiten,incredimail ruft gelöschte mails ab Hallo, Ich bin neu hier, stelle mich daher kurz einmal vor. Bin gelernter Kfz-Mechaniker, arbeite aber seit ein paar jahren als Kraftfahrer und komme aus dem schönen S-H. So nun zu meinem Problem. und zwar wenn ich jetzt was suche über firefox zb. informationen über trojaner oder rezepte..... und ich direkt auf das such ergebniss klicke öffnen sich immer andere seiten zb. fuckbook.com usw. kopiere ich aber den link öfffnen sich die gewünschten seiten. bei incredi mail ruft er seit kurzen emails ab, die ich schon seit ewigkeiten gelöscht habe. auch beim provider. ich habe schon gegoogelt und hier die suche benutzt aber leider nichts vergleichbares gefunden. habe schon den kaspersky online scanner benutzt dort hat er ein paar sachen gefunden,daraufhin habe ich mir die kaspersky security suite gekauft dort fand er die gleichen sachen die ich neutralisieren lies. leider ohne erfolg die fehler bestehen weiterhin ich hoffe ihr könnt mir helfen in dieser sache. hier mal der log und der von otl:OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.10.2010 00:28:17 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Torben\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 5,00 Gb Paging File | 3,00 Gb Available in Paging File | 58,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,16 Gb Total Space | 10,96 Gb Free Space | 11,64% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 294,48 Gb Free Space | 63,23% Space Free | Partition Type: NTFS Drive E: | 362,71 Gb Total Space | 4,65 Gb Free Space | 1,28% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) PRC - C:\Program Files\IncrediMail\bin\ImApp.exe (IncrediMail, Ltd.) PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtblfs.exe (Kaspersky Lab) PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software) PRC - C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\ElsaWin\bin\VSGate.exe (Volkswagen AG) PRC - C:\ElsaWin\bin\LcSvrAdm.exe (Volkswagen AG) PRC - C:\ElsaWin\bin\LcSvrHis.exe (Volkswagen AG) PRC - C:\ElsaWin\bin\LcSvrSaz.exe (Volkswagen AG) PRC - C:\ElsaWin\bin\LcSvrAuf.exe (Volkswagen AG) PRC - C:\ElsaWin\bin\LcSvrPas.exe (Volkswagen AG) PRC - C:\ElsaWin\bin\LcSvrDba.exe (Volkswagen AG) PRC - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) PRC - C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe () PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Launch Manager\WisKeyState.exe (Wistron Corp.) PRC - C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Program Files\Common Files\AVerMedia\FTS RecAssist\AVerHIDReceiver.exe () PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) PRC - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Program Files\Launch Manager\OSDCtrl.exe () PRC - D:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe () PRC - C:\Windows\System32\RMIServerManager.exe () PRC - C:\Program Files\Launch Manager\LaunchAp.exe () PRC - C:\Windows\System32\BeepApp.exe () PRC - C:\Program Files\AMD\RAIDXpert\_jvm\bin\java.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\PestPatrol\CookiePatrol.exe (Computer Associates International) PRC - C:\Program Files\PestPatrol\PPControl.exe (Computer Associates International) PRC - C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe () PRC - C:\Program Files\PestPatrol\PPMemCheck.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Torben\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Roxio UPnP Renderer 11) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe File not found SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe File not found SRV - (AMDRAIDXpert) -- C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe -s raidxpert.wrapper.conf File not found SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab) SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (RoxWatch12) -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe (Sonic Solutions) SRV - (RoxMediaDB12) -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe (Sonic Solutions) SRV - (VSGate) -- C:\ElsaWin\bin\VSGate.exe (Volkswagen AG) SRV - (LcSvrAdm) -- C:\ElsaWin\bin\LcSvrAdm.exe (Volkswagen AG) SRV - (LcSvrHis) -- C:\ElsaWin\bin\LcSvrHis.exe (Volkswagen AG) SRV - (LcSvrSaz) -- C:\ElsaWin\bin\LcSvrSaz.exe (Volkswagen AG) SRV - (LcSvrAuf) -- C:\ElsaWin\bin\LcSvrAuf.exe (Volkswagen AG) SRV - (LcSvrPAS) -- C:\ElsaWin\bin\LcSvrPas.exe (Volkswagen AG) SRV - (LcSvrDba) -- C:\ElsaWin\bin\LcSvrDba.exe (Volkswagen AG) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AVerRemote) -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (AVerScheduleService) -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe () SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies) SRV - (PnkBstrA) -- D:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\MAGIX\Common\Database\bin\fbserver.exe (The Firebird Project) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (SSHDRV86) -- C:\Windows\System32\drivers\SSHDRV86.sys () DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (AVerAF15) -- C:\Windows\System32\drivers\AVerAF15.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (c2scsi) -- C:\Windows\System32\drivers\C2SCSI.SYS (Sonic Solutions) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (LVUVC) 1.3 MP Webcam(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logitech Inc.) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.) DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (Huawei) -- C:\Windows\System32\drivers\ewdcsc.sys (Huawei Tech. Co., Ltd.) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (drhard) -- C:\Windows\System32\drivers\drhard.sys (Licensed for Gebhard Software) DRV - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (Cinemsup) -- C:\Windows\System32\drivers\cinemsup.sys (Sonic Solutions) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de" FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}: FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru: FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.20100123 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100924 FF - prefs.js..keyword.URL: "hxxp://mystart.magentic.com/?loc=FF_Magentic_AddressBar&search=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: d:\Program Files\Mozilla Firefox\components [2010.07.29 12:12:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: d:\Program Files\Mozilla Firefox\plugins [2010.08.21 12:52:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.18 18:40:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.18 18:40:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2010.10.07 21:40:07 | 000,000,000 | ---D | M] [2009.05.10 12:37:15 | 000,000,000 | ---D | M] -- C:\Users\Torben\AppData\Roaming\mozilla\Extensions [2009.05.10 12:37:15 | 000,000,000 | ---D | M] -- C:\Users\Torben\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010.10.08 14:29:18 | 000,000,000 | ---D | M] -- C:\Users\Torben\AppData\Roaming\mozilla\Firefox\Profiles\jwq6qcfq.default\extensions [2010.05.01 16:01:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Torben\AppData\Roaming\mozilla\Firefox\Profiles\jwq6qcfq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.02.09 18:33:03 | 000,000,000 | ---D | M] (MidnightFox) -- C:\Users\Torben\AppData\Roaming\mozilla\Firefox\Profiles\jwq6qcfq.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8} [2010.07.25 04:43:57 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Torben\AppData\Roaming\mozilla\Firefox\Profiles\jwq6qcfq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010.06.27 12:49:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben\AppData\Roaming\mozilla\Firefox\Profiles\jwq6qcfq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.10.01 01:51:59 | 000,000,000 | ---D | M] -- C:\Users\Torben\AppData\Roaming\mozilla\Firefox\Profiles\jwq6qcfq.default\extensions\nasanightlaunch@example.com [2010.09.12 21:23:44 | 000,000,000 | ---D | M] -- C:\Users\Torben\AppData\Roaming\mozilla\Firefox\Profiles\jwq6qcfq.default\extensions\personas@christopher.beard [2010.02.09 18:33:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben\AppData\Roaming\mozilla\Firefox\Profiles\jwq6qcfq.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions [2010.02.09 18:33:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben\AppData\Roaming\mozilla\Firefox\Profiles\jwq6qcfq.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions\CVS [2010.06.20 19:07:19 | 000,002,149 | ---- | M] () -- C:\Users\Torben\AppData\Roaming\Mozilla\FireFox\Profiles\jwq6qcfq.default\searchplugins\MyStart Search.xml [2010.10.07 21:40:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.08.28 00:57:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.07 21:40:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.06 11:16:24 | 000,412,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: www.Brenz.pl O1 - Hosts: localhost O1 - Hosts: ::1 localhost O1 - Hosts: www.007guard.com O1 - Hosts: 007guard.com O1 - Hosts: 008i.com O1 - Hosts: www.008k.com O1 - Hosts: 008k.com O1 - Hosts: www.00hq.com O1 - Hosts: 00hq.com O1 - Hosts: 010402.com O1 - Hosts: www.032439.com O1 - Hosts: 032439.com O1 - Hosts: www.0scan.com O1 - Hosts: 0scan.com O1 - Hosts: 1000gratisproben.com O1 - Hosts: www.1000gratisproben.com O1 - Hosts: 1001namen.com O1 - Hosts: www.1001namen.com O1 - Hosts: 100888290cs.com O1 - Hosts: www.100888290cs.com O1 - Hosts: www.100sexlinks.com O1 - Hosts: 100sexlinks.com O1 - Hosts: 10sek.com O1 - Hosts: www.10sek.com O1 - Hosts: 14264 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [CookiePatrol] C:\Program Files\PestPatrol\CookiePatrol.exe (Computer Associates International) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [FSCRecovery] c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe () O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe (Computer Associates International) O4 - HKLM..\Run: [PPMemCheck] C:\Program Files\PestPatrol\PPMemCheck.exe () O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe (Sonic Solutions) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [WisKeyState] C:\Program Files\Launch Manager\WisKeyState.exe (Wistron Corp.) O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: ccemf = C:\Windows\TEMP\egl1ds.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: e5u1 = C:\Windows\TEMP\ydut.exe File not found O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Torben\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB (FixItClient Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiprot.dll (TODO: <Company name>) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O24 - Desktop WallPaper: C:\Users\Torben\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Torben\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1e89e549-957d-11df-9de1-001f160de490}\Shell - "" = AutoRun O33 - MountPoints2\{1e89e549-957d-11df-9de1-001f160de490}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{1e89e56b-957d-11df-9de1-001f160de490}\Shell - "" = AutoRun O33 - MountPoints2\{1e89e56b-957d-11df-9de1-001f160de490}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{27d2f089-1bbd-11df-a519-001f160de490}\Shell - "" = AutoRun O33 - MountPoints2\{27d2f089-1bbd-11df-a519-001f160de490}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{785e5ebd-3d47-11de-ac38-001f160de490}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe -- File not found O33 - MountPoints2\{7bf07222-387d-11de-9cdf-001f160de490}\Shell - "" = AutoRun O33 - MountPoints2\{7bf07222-387d-11de-9cdf-001f160de490}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{7bf07260-387d-11de-9cdf-001f160de490}\Shell - "" = AutoRun O33 - MountPoints2\{7bf07260-387d-11de-9cdf-001f160de490}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{b2923e21-94af-11df-8d08-001f160de490}\Shell - "" = AutoRun O33 - MountPoints2\{b2923e21-94af-11df-8d08-001f160de490}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{b2923e22-94af-11df-8d08-001f160de490}\Shell - "" = AutoRun O33 - MountPoints2\{b2923e22-94af-11df-8d08-001f160de490}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{e513420b-9e84-11df-abf8-001f160de490}\Shell - "" = AutoRun O33 - MountPoints2\{e513420b-9e84-11df-abf8-001f160de490}\Shell\AutoRun\command - "" = H:\Startme.exe -- File not found O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.09 00:24:58 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\Torben\Desktop\OTL.exe [2010.10.07 21:55:50 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2010.10.07 21:55:50 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2010.10.07 21:55:50 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll [2010.10.07 21:55:50 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2010.10.07 21:55:49 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [2010.10.07 21:55:49 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll [2010.10.07 21:55:49 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll [2010.10.07 21:55:49 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll [2010.10.07 21:55:49 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2010.10.07 21:55:49 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll [2010.10.07 21:55:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll [2010.10.07 21:55:48 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll [2010.10.07 21:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2010.10.07 21:39:34 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2010.10.07 21:39:17 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2010.10.06 17:33:41 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010.10.06 14:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AntiSpyInfo [2010.10.06 14:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Anti-Spy.Info [2010.10.03 13:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Left 4 Dead 2 [2010.09.27 02:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\COMPUTER BILD [2010.09.23 12:29:24 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys [2010.09.23 12:29:00 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll [2010.09.23 12:29:00 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys [2010.09.23 12:28:59 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys [2010.09.23 12:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson [2010.09.22 01:55:27 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll [2010.09.22 01:55:26 | 004,361,216 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys [2010.09.22 01:55:26 | 000,290,816 | ---- | C] (AMD) -- C:\Windows\System32\atieclxx.exe [2010.09.22 01:55:26 | 000,180,224 | ---- | C] (AMD) -- C:\Windows\System32\atiesrxx.exe [2010.09.22 01:55:25 | 011,520,000 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\atioglxx.dll [2010.09.22 01:55:25 | 004,950,528 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdva.dll [2010.09.22 01:55:25 | 003,837,440 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdag.dll [2010.09.22 01:55:25 | 003,272,704 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticaldd.dll [2010.09.22 01:55:25 | 002,381,312 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atidxx32.dll [2010.09.22 01:55:25 | 000,348,160 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll [2010.09.22 01:55:25 | 000,274,432 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll [2010.09.22 01:55:25 | 000,151,552 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiadlxx.dll [2010.09.22 01:55:25 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atibtmon.exe [2010.09.22 01:55:25 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll [2010.09.22 01:55:25 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalrt.dll [2010.09.22 01:55:25 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalcl.dll [2010.09.22 01:55:25 | 000,051,712 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atimpc32.dll [2010.09.22 01:55:25 | 000,051,712 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll [2010.09.22 01:55:25 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll [2010.09.22 01:55:25 | 000,011,776 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll [2010.09.22 01:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2010.09.22 01:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\AMD [2010.09.22 01:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2010.09.22 01:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2010.09.22 01:36:46 | 000,000,000 | ---D | C] -- C:\ATI [2010.09.22 00:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2010.09.21 21:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Bagger-Simulator 2011 [2010.09.21 21:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bagger-Simulator 2011 [2010.09.21 19:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2010.09.21 19:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010.09.21 19:07:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010.09.21 15:44:33 | 000,000,000 | ---D | C] -- C:\Users\Torben\AppData\Local\HP [2010.09.15 21:20:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32 [2010.09.15 19:23:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TOIGeldplaner2008 [2010.09.15 19:23:51 | 000,000,000 | ---D | C] -- C:\Users\Torben\AppData\Local\Die GeldPlaner Einstellungen [2010.09.15 19:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Die GeldPlaner Einstellungen [2010.09.15 19:23:51 | 000,000,000 | ---D | C] -- C:\Users\Torben\Documents\Die GeldPlaner Daten [2010.09.15 19:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\metier2000Apps [2010.09.15 19:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\métier 2000 - Softwareentwicklung GmbH [2010.09.12 13:14:01 | 000,000,000 | ---D | C] -- C:\Extracted [2010.09.11 13:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\Zombie Driver [2010.09.11 04:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.09 00:33:34 | 008,912,896 | ---- | M] () -- C:\Users\Torben\NTUSER.DAT [2010.10.09 00:25:22 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Torben\Desktop\OTL.exe [2010.10.09 00:11:09 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.09 00:11:09 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.09 00:00:03 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.10.08 23:26:26 | 000,210,944 | ---- | M] () -- C:\Users\Torben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.08 20:15:01 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.10.08 20:15:01 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.08 20:15:01 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.08 20:15:01 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.08 20:15:01 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.08 17:04:05 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{071409C0-FF9F-43E2-AEF3-DCF95CC02DAF}.job [2010.10.08 10:10:34 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile [2010.10.08 10:10:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.10.08 10:10:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.08 10:10:05 | 000,173,576 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\System32\drivers\ahcix86s.sys [2010.10.08 10:09:18 | 000,524,288 | -HS- | M] () -- C:\Users\Torben\NTUSER.DAT{6bba3e28-c687-11df-95dc-001f160de490}.TMContainer00000000000000000001.regtrans-ms [2010.10.08 10:09:18 | 000,065,536 | -HS- | M] () -- C:\Users\Torben\NTUSER.DAT{6bba3e28-c687-11df-95dc-001f160de490}.TM.blf [2010.10.08 10:08:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.10.08 10:04:51 | 003,717,297 | -H-- | M] () -- C:\Users\Torben\AppData\Local\IconCache.db [2010.10.07 21:57:51 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2010.10.07 21:57:51 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2010.10.07 21:39:17 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2010.10.06 12:04:41 | 000,748,073 | ---- | M] () -- C:\Users\Torben\Desktop\Scannen0001.jpg [2010.10.06 12:00:15 | 000,008,766 | ---- | M] () -- C:\Users\Torben\Documents\Treuhand Heinz Jürgen.xlsx [2010.10.06 11:29:15 | 181,492,710 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.10.06 11:14:25 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll [2010.10.01 23:46:43 | 000,012,096 | ---- | M] () -- C:\Users\Torben\.recently-used.xbel [2010.09.23 16:39:42 | 000,524,288 | -HS- | M] () -- C:\Users\Torben\NTUSER.DAT{6bba3e28-c687-11df-95dc-001f160de490}.TMContainer00000000000000000002.regtrans-ms [2010.09.23 15:41:33 | 000,524,288 | -HS- | M] () -- C:\Users\Torben\NTUSER.DAT{76c5c853-ab15-11df-aa4c-001f160de490}.TMContainer00000000000000000001.regtrans-ms [2010.09.23 15:41:33 | 000,065,536 | -HS- | M] () -- C:\Users\Torben\NTUSER.DAT{76c5c853-ab15-11df-aa4c-001f160de490}.TM.blf [2010.09.23 12:42:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf [2010.09.23 12:42:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf [2010.09.23 12:29:24 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys [2010.09.23 12:29:00 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll [2010.09.23 12:29:00 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys [2010.09.23 12:28:59 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys [2010.09.22 02:06:53 | 000,143,416 | ---- | M] () -- C:\Users\Torben\AppData\Local\GDIPFONTCACHEV1.DAT [2010.09.22 02:05:34 | 000,487,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.09.22 01:42:28 | 000,008,512 | ---- | M] () -- C:\Users\Torben\AppData\Local\d3d9caps.dat [2010.09.21 14:14:19 | 000,011,868 | ---- | M] () -- C:\Users\Torben\Documents\AIS wegen Arge.docx [2010.09.21 14:09:38 | 000,160,041 | ---- | M] () -- C:\Windows\hpoins14.dat [2010.09.21 14:09:04 | 000,000,254 | ---- | M] () -- C:\Windows\win.ini [2010.09.21 14:07:32 | 000,011,759 | ---- | M] () -- C:\Users\Torben\Documents\Krüger und Dernbach wegen Arge.docx [2010.09.11 13:05:17 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2010.09.11 13:05:17 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2010.09.10 00:03:29 | 000,010,176 | ---- | M] () -- C:\Windows\System32\ealregsnapshot1.reg [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.07 21:40:41 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2010.10.07 21:40:41 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2010.10.06 12:04:41 | 000,748,073 | ---- | C] () -- C:\Users\Torben\Desktop\Scannen0001.jpg [2010.10.06 11:14:25 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2010.10.01 23:46:43 | 000,012,096 | ---- | C] () -- C:\Users\Torben\.recently-used.xbel [2010.09.23 15:43:26 | 000,524,288 | -HS- | C] () -- C:\Users\Torben\NTUSER.DAT{6bba3e28-c687-11df-95dc-001f160de490}.TMContainer00000000000000000002.regtrans-ms [2010.09.23 15:43:26 | 000,524,288 | -HS- | C] () -- C:\Users\Torben\NTUSER.DAT{6bba3e28-c687-11df-95dc-001f160de490}.TMContainer00000000000000000001.regtrans-ms [2010.09.23 15:43:26 | 000,065,536 | -HS- | C] () -- C:\Users\Torben\NTUSER.DAT{6bba3e28-c687-11df-95dc-001f160de490}.TM.blf [2010.09.23 12:42:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf [2010.09.23 12:42:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf [2010.09.22 01:55:26 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2010.09.22 01:55:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2010.09.22 01:55:25 | 000,184,394 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010.09.22 01:55:25 | 000,173,776 | ---- | C] () -- C:\Windows\System32\atiumdva.cap [2010.09.22 01:55:25 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2010.09.22 01:55:25 | 000,015,950 | ---- | C] () -- C:\Windows\atiogl.xml [2010.09.21 14:14:19 | 000,011,868 | ---- | C] () -- C:\Users\Torben\Documents\AIS wegen Arge.docx [2010.09.21 14:07:31 | 000,011,759 | ---- | C] () -- C:\Users\Torben\Documents\Krüger und Dernbach wegen Arge.docx [2010.08.31 17:36:34 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.08.31 17:36:34 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.08.23 12:12:36 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI [2010.08.17 00:41:11 | 000,000,056 | ---- | C] () -- C:\Windows\Acroread.ini [2010.07.29 12:00:51 | 000,000,020 | ---- | C] () -- C:\Users\Torben\AppData\Roaming\bawuho.dat [2010.07.29 12:00:43 | 000,000,004 | ---- | C] () -- C:\Users\Torben\AppData\Roaming\avdrn.dat [2010.07.26 15:18:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2010.07.26 15:18:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2010.07.26 15:18:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2010.07.26 15:18:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.05.24 19:34:14 | 000,000,023 | ---- | C] () -- C:\Windows\wiso.ini [2010.04.04 23:51:56 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.12.24 23:28:34 | 000,081,408 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV86.sys [2009.10.25 23:13:39 | 000,001,078 | ---- | C] () -- C:\Windows\ODBC.INI [2009.10.10 23:03:10 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll [2009.10.10 23:03:10 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys [2009.10.10 23:02:55 | 000,565,248 | ---- | C] () -- C:\Windows\System32\sptlib21.dll [2009.10.10 23:02:55 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll [2009.10.10 23:02:55 | 000,290,816 | ---- | C] () -- C:\Windows\System32\sptlib22.dll [2009.10.10 23:02:55 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib01.dll [2009.10.10 23:02:55 | 000,245,760 | ---- | C] () -- C:\Windows\System32\sptlib03.dll [2009.10.10 23:02:55 | 000,241,664 | ---- | C] () -- C:\Windows\System32\sptlib02.dll [2009.10.10 23:02:55 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll [2009.09.23 18:16:10 | 000,000,098 | ---- | C] () -- C:\Windows\etkinst.ini [2009.09.13 14:02:58 | 000,031,620 | ---- | C] () -- C:\Users\Torben\AppData\Local\rx_audio.Cache [2009.08.16 23:34:35 | 000,001,080 | ---- | C] () -- C:\Users\Torben\AppData\Local\rx_image32.Cache [2009.08.16 14:59:04 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2009.08.02 17:20:34 | 000,001,328 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2009.05.31 23:52:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.09 13:55:38 | 000,008,512 | ---- | C] () -- C:\Users\Torben\AppData\Local\d3d9caps.dat [2009.05.02 00:29:22 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini [2009.04.28 16:04:47 | 000,697,328 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.04.26 13:40:37 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.04.13 18:12:47 | 000,000,029 | ---- | C] () -- C:\Windows\Irremote.ini [2009.04.09 22:13:25 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.04.08 22:31:48 | 000,000,052 | ---- | C] () -- C:\Windows\videodeLuxe.INI [2009.04.08 22:22:00 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2009.04.08 22:13:39 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll [2009.04.08 22:13:07 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.04.07 22:38:48 | 000,061,455 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009.04.07 14:15:49 | 000,210,944 | ---- | C] () -- C:\Users\Torben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.07 13:00:12 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2009.03.22 09:52:00 | 000,000,264 | ---- | C] () -- C:\Users\Torben\AppData\Roaming\settings.ini [2009.03.02 19:10:48 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.12.07 14:08:06 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.12.07 14:08:04 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.09.12 16:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2008.08.21 11:10:38 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys [2008.06.01 20:45:06 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2008.04.25 14:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2008.02.25 06:16:26 | 000,516,096 | ---- | C] () -- C:\Windows\System32\libxml2.dll [2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2003.12.19 02:00:00 | 000,013,387 | ---- | C] () -- C:\Windows\System32\CinemSup.sys ========== LOP Check ========== [2010.10.09 00:00:03 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2010.10.08 10:08:55 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.10.08 17:04:05 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{071409C0-FF9F-43E2-AEF3-DCF95CC02DAF}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 48 bytes -> C:\Windows:CA35111F24BE079F < End of report > So habe jetzt mal Malwarebytes durchlaufen lassen der fand auch 9 sachen, die habe ich ihn entfernen lassen. danach hatte ich auf dem desktop 2 dateien mit namen desktop.ini eine war von 2008 und eine von 2009 woher kommen die? die probleme sind aber immer noch nicht weg. und hier nochmal der otl log nach dem ich Malwarebytes angewednet habe.OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.10.2010 14:40:48 - Run 2 OTL by OldTimer - Version Folder = C:\Users\Torben\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 5,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,16 Gb Total Space | 11,07 Gb Free Space | 11,75% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 294,48 Gb Free Space | 63,23% Space Free | Partition Type: NTFS Drive E: | 362,71 Gb Total Space | 4,65 Gb Free Space | 1,28% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 60 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) PRC - C:\Program Files\IncrediMail\bin\ImApp.exe (IncrediMail, Ltd.) PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtblfs.exe (Kaspersky Lab) PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\ElsaWin\bin\VSGate.exe (Volkswagen AG) PRC - C:\ElsaWin\bin\LcSvrAdm.exe (Volkswagen AG) PRC - C:\ElsaWin\bin\LcSvrHis.exe (Volkswagen AG) PRC - C:\ElsaWin\bin\LcSvrSaz.exe (Volkswagen AG) PRC - C:\ElsaWin\bin\LcSvrAuf.exe (Volkswagen AG) PRC - C:\ElsaWin\bin\LcSvrPas.exe (Volkswagen AG) PRC - C:\ElsaWin\bin\LcSvrDba.exe (Volkswagen AG) PRC - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) PRC - C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe () PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Launch Manager\WisKeyState.exe (Wistron Corp.) PRC - C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Program Files\Common Files\AVerMedia\FTS RecAssist\AVerHIDReceiver.exe () PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) PRC - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Program Files\Launch Manager\OSDCtrl.exe () PRC - D:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe () PRC - C:\Windows\System32\RMIServerManager.exe () PRC - C:\Program Files\Launch Manager\LaunchAp.exe () PRC - C:\Windows\System32\BeepApp.exe () PRC - C:\Program Files\AMD\RAIDXpert\_jvm\bin\java.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Torben\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Roxio UPnP Renderer 11) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe File not found SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe File not found SRV - (AMDRAIDXpert) -- C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe -s raidxpert.wrapper.conf File not found SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab) SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (RoxWatch12) -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe (Sonic Solutions) SRV - (RoxMediaDB12) -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe (Sonic Solutions) SRV - (VSGate) -- C:\ElsaWin\bin\VSGate.exe (Volkswagen AG) SRV - (LcSvrAdm) -- C:\ElsaWin\bin\LcSvrAdm.exe (Volkswagen AG) SRV - (LcSvrHis) -- C:\ElsaWin\bin\LcSvrHis.exe (Volkswagen AG) SRV - (LcSvrSaz) -- C:\ElsaWin\bin\LcSvrSaz.exe (Volkswagen AG) SRV - (LcSvrAuf) -- C:\ElsaWin\bin\LcSvrAuf.exe (Volkswagen AG) SRV - (LcSvrPAS) -- C:\ElsaWin\bin\LcSvrPas.exe (Volkswagen AG) SRV - (LcSvrDba) -- C:\ElsaWin\bin\LcSvrDba.exe (Volkswagen AG) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AVerRemote) -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (AVerScheduleService) -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe () SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies) SRV - (PnkBstrA) -- D:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\MAGIX\Common\Database\bin\fbserver.exe (The Firebird Project) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (SSHDRV86) -- C:\Windows\System32\drivers\SSHDRV86.sys () DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (AVerAF15) -- C:\Windows\System32\drivers\AVerAF15.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (c2scsi) -- C:\Windows\System32\drivers\C2SCSI.SYS (Sonic Solutions) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (LVUVC) 1.3 MP Webcam(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logitech Inc.) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.) DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (Huawei) -- C:\Windows\System32\drivers\ewdcsc.sys (Huawei Tech. Co., Ltd.) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (drhard) -- C:\Windows\System32\drivers\drhard.sys (Licensed for Gebhard Software) DRV - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (Cinemsup) -- C:\Windows\System32\drivers\cinemsup.sys (Sonic Solutions) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de" FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}: FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru: FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.20100123 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100924 FF - prefs.js..keyword.URL: "hxxp://mystart.magentic.com/?loc=FF_Magentic_AddressBar&search=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: d:\Program Files\Mozilla Firefox\components [2010.07.29 12:12:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: d:\Program Files\Mozilla Firefox\plugins [2010.08.21 12:52:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.18 18:40:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.18 18:40:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2010.10.07 21:40:07 | 000,000,000 | ---D | M] [2009.05.10 12:37:15 | 000,000,000 | ---D | M] -- C:\Users\Torben\AppData\Roaming\mozilla\Extensions [2009.05.10 12:37:15 | 000,000,000 | ---D | M] -- C:\Users\Torben\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010.10.08 14:29:18 | 000,000,000 | ---D | M] -- C:\Users\Torben\AppData\Roaming\mozilla\Firefox\Profiles\jwq6qcfq.default\extensions [2010.05.01 16:01:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Torben\AppData\Roaming\mozilla\Firefox\Profiles\jwq6qcfq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.02.09 18:33:03 | 000,000,000 | ---D | M] (MidnightFox) -- C:\Users\Torben\AppData\Roaming\mozilla\Firefox\Profiles\jwq6qcfq.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8} [2010.07.25 04:43:57 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Torben\AppData\Roaming\mozilla\Firefox\Profiles\jwq6qcfq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010.06.27 12:49:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben\AppData\Roaming\mozilla\Firefox\Profiles\jwq6qcfq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.10.01 01:51:59 | 000,000,000 | ---D | M] -- C:\Users\Torben\AppData\Roaming\mozilla\Firefox\Profiles\jwq6qcfq.default\extensions\nasanightlaunch@example.com [2010.09.12 21:23:44 | 000,000,000 | ---D | M] -- C:\Users\Torben\AppData\Roaming\mozilla\Firefox\Profiles\jwq6qcfq.default\extensions\personas@christopher.beard [2010.02.09 18:33:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben\AppData\Roaming\mozilla\Firefox\Profiles\jwq6qcfq.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions [2010.02.09 18:33:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben\AppData\Roaming\mozilla\Firefox\Profiles\jwq6qcfq.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions\CVS [2010.06.20 19:07:19 | 000,002,149 | ---- | M] () -- C:\Users\Torben\AppData\Roaming\Mozilla\FireFox\Profiles\jwq6qcfq.default\searchplugins\MyStart Search.xml [2010.10.07 21:40:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.08.28 00:57:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.07 21:40:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.06 11:16:24 | 000,412,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: www.Brenz.pl O1 - Hosts: localhost O1 - Hosts: ::1 localhost O1 - Hosts: www.007guard.com O1 - Hosts: 007guard.com O1 - Hosts: 008i.com O1 - Hosts: www.008k.com O1 - Hosts: 008k.com O1 - Hosts: www.00hq.com O1 - Hosts: 00hq.com O1 - Hosts: 010402.com O1 - Hosts: www.032439.com O1 - Hosts: 032439.com O1 - Hosts: www.0scan.com O1 - Hosts: 0scan.com O1 - Hosts: 1000gratisproben.com O1 - Hosts: www.1000gratisproben.com O1 - Hosts: 1001namen.com O1 - Hosts: www.1001namen.com O1 - Hosts: 100888290cs.com O1 - Hosts: www.100888290cs.com O1 - Hosts: www.100sexlinks.com O1 - Hosts: 100sexlinks.com O1 - Hosts: 10sek.com O1 - Hosts: www.10sek.com O1 - Hosts: 14264 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [CookiePatrol] C:\Program Files\PestPatrol\CookiePatrol.exe (Computer Associates International) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [FSCRecovery] c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe () O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe (Computer Associates International) O4 - HKLM..\Run: [PPMemCheck] C:\Program Files\PestPatrol\PPMemCheck.exe () O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe (Sonic Solutions) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [WisKeyState] C:\Program Files\Launch Manager\WisKeyState.exe (Wistron Corp.) O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: ccemf = C:\Windows\TEMP\egl1ds.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: e5u1 = C:\Windows\TEMP\ydut.exe File not found O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Torben\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB (FixItClient Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiprot.dll (TODO: <Company name>) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O24 - Desktop WallPaper: C:\Users\Torben\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Torben\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1e89e549-957d-11df-9de1-001f160de490}\Shell - "" = AutoRun O33 - MountPoints2\{1e89e549-957d-11df-9de1-001f160de490}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{1e89e56b-957d-11df-9de1-001f160de490}\Shell - "" = AutoRun O33 - MountPoints2\{1e89e56b-957d-11df-9de1-001f160de490}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{27d2f089-1bbd-11df-a519-001f160de490}\Shell - "" = AutoRun O33 - MountPoints2\{27d2f089-1bbd-11df-a519-001f160de490}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{785e5ebd-3d47-11de-ac38-001f160de490}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe -- File not found O33 - MountPoints2\{7bf07222-387d-11de-9cdf-001f160de490}\Shell - "" = AutoRun O33 - MountPoints2\{7bf07222-387d-11de-9cdf-001f160de490}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{7bf07260-387d-11de-9cdf-001f160de490}\Shell - "" = AutoRun O33 - MountPoints2\{7bf07260-387d-11de-9cdf-001f160de490}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{b2923e21-94af-11df-8d08-001f160de490}\Shell - "" = AutoRun O33 - MountPoints2\{b2923e21-94af-11df-8d08-001f160de490}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{b2923e22-94af-11df-8d08-001f160de490}\Shell - "" = AutoRun O33 - MountPoints2\{b2923e22-94af-11df-8d08-001f160de490}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{e513420b-9e84-11df-abf8-001f160de490}\Shell - "" = AutoRun O33 - MountPoints2\{e513420b-9e84-11df-abf8-001f160de490}\Shell\AutoRun\command - "" = H:\Startme.exe -- File not found O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 60 Days ========== [2010.10.09 13:27:22 | 000,000,000 | ---D | C] -- C:\Users\Torben\AppData\Roaming\Malwarebytes [2010.10.09 13:27:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.09 13:27:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.09 13:27:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.09 13:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.10.09 00:24:58 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\Torben\Desktop\OTL.exe [2010.10.07 21:55:50 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2010.10.07 21:55:50 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2010.10.07 21:55:50 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll [2010.10.07 21:55:50 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2010.10.07 21:55:49 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [2010.10.07 21:55:49 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll [2010.10.07 21:55:49 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll [2010.10.07 21:55:49 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll [2010.10.07 21:55:49 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2010.10.07 21:55:49 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll [2010.10.07 21:55:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll [2010.10.07 21:55:48 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll [2010.10.07 21:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2010.10.07 21:39:34 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2010.10.07 21:39:17 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2010.10.06 17:33:41 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010.10.06 14:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AntiSpyInfo [2010.10.06 14:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Anti-Spy.Info [2010.10.03 13:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Left 4 Dead 2 [2010.09.27 02:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\COMPUTER BILD [2010.09.23 12:29:24 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys [2010.09.23 12:29:00 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll [2010.09.23 12:29:00 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys [2010.09.23 12:28:59 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys [2010.09.23 12:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson [2010.09.22 01:55:27 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll [2010.09.22 01:55:26 | 004,361,216 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys [2010.09.22 01:55:26 | 000,290,816 | ---- | C] (AMD) -- C:\Windows\System32\atieclxx.exe [2010.09.22 01:55:26 | 000,180,224 | ---- | C] (AMD) -- C:\Windows\System32\atiesrxx.exe [2010.09.22 01:55:25 | 011,520,000 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\atioglxx.dll [2010.09.22 01:55:25 | 004,950,528 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdva.dll [2010.09.22 01:55:25 | 003,837,440 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdag.dll [2010.09.22 01:55:25 | 003,272,704 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticaldd.dll [2010.09.22 01:55:25 | 002,381,312 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atidxx32.dll [2010.09.22 01:55:25 | 000,348,160 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll [2010.09.22 01:55:25 | 000,274,432 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll [2010.09.22 01:55:25 | 000,151,552 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiadlxx.dll [2010.09.22 01:55:25 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atibtmon.exe [2010.09.22 01:55:25 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll [2010.09.22 01:55:25 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalrt.dll [2010.09.22 01:55:25 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalcl.dll [2010.09.22 01:55:25 | 000,051,712 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atimpc32.dll [2010.09.22 01:55:25 | 000,051,712 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll [2010.09.22 01:55:25 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll [2010.09.22 01:55:25 | 000,011,776 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll [2010.09.22 01:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2010.09.22 01:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\AMD [2010.09.22 01:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2010.09.22 01:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2010.09.22 01:36:46 | 000,000,000 | ---D | C] -- C:\ATI [2010.09.22 00:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2010.09.21 21:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Bagger-Simulator 2011 [2010.09.21 21:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bagger-Simulator 2011 [2010.09.21 19:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2010.09.21 19:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010.09.21 19:07:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010.09.21 15:44:33 | 000,000,000 | ---D | C] -- C:\Users\Torben\AppData\Local\HP [2010.09.15 21:20:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32 [2010.09.15 19:23:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TOIGeldplaner2008 [2010.09.15 19:23:51 | 000,000,000 | ---D | C] -- C:\Users\Torben\AppData\Local\Die GeldPlaner Einstellungen [2010.09.15 19:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Die GeldPlaner Einstellungen [2010.09.15 19:23:51 | 000,000,000 | ---D | C] -- C:\Users\Torben\Documents\Die GeldPlaner Daten [2010.09.15 19:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\metier2000Apps [2010.09.15 19:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\métier 2000 - Softwareentwicklung GmbH [2010.09.12 13:14:01 | 000,000,000 | ---D | C] -- C:\Extracted [2010.09.11 13:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\Zombie Driver [2010.09.11 04:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2010.09.03 15:09:44 | 000,000,000 | ---D | C] -- C:\Users\Torben\AppData\Local\Unity [2010.08.31 17:41:19 | 000,000,000 | ---D | C] -- C:\Users\Torben\Documents\Samsung [2010.08.31 17:36:34 | 000,217,088 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe [2010.08.31 17:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2010.08.31 17:35:13 | 000,000,000 | ---D | C] -- C:\Users\Torben\AppData\Roaming\Samsung [2010.08.31 17:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2010.08.31 17:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny [2010.08.31 17:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2010.08.31 17:30:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Samsung [2010.08.30 14:06:51 | 000,000,000 | ---D | C] -- C:\Users\Torben\Documents\UK Truck Simulator [2010.08.28 19:35:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Reallusion [2010.08.28 00:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.08.28 00:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010.08.28 00:57:29 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.08.28 00:57:29 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.08.28 00:57:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.08.28 00:57:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.08.23 23:41:32 | 000,000,000 | ---D | C] -- C:\Users\Torben\AppData\Roaming\Macrovision [2010.08.23 23:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio [2010.08.23 23:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared [2010.08.23 23:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio 2010 [2010.08.23 23:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision [2010.08.23 23:20:59 | 000,000,000 | ---D | C] -- C:\Users\Torben\AppData\Roaming\Roxio Log Files [2010.08.23 20:19:16 | 000,000,000 | ---D | C] -- C:\HELI-X30 [2010.08.22 13:52:00 | 000,000,000 | ---D | C] -- C:\Users\Torben\Desktop\film kopien [2010.08.21 13:42:36 | 000,000,000 | ---D | C] -- C:\DVD-Video-Archiv-2009-Daten [2010.08.21 13:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\GBelectronics Shared [2010.08.21 13:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\GBelectronics [2010.08.21 13:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\GBelectronics [2010.08.21 13:36:31 | 000,000,000 | ---D | C] -- C:\Users\Torben\AppData\Local\MicroVision Applications [2010.08.21 13:20:02 | 000,000,000 | --SD | C] -- C:\Users\Torben\Documents\Eigene DVDs [2010.08.21 13:20:02 | 000,000,000 | ---D | C] -- C:\Users\Torben\Documents\Meine Videos [2010.08.19 06:18:21 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.19 06:18:21 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.19 06:17:45 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.08.19 06:17:45 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.19 06:17:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.08.19 06:17:45 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.19 06:17:45 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.19 06:17:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.08.19 06:17:45 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.19 06:17:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.08.19 06:17:44 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.19 06:17:44 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.08.19 06:17:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.08.19 06:17:44 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.08.19 06:17:44 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.19 06:17:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.19 06:17:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.19 06:17:35 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.19 06:17:32 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.19 06:17:31 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.18 23:31:11 | 000,000,000 | ---D | C] -- C:\Users\Torben\AppData\Local\{7148F0A6-6813-11D6-A77B-00B0D0142030} [2010.08.18 23:29:56 | 000,000,000 | ---D | C] -- C:\Users\Torben\AppData\Local\{35A3A4F2-B792-11D6-A78A-00B0D0142030} [2010.08.18 23:21:48 | 000,000,000 | ---D | C] -- C:\BMW [2010.08.18 13:21:44 | 000,921,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\MFC40.DLL [2010.08.18 13:21:44 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\Msvcrt40.dll [2010.08.16 23:12:48 | 000,000,000 | ---D | C] -- C:\VW [2010.08.16 23:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real [2010.08.12 02:39:12 | 000,000,000 | ---D | C] -- C:\Users\Torben\Desktop\Erotik Handy [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 60 Days ========== [2010.10.09 14:33:14 | 008,912,896 | ---- | M] () -- C:\Users\Torben\NTUSER.DAT [2010.10.09 14:00:03 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.10.09 13:53:00 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.09 13:52:57 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.09 13:52:56 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile [2010.10.09 13:52:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.10.09 13:52:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.09 13:51:26 | 000,524,288 | -HS- | M] () -- C:\Users\Torben\NTUSER.DAT{6bba3e28-c687-11df-95dc-001f160de490}.TMContainer00000000000000000001.regtrans-ms [2010.10.09 13:51:26 | 000,065,536 | -HS- | M] () -- C:\Users\Torben\NTUSER.DAT{6bba3e28-c687-11df-95dc-001f160de490}.TM.blf [2010.10.09 13:50:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.10.09 13:50:15 | 003,720,726 | -H-- | M] () -- C:\Users\Torben\AppData\Local\IconCache.db [2010.10.09 13:27:10 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.09 00:25:22 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Torben\Desktop\OTL.exe [2010.10.08 23:26:26 | 000,210,944 | ---- | M] () -- C:\Users\Torben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.08 20:15:01 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.10.08 20:15:01 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.08 20:15:01 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.08 20:15:01 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.08 20:15:01 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.08 17:04:05 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{071409C0-FF9F-43E2-AEF3-DCF95CC02DAF}.job [2010.10.08 10:10:05 | 000,173,576 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\System32\drivers\ahcix86s.sys [2010.10.07 21:57:51 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2010.10.07 21:57:51 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2010.10.07 21:39:17 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2010.10.06 12:04:41 | 000,748,073 | ---- | M] () -- C:\Users\Torben\Desktop\Scannen0001.jpg [2010.10.06 12:00:15 | 000,008,766 | ---- | M] () -- C:\Users\Torben\Documents\Treuhand Heinz Jürgen.xlsx [2010.10.06 11:29:15 | 181,492,710 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.10.06 11:14:25 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll [2010.10.01 23:46:43 | 000,012,096 | ---- | M] () -- C:\Users\Torben\.recently-used.xbel [2010.09.23 16:39:42 | 000,524,288 | -HS- | M] () -- C:\Users\Torben\NTUSER.DAT{6bba3e28-c687-11df-95dc-001f160de490}.TMContainer00000000000000000002.regtrans-ms [2010.09.23 15:41:33 | 000,524,288 | -HS- | M] () -- C:\Users\Torben\NTUSER.DAT{76c5c853-ab15-11df-aa4c-001f160de490}.TMContainer00000000000000000001.regtrans-ms [2010.09.23 15:41:33 | 000,065,536 | -HS- | M] () -- C:\Users\Torben\NTUSER.DAT{76c5c853-ab15-11df-aa4c-001f160de490}.TM.blf [2010.09.23 12:42:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf [2010.09.23 12:42:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf [2010.09.23 12:29:24 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys [2010.09.23 12:29:00 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll [2010.09.23 12:29:00 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys [2010.09.23 12:28:59 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys [2010.09.22 02:06:53 | 000,143,416 | ---- | M] () -- C:\Users\Torben\AppData\Local\GDIPFONTCACHEV1.DAT [2010.09.22 02:05:34 | 000,487,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.09.22 01:42:28 | 000,008,512 | ---- | M] () -- C:\Users\Torben\AppData\Local\d3d9caps.dat [2010.09.21 14:14:19 | 000,011,868 | ---- | M] () -- C:\Users\Torben\Documents\AIS wegen Arge.docx [2010.09.21 14:09:38 | 000,160,041 | ---- | M] () -- C:\Windows\hpoins14.dat [2010.09.21 14:09:04 | 000,000,254 | ---- | M] () -- C:\Windows\win.ini [2010.09.21 14:07:32 | 000,011,759 | ---- | M] () -- C:\Users\Torben\Documents\Krüger und Dernbach wegen Arge.docx [2010.09.11 13:05:17 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2010.09.11 13:05:17 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2010.09.10 00:03:29 | 000,010,176 | ---- | M] () -- C:\Windows\System32\ealregsnapshot1.reg [2010.09.06 13:12:00 | 000,012,780 | ---- | M] () -- C:\Users\Torben\Documents\basti mahnung.docx [2010.09.04 15:59:40 | 000,011,078 | ---- | M] () -- C:\Users\Torben\Documents\Simone Schulden.docx [2010.08.31 17:30:33 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp [2010.08.28 00:47:17 | 000,001,690 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.08.23 12:47:38 | 000,697,328 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys [2010.08.23 12:12:36 | 000,000,181 | ---- | M] () -- C:\Windows\WININIT.INI [2010.08.19 06:22:59 | 000,524,288 | -HS- | M] () -- C:\Users\Torben\NTUSER.DAT{76c5c853-ab15-11df-aa4c-001f160de490}.TMContainer00000000000000000002.regtrans-ms [2010.08.19 06:00:58 | 000,524,288 | -HS- | M] () -- C:\Users\Torben\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.08.19 06:00:58 | 000,065,536 | -HS- | M] () -- C:\Users\Torben\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.08.18 13:23:45 | 000,001,078 | ---- | M] () -- C:\Windows\ODBC.INI [2010.08.17 00:42:45 | 000,000,056 | ---- | M] () -- C:\Windows\Acroread.ini [2010.08.15 22:04:53 | 000,012,686 | ---- | M] () -- C:\Users\Torben\Documents\Bewerbung.docx [2010.08.12 00:29:28 | 000,003,997 | ---- | M] () -- C:\Users\Torben\Documents\ISO1_DVD.nri [2010.08.10 14:50:56 | 000,011,228 | ---- | M] () -- C:\Users\Torben\Documents\Kreis Pinneberg.docx [2010.08.10 14:50:46 | 000,011,036 | ---- | M] () -- C:\Users\Torben\Documents\Alzey.docx [2010.08.10 14:50:30 | 000,011,037 | ---- | M] () -- C:\Users\Torben\Documents\Kohn.docx [2010.08.10 14:50:20 | 000,011,114 | ---- | M] () -- C:\Users\Torben\Documents\Rammelt.docx [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.09 13:27:10 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.07 21:40:41 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2010.10.07 21:40:41 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2010.10.06 12:04:41 | 000,748,073 | ---- | C] () -- C:\Users\Torben\Desktop\Scannen0001.jpg [2010.10.06 11:14:25 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2010.10.01 23:46:43 | 000,012,096 | ---- | C] () -- C:\Users\Torben\.recently-used.xbel [2010.09.23 15:43:26 | 000,524,288 | -HS- | C] () -- C:\Users\Torben\NTUSER.DAT{6bba3e28-c687-11df-95dc-001f160de490}.TMContainer00000000000000000002.regtrans-ms [2010.09.23 15:43:26 | 000,524,288 | -HS- | C] () -- C:\Users\Torben\NTUSER.DAT{6bba3e28-c687-11df-95dc-001f160de490}.TMContainer00000000000000000001.regtrans-ms [2010.09.23 15:43:26 | 000,065,536 | -HS- | C] () -- C:\Users\Torben\NTUSER.DAT{6bba3e28-c687-11df-95dc-001f160de490}.TM.blf [2010.09.23 12:42:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf [2010.09.23 12:42:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf [2010.09.22 01:55:26 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2010.09.22 01:55:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2010.09.22 01:55:25 | 000,184,394 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010.09.22 01:55:25 | 000,173,776 | ---- | C] () -- C:\Windows\System32\atiumdva.cap [2010.09.22 01:55:25 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2010.09.22 01:55:25 | 000,015,950 | ---- | C] () -- C:\Windows\atiogl.xml [2010.09.21 14:14:19 | 000,011,868 | ---- | C] () -- C:\Users\Torben\Documents\AIS wegen Arge.docx [2010.09.21 14:07:31 | 000,011,759 | ---- | C] () -- C:\Users\Torben\Documents\Krüger und Dernbach wegen Arge.docx [2010.08.31 17:36:34 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.08.31 17:36:34 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.08.31 17:28:59 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp [2010.08.28 00:47:17 | 000,001,690 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.08.26 23:03:11 | 000,008,766 | ---- | C] () -- C:\Users\Torben\Documents\Treuhand Heinz Jürgen.xlsx [2010.08.23 12:12:36 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI [2010.08.19 06:03:02 | 000,524,288 | -HS- | C] () -- C:\Users\Torben\NTUSER.DAT{76c5c853-ab15-11df-aa4c-001f160de490}.TMContainer00000000000000000002.regtrans-ms [2010.08.19 06:03:02 | 000,524,288 | -HS- | C] () -- C:\Users\Torben\NTUSER.DAT{76c5c853-ab15-11df-aa4c-001f160de490}.TMContainer00000000000000000001.regtrans-ms [2010.08.19 06:03:02 | 000,065,536 | -HS- | C] () -- C:\Users\Torben\NTUSER.DAT{76c5c853-ab15-11df-aa4c-001f160de490}.TM.blf [2010.08.17 00:41:11 | 000,000,056 | ---- | C] () -- C:\Windows\Acroread.ini [2010.08.15 22:04:53 | 000,012,686 | ---- | C] () -- C:\Users\Torben\Documents\Bewerbung.docx [2010.08.12 00:29:28 | 000,003,997 | ---- | C] () -- C:\Users\Torben\Documents\ISO1_DVD.nri [2010.08.10 14:50:56 | 000,011,228 | ---- | C] () -- C:\Users\Torben\Documents\Kreis Pinneberg.docx [2010.08.10 14:50:45 | 000,011,036 | ---- | C] () -- C:\Users\Torben\Documents\Alzey.docx [2010.08.10 14:50:29 | 000,011,037 | ---- | C] () -- C:\Users\Torben\Documents\Kohn.docx [2010.08.10 14:50:19 | 000,011,114 | ---- | C] () -- C:\Users\Torben\Documents\Rammelt.docx [2010.07.29 12:00:51 | 000,000,020 | ---- | C] () -- C:\Users\Torben\AppData\Roaming\bawuho.dat [2010.07.26 15:18:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2010.07.26 15:18:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2010.07.26 15:18:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2010.07.26 15:18:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.05.24 19:34:14 | 000,000,023 | ---- | C] () -- C:\Windows\wiso.ini [2010.04.04 23:51:56 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.12.24 23:28:34 | 000,081,408 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV86.sys [2009.10.25 23:13:39 | 000,001,078 | ---- | C] () -- C:\Windows\ODBC.INI [2009.10.10 23:03:10 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll [2009.10.10 23:03:10 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys [2009.10.10 23:02:55 | 000,565,248 | ---- | C] () -- C:\Windows\System32\sptlib21.dll [2009.10.10 23:02:55 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll [2009.10.10 23:02:55 | 000,290,816 | ---- | C] () -- C:\Windows\System32\sptlib22.dll [2009.10.10 23:02:55 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib01.dll [2009.10.10 23:02:55 | 000,245,760 | ---- | C] () -- C:\Windows\System32\sptlib03.dll [2009.10.10 23:02:55 | 000,241,664 | ---- | C] () -- C:\Windows\System32\sptlib02.dll [2009.10.10 23:02:55 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll [2009.09.23 18:16:10 | 000,000,098 | ---- | C] () -- C:\Windows\etkinst.ini [2009.09.13 14:02:58 | 000,031,620 | ---- | C] () -- C:\Users\Torben\AppData\Local\rx_audio.Cache [2009.08.16 23:34:35 | 000,001,080 | ---- | C] () -- C:\Users\Torben\AppData\Local\rx_image32.Cache [2009.08.16 14:59:04 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2009.08.02 17:20:34 | 000,001,328 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2009.05.31 23:52:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.09 13:55:38 | 000,008,512 | ---- | C] () -- C:\Users\Torben\AppData\Local\d3d9caps.dat [2009.05.02 00:29:22 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini [2009.04.28 16:04:47 | 000,697,328 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.04.26 13:40:37 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.04.13 18:12:47 | 000,000,029 | ---- | C] () -- C:\Windows\Irremote.ini [2009.04.09 22:13:25 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.04.08 22:31:48 | 000,000,052 | ---- | C] () -- C:\Windows\videodeLuxe.INI [2009.04.08 22:22:00 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2009.04.08 22:13:39 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll [2009.04.08 22:13:07 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.04.07 22:38:48 | 000,061,455 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009.04.07 14:15:49 | 000,210,944 | ---- | C] () -- C:\Users\Torben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.07 13:00:12 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2009.03.22 09:52:00 | 000,000,264 | ---- | C] () -- C:\Users\Torben\AppData\Roaming\settings.ini [2009.03.02 19:10:48 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.12.07 14:08:06 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.12.07 14:08:04 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.09.12 16:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2008.08.21 11:10:38 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys [2008.06.01 20:45:06 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2008.04.25 14:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2008.02.25 06:16:26 | 000,516,096 | ---- | C] () -- C:\Windows\System32\libxml2.dll [2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2003.12.19 02:00:00 | 000,013,387 | ---- | C] () -- C:\Windows\System32\CinemSup.sys ========== LOP Check ========== [2010.10.09 14:00:03 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2010.10.09 13:50:54 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.10.08 17:04:05 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{071409C0-FF9F-43E2-AEF3-DCF95CC02DAF}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 48 bytes -> C:\Windows:CA35111F24BE079F < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.10.2010 14:40:48 - Run 2 OTL by OldTimer - Version Folder = C:\Users\Torben\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 5,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,16 Gb Total Space | 11,07 Gb Free Space | 11,75% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 294,48 Gb Free Space | 63,23% Space Free | Partition Type: NTFS Drive E: | 362,71 Gb Total Space | 4,65 Gb Free Space | 1,28% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 60 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems) Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 "" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{055FAD68-C604-42DC-B0D0-8B9D4BEACE1E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0B7603F9-667D-4F53-B522-B6105BD4355D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0D660DEB-EC51-4950-8083-98D5E08949C4}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{280ECE8E-E3CD-4617-A331-7D688F44F3A6}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{292D826A-97CD-43F8-A523-867C47B71008}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2A7C60C0-7816-4FB7-826F-4E5302A4C2A4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{369B9272-535D-47E8-8B80-248B6100A729}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{3A16A7AD-55C2-49D0-B332-BAA96CE1AF49}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4B1154D6-1CF0-4F38-89A2-672F8DA1FFB9}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{4F2CFE12-BFE2-49D0-9980-41D311211F1A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5C66C8B9-23D1-4082-8E43-CF208FC98215}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6199D8F1-E4A3-4CB9-9310-409F6B1BEC77}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{74260752-4466-4DD2-8EDF-A22EA98399FA}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{7A806DC5-44E5-49D0-92C1-C56611A701C6}" = lport=2869 | protocol=6 | dir=in | app=system | "{7C943B88-1961-4077-A992-61FF778190D9}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{8170C42A-9109-4E97-B446-02B48E547B3A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{94EE19C3-CEC1-4907-95EB-4FA1A4CDB274}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{96B0BBB1-6402-4E88-AE18-1F5B32FCB12B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{A518ED9C-6C13-4C92-AA50-9AB0E72BF3A2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B03C7371-F616-4FF4-AFC5-4D2B3DA0F790}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{BFAB093F-50F5-4A4A-9B3F-551383B7F191}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CCE5DE65-8F65-424D-A2A7-8144CC826D4D}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{DBD12A44-0FD7-403B-A7FF-ABCA3623F443}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{DD20747F-DA8A-4681-86A1-1723765807AB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{E2FBF27A-F2D6-4BE1-8C74-8690E062DA29}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{FA1ED007-08F0-44A6-9E3E-62A3270227F1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FB9FAE8D-22B4-4003-BD0A-CB77B245C422}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01105BE2-7A77-4383-9209-E0F64DC4AFFF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0E485FE8-C180-49D7-B703-351468A020DE}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe | "{10C1CEA6-7111-4E51-8072-8D6479CCFA58}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe | "{12D45BEE-DE8D-4420-9FDE-0A3979DA9F56}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{145D9148-DF0A-49EC-B317-36178D6FDD06}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | "{2136BAED-91C0-40D6-9E92-5D2DF7F4734A}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | "{2E939DF7-B3BA-4C22-8208-49A83DD30D3F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{31AE78EF-6586-4EB3-803B-1CE5094AB6D9}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | "{33031836-8C71-4A99-B362-3BAFDA432C79}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{36AB0881-9B69-4270-B710-4B994345C8E6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{40FCDC64-A18A-40B1-AAF4-C98092FDFB3D}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | "{4890B9A6-8982-4DA2-93E7-AB7400648066}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{57F77165-7093-465D-BA36-0FFA6940AD5D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{62412804-6328-4E17-87D6-59967D58F968}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{69709797-755A-4423-ADBB-B480279F1022}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6C341B89-71ED-4B37-A4C2-DA4C6BEA5E5A}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{7341E30D-F369-4238-B7FA-4F413AC8982B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{79F18D78-CD5E-45C4-8969-02D44F779077}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{7BC14C53-3304-4B39-995C-8FDF6485E1D3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7D171F40-F56A-4489-8FC2-32EACA27BEFB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{7D1891B7-0F04-4764-9F16-0B7F39545229}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{806C00F2-7E17-4716-897F-12D6ECC8706C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{83585230-3D0E-450D-96AF-62FACB501468}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8C4AF640-69F4-460B-A8E8-38B05CB2515F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{8DFC9749-711E-4190-BB7A-0257871C9E91}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | "{8F2CDC59-BF49-4C23-9F2D-094CFEE21BA8}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{A2EDC691-8C69-4079-B8BE-AB850A0EEEA4}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | "{B2A47EDB-9564-4458-B8C4-AF657C868FB3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B49485D1-DA9D-4235-9FEE-F6189E3467E6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C45A9B4C-89E2-4209-952A-6D2430FF5B93}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C547857A-3C9E-496E-97FF-F6283A74D7A8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C5C7BD5A-726B-4076-8203-265A2A7E97A3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C963C74A-ACC4-4C5E-B986-44D7F5840B70}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{D9A054F3-E5FA-4316-9471-0561605C5CB6}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | "{DD3C6164-11C7-45EA-BABD-3000920EFE9E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EA603C9F-4782-45FF-822B-F556AFA266C7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EB74D91C-2A73-4907-A930-2C40179770E2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{ECC26640-47D7-4CA8-B6BC-DE16C1EE3B4E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{ECEDEDB1-E4DE-4891-8707-D5EFC9FFC07B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "TCP Query User{2AE5CB21-1258-43BE-ABE5-F4BB97B1FE30}C:\program files\bwm software\käseschlacht\kaeseschlacht.exe" = protocol=6 | dir=in | app=c:\program files\bwm software\käseschlacht\kaeseschlacht.exe | "TCP Query User{358218E6-61CF-4CFF-B840-C2CC39F95853}C:\program files\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files\left 4 dead 2\left4dead2.exe | "TCP Query User{796F2F90-6BEB-4081-9AD2-92C939E6BAED}F:\bin\ia\core\mdm_util.exe" = protocol=6 | dir=in | app=f:\bin\ia\core\mdm_util.exe | "TCP Query User{B6B843B2-216C-4FEC-943B-A43890083768}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "TCP Query User{BC63F586-5E54-4CDE-967B-797C4683D6E1}D:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\program files\icq6.5\icq.exe | "UDP Query User{150141AA-8102-46FF-8A0C-D60B51A944CA}F:\bin\ia\core\mdm_util.exe" = protocol=17 | dir=in | app=f:\bin\ia\core\mdm_util.exe | "UDP Query User{16339839-3A83-4074-9FCB-DB4C9A1D40CF}C:\program files\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files\left 4 dead 2\left4dead2.exe | "UDP Query User{1ECB14E0-1E05-44A7-97B8-B265B6502038}D:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\program files\icq6.5\icq.exe | "UDP Query User{4C99BA84-B2C2-4FC4-BA4D-358BFAF4FC31}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "UDP Query User{FF30F885-FF6C-46FA-A6B5-6CE270373D9D}C:\program files\bwm software\käseschlacht\kaeseschlacht.exe" = protocol=17 | dir=in | app=c:\program files\bwm software\käseschlacht\kaeseschlacht.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{026B0D6F-C5E5-4950-AB17-66B2335E6160}" = Roxio WinOnCD 2010 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05FB59A5-4767-BCB4-FB56-0755DA17FEC1}" = Skins "{0C4FF2FE-9E75-4DBF-B2DA-11CE1F10C4B5}" = Roxio AACS Certificate "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp "{11D6DF85-2731-45CA-BD80-E342CA0E033F}_is1" = RigNRoll (Nur entfernen) "{1353AD69-6F86-484F-B56B-3508F60ACCC4}" = HiYo "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{158100ED-E344-921A-51DA-10A1737F9EE2}" = CCC Help Korean "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy "{1A1C1AF0-8DA5-95DB-413C-C7FA2F7E51C6}" = CCC Help Italian "{1B6B4437-3F9E-82D5-6631-AC28B3D3EC51}" = CCC Help Turkish "{1E47EF59-E939-A9F1-D29B-0B3FC952A0AF}" = Catalyst Control Center Localization All "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{209DF55F-5E5C-48A3-BC3D-A7CB1224458C}" = HP Print Diagnostic Utility "{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon "{262DF6D1-FBF5-4FF2-B8B0-67B8A03179FE}" = DVD-Video-Archiv+ 5.0 Edition 2009 "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21 "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2B1FA9E4-1E4E-6EB0-67E6-203B7AFDE465}" = CCC Help Chinese Traditional "{2BB4C7CC-103A-E753-9142-C39C461618F6}" = CCC Help Japanese "{2CD17591-FA75-21BA-EDA6-5FA25F172E01}" = CCC Help Norwegian "{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan "{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics "{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009 "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3DDBAEAD-FA8D-1765-1B4B-021A44AE0741}" = CCC Help Greek "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{453E989A-CD2B-1562-01FD-0C8F3E23A2AD}" = ccc-core-static "{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Steuer 2010 "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City "{4FC9E56E-5758-D9C3-126F-B386C8827F50}" = CCC Help Korean "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{5B26151D-EC78-8A9E-27BF-75E841A76F53}" = CCC Help Hungarian "{5B7A5FE0-4BBC-D43E-F85B-80FCE9CF1230}" = CCC Help Spanish "{5C98D841-6392-41F1-A80E-B1A741F32A95}" = DSL-Speedtest "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{620FAC3F-1B28-4C40-2077-FB0D0E5C7B2B}" = CCC Help Hungarian "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6903DF72-FF87-0647-31E8-5962DCB947E7}" = CCC Help Norwegian "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0 "{74DC8A26-4E05-40B6-AD11-C9428A1AE150}" = Roxio WinOnCD 2010 "{74F81103-8507-D08B-05C7-23ED8CD60326}" = CCC Help Dutch "{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7CE13DFB-7320-4630-865F-DE98D8FE6791}" = ArcSoft TotalMedia TV "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01 "{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB "{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio WinOnCD 2010 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert "{8D2E2F37-C1CA-6AE5-E5F9-F9527FFC8290}" = CCC Help Finnish "{8D422AEE-2AC7-E8E9-27B0-5DD6EB2B6767}" = CCC Help French "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9604876E-6DF3-11D9-9526-CC60569E6209}" = DupDetector "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge "{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box "{9B168F1D-4462-C550-C9FD-6DA15E3DE3E3}" = CCC Help Finnish "{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10 "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn "{A3A85E40-18A7-9D61-87AA-761F19B6AB91}" = CCC Help Spanish "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A4B0DBBF-229D-C6BE-1846-A6A3FC58FCC1}" = CCC Help Italian "{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help "{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100 "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AB7ED389-33A8-B46A-4A8A-F685EF451A5C}" = Catalyst Control Center Graphics Previews Vista "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime "{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery "{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}" = PlayReady PC runtime "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B29C7E21-05BD-D106-13AE-F5483213F93C}" = CCC Help Japanese "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd "{B4599362-D2ED-6C4B-9AEF-927036CB2DD2}" = CCC Help Dutch "{B4848E3A-A9B8-4091-A3A2-3941B9AABC5E}" = Logitech QuickCam "{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min "{B51641A5-1ABD-4511-BA83-949D002D852E}" = map&guide 13 professional "{B9C11A0C-C3FF-FCB2-1BFA-B30400FAFF96}" = Catalyst Control Center InstallProxy "{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter "{BD54AC6D-B1E7-EF9D-5A4A-4D80EE0A50AC}" = CCC Help Portuguese "{BDC08878-78D5-BD3F-9A1A-1F7A0C73D016}" = CCC Help French "{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}" = Roxio CinePlayer "{C298400F-457A-0F2C-9761-CE47C4F7A8F4}" = CCC Help Polish "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C8F0C3A9-F54A-F172-37CC-8F08503C4FC2}" = CCC Help Thai "{C9FFC925-E27E-436E-A2DF-652324D51031}" = LG Burning Tools "{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software "{CBD59871-8F21-5A54-61EC-D7098CF230C2}" = CCC Help Czech "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF713C69-2B16-7992-A678-872A01E9BF0F}" = CCC Help Russian "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V2.5.7 "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D3F64D1F-AF0F-4F7B-AA05-BF6526934060}" = Roxio CinePlayer "{D62FD787-E963-43CA-9B84-555D08971CC1}" = Kies-OutlookAddIn "{D68E8727-3727-59CE-FBFD-C76CDB7D510D}" = CCC Help Danish "{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies "{D8E58628-B032-A478-5262-084DA4C16006}" = ccc-utility "{DDF489F0-A665-473D-A5DF-A99EAD780168}" = CCC Help English "{DE79B545-A51D-6E6F-82B2-7A989CC9F2E5}" = CCC Help Portuguese "{DF4081B6-8C35-2A1C-1820-3C2186E1A160}" = CCC Help Swedish "{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1" = Texas Hold'em Poker 3D - Deluxe Edition 1.0 "{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = Fujitsu TV "{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext "{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover "{E93C41A7-017E-46C6-95EC-225D27BD4253}" = map&guide Karte Europa City Release 12/2006 "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox "{EC7A423F-1950-05D9-61EE-FD87D3C56861}" = CCC Help Polish "{ED9B5A5D-6D84-4268-1994-39BF60D1BBF5}" = CCC Help German "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F68D9C4D-DC60-D021-8B2D-CD14E6BD43EA}" = CCC Help English "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0 "{FB1F2BF7-AB8C-8467-4F42-81C410805C91}" = ATI Catalyst Install Manager "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status "{FE9ED9B7-A900-2C15-6A2B-2F5BE089DC79}" = ccc-core-static "{FF39D301-6B39-1378-BF92-92FBC983A973}" = CCC Help Chinese Standard "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "18 WoS Extreme Trucker" = 18 WoS Extreme Trucker 1.01 "Abschleppwagen-Simulator 2010_is1" = Abschleppwagen-Simulator 2010 Version 1.25 "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Anti-Spy.Info" = Anti-Spy.Info 1.7h "AnyDVD" = AnyDVD "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Bagger-Simulator 2011" = Bagger-Simulator 2011 "Biet-O-Matic v2.12.0" = Biet-O-Matic v2.12.0 "CloneCD" = CloneCD "CloneDVD2" = CloneDVD2 "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI "DemolitionCompanyDE_is1" = Demolition Company "Dr. Hardware 2009_is1" = Dr. Hardware 2009 9.9.2d "EA Download Manager" = EA Download Manager "ElsaWin" = ElsaWin "ENTERPRISE" = Microsoft Office Enterprise 2007 "ETKA" = ETKA "Euro Truck Simulator" = Euro Truck Simulator 1.1 "Firebird SQL Server D" = Firebird SQL Server (D) "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3 "Free DVD Video Burner_is1" = Free DVD Video Burner version 2.3 "Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 2.3 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5 "FTS LASER MOUSE Software_is1" = FTS LASER MOUSE Software 1.0 "Fujitsu Slim Mobile ExpressCard DVB-T" = Fujitsu Slim Mobile ExpressCard DVB-T "German Truck Simulator" = German Truck Simulator 1.00 "GMX ProfiFax" = GMX ProfiFax "GoldWave v5.22" = GoldWave v5.22 "HiYo" = HiYo "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Photosmart Essential" = HP Photosmart Essential 2.01 "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0 "HPExtendedCapabilities" = HP Customer Participation Program 9.0 "ImageDupe_is1" = ImageDupe "IncrediMail" = IncrediMail 2.0 "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies "InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = Fujitsu TV "InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10 "IsoBuster_is1" = IsoBuster 2.5 "Jewel Quest 2_is1" = Jewel Quest 2 "Käseschlacht" = Käseschlacht "L4D2SP" = Left 4 Dead 2 Standalone Patch™ "Left4Dead2-hohesC_is1" = Left 4 Dead 2 - "lvdrivers_11.51" = Logitech QuickCam-Treiberpaket "Magentic" = Magentic "MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE (D) "MAGIX Fotos auf CD D" = MAGIX Fotos auf CD (D) "MAGIX Media Suite - Standard Edition D" = MAGIX Media Suite - Standard Edition (D) "MAGIX mp3 maker SE D" = MAGIX mp3 maker SE (D) "MAGIX Online Druck Service (FS)" = MAGIX Online Druck Service (FS) "MAGIX Video deLuxe SE D" = MAGIX Video deLuxe SE (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "ManyCam" = ManyCam 2.4 (remove only) "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mobile Partner" = Mobile Partner "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "MultiMediaManufaktur Uli Stein - Pingu Pong" = Uli Stein - Pingu Pong "New LEGO Digital Designer" = LEGO Digital Designer "OpenAL" = OpenAL "PhotoMail" = PhotoMail Maker "Pinup Strip Poker_is1" = Pinup Strip Poker 1.16d "ratDVD" = ratDVD 0.78.1444 "Saw" = Saw Game "tintii" = indii.org/tintii "TomTom HOME" = TomTom HOME "TVgenial_is1" = TVgenial 3.40 "UK Truck Simulator" = UK Truck Simulator 1.02 "Uninstall_is1" = Uninstall "UseNeXT_is1" = UseNeXT "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime "VLC media player" = VLC media player 0.9.9 "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinPcapInst" = WinPcap 4.0.2 "WinRAR archiver" = WinRAR "Zombie Driver" = Zombie Driver 1.0.3 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > hat keiner einen rat für mich?bin echt ratlos, mein mailfach quillt über weil löschen bringt mir nix die holt er immer wieder, hab das programm schon ausgemacht. und ich kann auch immer noch nix suchen lassen bei google, weil ich die seiten net anklicken kann da ich immer noch auf andere seiten geleitet werde ![]() |
![]() | #2 |
![]() ![]() ![]() ![]() | ![]() System Langsam,Firefox öffnet falsche seiten,incredimail ruft gelöschte mails ab Hallo und Willkommen auf Trojanerboard.de!
__________________![]() Zuerst muss ich Dich bitten hier nicht doppelt zu posten, wir haben hier eine Edit funktion. Du hast Dir Kaspersky gekauft? Dann deinstalliere doch bitte noch Avira, 2 Antivirenprogramme vertragen sich nicht. (Du kannst auch Kaspersky deinstallieren, aber entscheide Dich bitte für eins). Die OTL-Logfile wird hier von jemandem übernommen, der sich besser auskennt - dies kann etwas dauern, bitte hab' etwas Geduld. MfG. Daniel
__________________ |
![]() | #3 |
![]() | ![]() System Langsam,Firefox öffnet falsche seiten,incredimail ruft gelöschte mails ab OK, entschuldige bitte die doppel posts, hatte wo ich das gemacht hatte versucht zu editieren/bearbeiten da sagte er mir aber das der beitrag über 60min her ist und es daher nicht geht.
__________________Lag asber vllt. ja auch mit an meinem problem. Habe schon avira,anti spy und spyboot deinstaliert. lasse Malwarebytes gerade nochmal durchlaufen, hat schon wieder was gefunden,dauert aber wohl noch etwas bis er fertig ist, läuft nun knapp 3 std und ist noch auf C. |
![]() | #4 |
![]() ![]() ![]() ![]() | ![]() System Langsam,Firefox öffnet falsche seiten,incredimail ruft gelöschte mails ab Denk bitte an das Logfile, danke. MfG. Daniel
__________________ MfG. Daniel Ein Keygen kommt selten allein.... |
![]() | #5 |
![]() | ![]() System Langsam,Firefox öffnet falsche seiten,incredimail ruft gelöschte mails ab hier die neue logfile von malewarebytes (editieren des alten beitrages geht irgendwie net) |
![]() | #6 |
![]() ![]() ![]() ![]() | ![]() System Langsam,Firefox öffnet falsche seiten,incredimail ruft gelöschte mails abCode:
ATTFilter Infizierte Dateien: C:\Program Files\WinRAR\RAR Slayer v1.1.exe (Malware.Tool) -> No action taken. C:\MAGIX\DFM2006_SE\Firebird\setup.exe (Trojan.Agent) -> No action taken. MfG. Daniel
__________________ --> System Langsam,Firefox öffnet falsche seiten,incredimail ruft gelöschte mails ab |
![]() | #7 | |
![]() | ![]() System Langsam,Firefox öffnet falsche seiten,incredimail ruft gelöschte mails abZitat:
Die beiden dateien hatte ich manuell gelöscht,weil Malwarebytes mir die evakuierung nicht anbot.habe es nochmal durchlaufen lassen,hat jetzt aber nix mehr gefunden. |
![]() | #8 |
![]() ![]() ![]() ![]() | ![]() System Langsam,Firefox öffnet falsche seiten,incredimail ruft gelöschte mails ab Gut, jetzt deinstalliere incredimail bitte und geh danach mit CCleaner drüber. (Auch bei der Registry). Danach installiere nochmals incredimail. Daniel
__________________ MfG. Daniel Ein Keygen kommt selten allein.... |
![]() | #9 |
![]() | ![]() System Langsam,Firefox öffnet falsche seiten,incredimail ruft gelöschte mails ab So das hätten wir, hab ich deinst. ccleaner und nochmal neu instaliert. bisher hat er noch keine neuen alten abgerufen. Mit firefox bzw IE besteht das problem aber immer noch. Er sagt mir beim hochfahren auch "The File WBHelp2.dll is missing" <---was bedeutet dies? habe auch nach der anleitung hier den WDefender deaktiviert da sagt er jetzt beim hochfahren fehler un kann den dienst nicht starten, soll er ja auch net mehr, aber wieso die fehlermeldung? tdsskiller hab ich jetzt auch mal laufen lassen Torben |
![]() | #10 |
![]() | ![]() System Langsam,Firefox öffnet falsche seiten,incredimail ruft gelöschte mails ab um nochmal etwas vor zuarbeiten habe ich auch noch mal jetzt HijackThis laufen lassen. Habe mir auch nochmal opera geholt, dort besteht das gleiche problem, betrifft aber weiterhin nur die suche über google. wenn ich bei opera die bing suche benutze komme ich zu den seiten die ich möchte. |
![]() | #11 |
![]() ![]() ![]() ![]() | ![]() System Langsam,Firefox öffnet falsche seiten,incredimail ruft gelöschte mails ab Edit: Vorher bitte die Datei Code:
ATTFilter C:\Windows\system32\Drivers\sptd.sys Danach folgende Einträge fixen: Code:
ATTFilter O1 - Hosts: www.google.com O1 - Hosts: www.google.de O1 - Hosts: www.google.fr O1 - Hosts: www.google.co.uk O1 - Hosts: www.google.com.br O1 - Hosts: www.google.it O1 - Hosts: www.google.es O1 - Hosts: www.google.co.jp O1 - Hosts: www.google.com.mx O1 - Hosts: www.google.ca O1 - Hosts: www.google.com.au O1 - Hosts: www.google.nl O1 - Hosts: www.google.co.za O1 - Hosts: www.google.be O1 - Hosts: www.google.gr O1 - Hosts: www.google.at O1 - Hosts: www.google.se O1 - Hosts: www.google.ch O1 - Hosts: www.google.pt O1 - Hosts: www.google.dk O1 - Hosts: www.google.fi O1 - Hosts: www.google.ie O1 - Hosts: www.google.no O1 - Hosts: search.yahoo.com O1 - Hosts: us.search.yahoo.com O1 - Hosts: uk.search.yahoo.com O4 - HKLM\..\Policies\Explorer\Run: [ccemf] C:\Windows\TEMP\egl1ds.exe O4 - HKLM\..\Policies\Explorer\Run: [e5u1] C:\Windows\TEMP\ydut.exe O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe Edit: Vorher bitte die Datei C:\Windows\system32\Drivers\sptd.sys bei Virustotal hochladen und scannen lassen. Wenn dort steht, die Datei wurde schonmal gescannt bitte trotzdem scannen und danach das Log posten. MfG. Daniel
__________________ MfG. Daniel Ein Keygen kommt selten allein.... |
![]() | #12 |
![]() | ![]() System Langsam,Firefox öffnet falsche seiten,incredimail ruft gelöschte mails ab Bekomme die datei nicht hochgeladen er sagt immer wird verwendet schließen sie das programm um diese datei zu öffnen. soll ich trotzdem schon fixen? |
![]() | #13 |
![]() ![]() ![]() ![]() | ![]() System Langsam,Firefox öffnet falsche seiten,incredimail ruft gelöschte mails ab Ja, fix mal. Edit: Denk dran dann neu zu starten und nochmal HijackThis drüber laufen lassen + Log posten.
__________________ MfG. Daniel Ein Keygen kommt selten allein.... |
![]() | #14 |
![]() | ![]() System Langsam,Firefox öffnet falsche seiten,incredimail ruft gelöschte mails ab so, hab das eben nochmal über firefox probiert die datei hoch zuladen,da konnte ich sie auswählen, kommt aber nur kurz ein fenster was sofort wieder weg ist mehr passiert nicht. so hab die mal gefixt und hier der log nach neustart |
![]() | #15 |
![]() ![]() ![]() ![]() | ![]() System Langsam,Firefox öffnet falsche seiten,incredimail ruft gelöschte mails abCode:
ATTFilter O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe Such mal im Taskmanager, ob Du den Prozess dazu siehst. (also dgdersvc.exe). Wenn ja beend ihm mal, warte kurz und guck, ob er wieder kommt. Wenn er nicht wiederkommt versuch die Datei auf Virustotal hochzuladen. MfG. Daniel
__________________ MfG. Daniel Ein Keygen kommt selten allein.... |
![]() |
Themen zu System Langsam,Firefox öffnet falsche seiten,incredimail ruft gelöschte mails ab |
32 bit, acroiehelper.dll, alternate, avgntflt.sys, avp.exe, components, corp./icp, desktop.ini, druck, excel.exe, falsche, falsche seite, falsche seiten, fehler, firefox, firefox.exe, fontcache, gekauft, gelöscht, grand theft auto, home premium, hotkey.sys, iastor.sys, incredi, install.exe, kaspersky, klicke, langsam, link, location, log, mail, mails, microsoft office word, msvcrt, need for speed, neu, nvstor.sys, office 2007, oldtimer, online, otl logfile, otl.exe, plug-in, programdata, safer networking, saver, scan, scanner, sched.exe, searchplugins, security, security update, seite, seiten, shell32.dll, skype.exe, sptd.sys, studio, suche, system, system langsam, trojaner, usenext, visual studio, vlc media player, öffnen, öffnet |