Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Problem mit Flash-Player Fälschung

Problem mit Flash-Player Fälschung


Log-Analyse und Auswertung: Problem mit Flash-Player Fälschung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 06.02.2011, 17:55   #1
phochaew
 
Problem mit Flash-Player Fälschung - Standard

Problem mit Flash-Player Fälschung


Hallo erstmal,

ich bin neu hier und zwar wegen einem Problem.

Bei mir öffnet sich die ganze Zeit so ein Adobe Flash Player- Installier Fenster (siehe Bild). Da aber nichts von Adobe bei Herausgeber steht, wenn man das Fenster erweitert und rein gar nichts auf Adobe hinweist, denke ich, das es eine Malware o.ä. ist!

Scan Ergenis angehängt!
Alt 06.02.2011, 18:09   #2
markusg
/// Malware-holic
 
Problem mit Flash-Player Fälschung - Standard

Problem mit Flash-Player Fälschung


kannst du in den details sehen von welcher url der download kommt? falls ja sende mir die mal als private nachicht.
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten.
__________________

__________________
Alt 06.02.2011, 18:35   #3
phochaew
 
Problem mit Flash-Player Fälschung - Standard

Problem mit Flash-Player Fälschung


Hier die Dateien! Die OTL.txt war zu groß, deswegen so:





OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.02.2011 18:20:48 - Run 2
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\*********\Documents\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 629,59 Gb Total Space | 461,63 Gb Free Space | 73,32% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 103,77 Gb Free Space | 44,56% Space Free | Partition Type: NTFS
Drive F: | 702,83 Mb Total Space | 492,94 Mb Free Space | 70,14% Space Free | Partition Type: UDF
Drive R: | 955,98 Mb Total Space | 525,03 Mb Free Space | 54,92% Space Free | Partition Type: FAT32
 
Computer Name: FABIANS-PC | User Name: ********* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*********\Documents\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Audials 8\VCDWriter\64\VCDAudioService.exe (RapidSolution Software AG)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Appupdater\appupdatert.exe ()
PRC - C:\Program Files (x86)\Appupdater\appupdaters.exe (Nabber.org)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
PRC - C:\Program Files (x86)\Orbitdownloader\orbitnet.exe (Orbitdownloader.com)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
PRC - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*********\Documents\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Virtual CDAudio Service) -- C:\Program Files (x86)\Audials 8\VCDWriter\64\VCDAudioService.exe (RapidSolution Software AG)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Appupdater) -- C:\Program Files (x86)\Appupdater\appupdaters.exe (Nabber.org)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AODService) -- C:\Program Files (x86)\AMD-OverDrive\AODAssist.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (rsvcdwdr) -- C:\Windows\SysNative\drivers\rsvcdwdr.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\Windows\SysNative\drivers\tdrpm251.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (hxctlflt) -- C:\Windows\SysNative\drivers\hxctlflt.sys (Guillemot Corporation)
DRV:64bit: - (SNPSTD3) -- C:\Windows\SysNative\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV:64bit: - (fsRamDsk) -- C:\Windows\SysNative\drivers\fsRamDsk.sys ()
DRV:64bit: - (FVXSCSI) -- C:\Windows\SysNative\drivers\FVXSCSI.SYS (FarStone Inc.)
DRV:64bit: - (fcdabus) -- C:\Windows\SysNative\drivers\FCDABUS.SYS (FarStone Inc.)
DRV - (CrystalSysInfo) -- C:\Programme\MediaCoder\SysInfoX64.sys ()
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (prohlp02) -- C:\Windows\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\Windows\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (sfhlp01) -- C:\Windows\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (prosync1) -- C:\Windows\System32\drivers\prosync1.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\PremierOpinion
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\Real\RealPlayer\browserrecord\firefox\ext
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.02.03 18:41:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.02.06 14:58:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.02.06 18:12:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.10.23 14:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\Extensions
[2010.04.25 12:00:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.10.23 14:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\Extensions\Coder Preset
[2010.10.23 14:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\Extensions\MediaCoder
[2010.10.23 14:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\Extensions\MediaCoder-Benchmark
[2010.10.23 14:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard
[2011.02.06 15:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\o2r619a9.default\extensions
[2011.02.06 12:42:55 | 000,000,000 | ---D | M] (TweakTube) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\o2r619a9.default\extensions\{15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed}
[2011.02.02 19:09:25 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\o2r619a9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011.02.02 19:09:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\o2r619a9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.02.02 19:09:23 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\o2r619a9.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011.02.02 19:09:24 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\o2r619a9.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2011.02.02 19:09:23 | 000,000,000 | ---D | M] (Ecosia - The Green Search) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\o2r619a9.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
[2011.02.02 19:09:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\o2r619a9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.29 18:04:19 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\o2r619a9.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.02.02 19:09:24 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\o2r619a9.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010.10.29 17:59:15 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\o2r619a9.default\extensions\DeviceDetection@logitech.com
[2011.02.05 11:18:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.02.05 11:17:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.05 11:17:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.29 17:32:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.29 17:32:25 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.29 17:32:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.29 17:32:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.29 17:32:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.03 15:35:41 | 000,000,871 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant]  File not found
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 256
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Monopoly/Images/stg_drm.ocx (Reg Error: Key error.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Monopoly/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.04 15:31:18 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1ba4a8d8-d768-11de-a83a-00248c5d5e14}\Shell - "" = AutoRun
O33 - MountPoints2\{1ba4a8d8-d768-11de-a83a-00248c5d5e14}\Shell\AutoRun\command - "" = I:\Autorun.exe
O33 - MountPoints2\{a67222a1-d398-11de-840f-00248c5d5e14}\Shell - "" = AutoRun
O33 - MountPoints2\{a67222a1-d398-11de-840f-00248c5d5e14}\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.06 18:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2011.02.06 18:11:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup
[2011.02.06 18:01:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2011.02.06 17:56:32 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2011.02.06 17:54:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011.02.06 17:35:42 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Malwarebytes
[2011.02.06 17:35:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.02.06 17:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.06 17:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.02.06 17:35:36 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.02.06 17:35:36 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\Malwarebytes' Anti-Malware
[2011.02.06 17:20:49 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\MFTools
[2011.02.06 15:32:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reallusion
[2011.02.06 15:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrazyTalk Animator
[2011.02.06 15:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Reallusion
[2011.02.06 15:31:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\iClone
[2011.02.06 15:31:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion
[2011.02.06 15:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Reallusion
[2011.02.06 15:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrazyTalk Animator
[2011.02.06 14:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RapidSolution
[2011.02.06 14:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials TV
[2011.02.06 14:35:30 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Local\CrashRpt
[2011.02.06 14:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution
[2011.02.06 14:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials 8
[2011.02.06 14:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audials 8
[2011.02.06 12:23:52 | 000,000,000 | ---D | C] -- C:\Users\*********\.idlerc
[2011.02.06 12:23:35 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.1
[2011.02.06 10:48:24 | 000,000,000 | ---D | C] -- C:\Users\*********\bluej
[2011.02.06 10:46:38 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2011.02.06 10:23:41 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\GetRightToGo
[2011.02.05 19:41:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\temp
[2011.02.05 19:29:29 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\PS und YT
[2011.02.05 13:46:16 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\Aufnahme-11
[2011.02.05 12:59:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2011.02.05 12:58:47 | 000,242,176 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2011.02.05 12:58:47 | 000,193,024 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2011.02.05 12:58:47 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2011.02.05 12:58:47 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2011.02.05 11:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.02.05 11:17:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.02.05 11:13:53 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\gnupg
[2011.02.05 11:13:53 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Appupdater
[2011.02.05 11:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Appupdater
[2011.02.05 11:13:42 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GNU Privacy Guard
[2011.02.05 11:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GNU Privacy Guard
[2011.02.05 11:13:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GNU
[2011.02.05 11:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Appupdater
[2011.02.05 11:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Appupdater
[2011.02.05 11:01:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCWAppUpdater
[2011.02.03 20:06:58 | 000,000,000 | R--D | C] -- C:\Users\*********\Documents\Scanned Documents
[2011.02.03 20:06:57 | 000,000,000 | ---D | C] -- C:\Users\*********\Documents\Fax
[2011.02.03 18:46:53 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\PS
[2011.02.03 17:47:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2011.02.03 17:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011.02.03 17:45:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011.02.03 15:43:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2011.02.03 15:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.02.03 15:42:35 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.02.03 15:42:35 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.02.03 15:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.01.28 18:34:54 | 000,046,112 | ---- | C] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\tbhsd.sys
[2011.01.28 18:34:54 | 000,042,600 | ---- | C] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\rsvcdwdr.sys
[2011.01.28 18:34:50 | 000,037,480 | ---- | C] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\rrnetcap.sys
[2011.01.19 20:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Robot Karol
[2011.01.19 20:44:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RobotKarol
[2011.01.19 15:04:33 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\NCH Software
[2011.01.17 17:35:53 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lugert Verlag
[2011.01.17 17:35:45 | 000,155,648 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\Windows\SysWow64\viscomwaveform.dll
[2011.01.17 17:35:45 | 000,110,592 | ---- | C] (Viscom Software) -- C:\Windows\SysWow64\viscomaudioencoder.dll
[2011.01.17 17:35:45 | 000,102,400 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\Windows\SysWow64\viscomaudio.dll
[2011.01.17 17:35:45 | 000,094,208 | ---- | C] (Viscom Software) -- C:\Windows\SysWow64\viscomaudiodata.dll
[2011.01.17 17:35:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lugert Verlag
[2011.01.16 17:40:08 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\OpenOffice.org
[2011.01.16 17:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010.10.30 17:08:38 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.06 18:12:48 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011.02.06 18:12:24 | 001,021,406 | ---- | M] () -- C:\Users\*********\Desktop\Thunderbird 3.1.7 (en-US) - 2011-02-06.pcv
[2011.02.06 18:11:56 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2011.02.06 18:03:00 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.06 18:00:06 | 000,000,036 | ---- | M] () -- C:\Users\*********\AppData\Local\housecall.guid.cache
[2011.02.06 17:54:37 | 000,013,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.06 17:54:37 | 000,013,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.06 17:52:59 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.02.06 17:52:59 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.02.06 17:52:59 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.02.06 17:52:59 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.02.06 17:52:59 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.02.06 17:48:38 | 000,044,362 | ---- | M] () -- C:\Users\*********\Desktop\Unbenannt.png
[2011.02.06 17:47:21 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.06 17:47:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.06 17:47:02 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.06 17:35:39 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.06 15:46:57 | 000,014,848 | ---- | M] () -- C:\Users\*********\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.06 15:43:41 | 000,107,172 | ---- | M] () -- C:\Users\*********\Desktop\Unbenannt.jpg
[2011.02.06 15:32:50 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\CrazyTalk Animator PRO.lnk
[2011.02.06 15:32:34 | 000,000,153 | RHS- | M] () -- C:\Windows\CTA1PRET.BIN
[2011.02.06 14:58:05 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.02.06 14:35:38 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\audials TV.lnk
[2011.02.06 14:35:25 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Audials 8.lnk
[2011.02.05 13:16:07 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2011.02.05 12:29:50 | 000,259,430 | ---- | M] () -- C:\Users\*********\Desktop\Angelina_Jolie_2.jpg
[2011.02.05 11:13:44 | 000,001,014 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Appupdater Tray Notification Icon.lnk
[2011.02.05 11:13:44 | 000,000,996 | ---- | M] () -- C:\Users\Public\Desktop\Appupdater.lnk
[2011.02.04 14:25:44 | 000,276,885 | ---- | M] () -- C:\Users\*********\Desktop\kork03.jpg
[2011.02.04 14:09:16 | 000,039,465 | ---- | M] () -- C:\Users\*********\Desktop\bambus-fahrrad.jpg
[2011.02.03 20:43:41 | 000,917,618 | ---- | M] () -- C:\Users\*********\Desktop\bild2.jpg
[2011.02.03 20:41:11 | 015,882,677 | ---- | M] () -- C:\Users\*********\Desktop\bild2.psd
[2011.02.03 20:29:04 | 000,574,416 | ---- | M] () -- C:\Users\*********\Desktop\bild2.jpeg
[2011.02.03 20:23:48 | 001,275,553 | ---- | M] () -- C:\Users\*********\Desktop\bild.jpg
[2011.02.03 20:10:00 | 001,209,954 | ---- | M] () -- C:\Users\*********\Desktop\bild.jpeg
[2011.02.03 15:44:39 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011.02.03 15:42:50 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.02.03 15:34:04 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2011.02.03 15:33:18 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.02.03 15:26:16 | 000,226,548 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.02.02 20:30:48 | 005,108,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.02.02 18:35:44 | 000,000,680 | RHS- | M] () -- C:\Users\*********\ntuser.pol
[2011.01.30 13:50:47 | 000,011,719 | ---- | M] () -- C:\Users\*********\Documents\Englisch-Vorbereitung 2.SA 201011.odt
[2011.01.28 18:34:54 | 000,046,112 | ---- | M] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\tbhsd.sys
[2011.01.28 18:34:54 | 000,042,600 | ---- | M] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\rsvcdwdr.sys
[2011.01.28 18:34:50 | 000,037,480 | ---- | M] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\rrnetcap.sys
[2011.01.26 19:00:19 | 000,000,139 | -H-- | M] () -- C:\Users\*********\Documents\.~lock.Unbenannt 1.odt#
[2011.01.26 16:07:26 | 000,009,835 | ---- | M] () -- C:\Users\*********\Documents\2. Mathevorbereitung.odt
[2011.01.19 20:44:39 | 000,000,894 | ---- | M] () -- C:\Users\*********\Desktop\Robot Karol.lnk
[2011.01.19 15:09:29 | 000,000,272 | ---- | M] () -- C:\Users\*********\AppData\Roaming\default.rss
[2011.01.19 15:09:29 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.01.17 17:35:53 | 000,001,071 | ---- | M] () -- C:\Users\*********\Desktop\Forte Standard.lnk
[2011.01.16 20:59:14 | 000,002,386 | ---- | M] () -- C:\Users\*********\Documents\Neue Datenbank.odb
[2011.01.16 17:40:48 | 000,001,195 | ---- | M] () -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.06 18:12:11 | 001,021,406 | ---- | C] () -- C:\Users\*********\Desktop\Thunderbird 3.1.7 (en-US) - 2011-02-06.pcv
[2011.02.06 18:11:56 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2011.02.06 18:00:06 | 000,000,036 | ---- | C] () -- C:\Users\*********\AppData\Local\housecall.guid.cache
[2011.02.06 17:44:06 | 000,044,362 | ---- | C] () -- C:\Users\*********\Desktop\Unbenannt.png
[2011.02.06 17:35:39 | 000,000,795 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.06 15:43:41 | 000,107,172 | ---- | C] () -- C:\Users\*********\Desktop\Unbenannt.jpg
[2011.02.06 15:32:50 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\CrazyTalk Animator PRO.lnk
[2011.02.06 15:32:34 | 000,000,153 | RHS- | C] () -- C:\Windows\CTA1PRET.BIN
[2011.02.06 14:58:05 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.02.06 14:35:38 | 000,002,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\audials TV.lnk
[2011.02.06 14:35:38 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\audials TV.lnk
[2011.02.06 14:35:25 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\Audials 8.lnk
[2011.02.05 14:08:48 | 000,000,088 | ---- | C] () -- C:\Users\*********\Desktop\Sidebar_neu_initialisieren.bat
[2011.02.05 13:16:07 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2011.02.05 13:16:07 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2011.02.05 11:39:03 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011.02.05 11:36:03 | 000,259,430 | ---- | C] () -- C:\Users\*********\Desktop\Angelina_Jolie_2.jpg
[2011.02.05 11:13:44 | 000,001,014 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Appupdater Tray Notification Icon.lnk
[2011.02.05 11:13:44 | 000,000,996 | ---- | C] () -- C:\Users\Public\Desktop\Appupdater.lnk
[2011.02.04 14:25:44 | 000,276,885 | ---- | C] () -- C:\Users\*********\Desktop\kork03.jpg
[2011.02.04 14:09:15 | 000,039,465 | ---- | C] () -- C:\Users\*********\Desktop\bambus-fahrrad.jpg
[2011.02.03 20:41:31 | 000,917,618 | ---- | C] () -- C:\Users\*********\Desktop\bild2.jpg
[2011.02.03 20:41:09 | 015,882,677 | ---- | C] () -- C:\Users\*********\Desktop\bild2.psd
[2011.02.03 20:40:16 | 000,574,416 | ---- | C] () -- C:\Users\*********\Desktop\bild2.jpeg
[2011.02.03 20:17:33 | 001,275,553 | ---- | C] () -- C:\Users\*********\Desktop\bild.jpg
[2011.02.03 20:09:38 | 001,209,954 | ---- | C] () -- C:\Users\*********\Desktop\bild.jpeg
[2011.02.03 20:07:44 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\CNC173FD.TBL
[2011.02.03 20:07:44 | 000,013,312 | ---- | C] () -- C:\Windows\SysNative\CNC173FD.TBL
[2011.02.03 17:50:16 | 000,001,228 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
[2011.02.03 17:49:46 | 000,001,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2011.02.03 17:48:13 | 000,001,129 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2011.02.03 17:47:57 | 000,001,222 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011.02.03 17:46:23 | 000,001,313 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2011.02.03 17:46:17 | 000,001,479 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011.02.03 17:45:46 | 000,000,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011.02.03 15:44:39 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011.02.03 15:42:50 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.02.03 15:34:03 | 000,000,629 | ---- | C] () -- C:\Windows\SysNative\mapisvc.inf
[2011.02.03 15:33:18 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.02.02 18:19:10 | 000,000,680 | RHS- | C] () -- C:\Users\*********\ntuser.pol
[2011.01.30 13:50:45 | 000,011,719 | ---- | C] () -- C:\Users\*********\Documents\Englisch-Vorbereitung 2.SA 201011.odt
[2011.01.26 19:00:19 | 000,000,139 | -H-- | C] () -- C:\Users\*********\Documents\.~lock.Unbenannt 1.odt#
[2011.01.26 15:50:02 | 000,009,835 | ---- | C] () -- C:\Users\*********\Documents\2. Mathevorbereitung.odt
[2011.01.19 20:44:39 | 000,000,894 | ---- | C] () -- C:\Users\*********\Desktop\Robot Karol.lnk
[2011.01.19 15:02:20 | 000,081,428 | ---- | C] () -- C:\Users\*********\Desktop\Bonnet__.ttf
[2011.01.17 17:35:53 | 000,001,071 | ---- | C] () -- C:\Users\*********\Desktop\Forte Standard.lnk
[2011.01.16 20:56:24 | 000,002,386 | ---- | C] () -- C:\Users\*********\Documents\Neue Datenbank.odb
[2011.01.16 17:40:48 | 000,001,195 | ---- | C] () -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010.12.24 14:43:11 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010.11.11 18:46:52 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2010.11.04 12:00:24 | 000,000,244 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.11.02 14:49:48 | 000,000,000 | ---- | C] () -- C:\Users\*********\AppData\Roaming\chrtmp
[2010.10.30 17:08:38 | 000,015,478 | ---- | C] () -- C:\Windows\snpstd3.ini
[2010.10.18 17:47:25 | 000,000,012 | ---- | C] () -- C:\Windows\inform.ini
[2010.07.17 10:57:23 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.07.17 10:57:23 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.07.17 10:22:18 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.05.18 00:47:52 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.04.23 14:22:36 | 000,000,272 | ---- | C] () -- C:\Users\*********\AppData\Roaming\default.rss
[2010.04.23 14:22:25 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.03.01 15:08:29 | 000,000,286 | ---- | C] () -- C:\Users\*********\AppData\Roaming\burnaware.ini
[2010.02.26 19:50:38 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.02.20 16:31:33 | 000,007,838 | ---- | C] () -- C:\Users\*********\AppData\Local\Temppenciltemp.png
[2010.02.20 13:15:49 | 000,000,356 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010.02.02 18:11:42 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2010.01.24 13:09:37 | 000,000,133 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.01.04 17:38:59 | 000,007,609 | ---- | C] () -- C:\Users\*********\AppData\Local\Resmon.ResmonCfg
[2010.01.04 16:23:16 | 000,000,624 | ---- | C] () -- C:\Windows\S3D.ini
[2010.01.03 15:11:58 | 000,003,082 | ---- | C] () -- C:\Windows\SysWow64\affv300053706p4now.sys
[2009.12.06 14:46:00 | 000,005,110 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2009.11.23 16:37:15 | 000,014,848 | ---- | C] () -- C:\Users\*********\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.22 14:44:28 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\RDrv2KInterface.dll
[2009.11.22 14:44:28 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\RDrvNTInterface.dll
[2009.11.22 14:44:28 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\RDrv9xInterface.dll
[2009.11.22 14:44:28 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\RDrvInterface.dll
[2009.11.22 14:43:53 | 000,000,000 | ---- | C] () -- C:\Windows\Wininit.ini
[2009.11.22 14:34:45 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2009.11.21 13:19:09 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.11.18 14:29:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009.11.17 20:07:04 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2009.08.16 09:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.29 14:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.05.29 14:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2007.12.28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.09.18 14:20:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\VDExt800.dll
[2006.09.18 14:20:58 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\VDExt712.dll
[2006.09.18 14:20:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\GDExt800.dll
[2006.08.07 18:03:20 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\GDExt712.dll
 
========== LOP Check ==========
 
[2010.07.26 19:17:51 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\10 Finger BreakOut
[2010.05.12 18:18:31 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Acronis
[2010.04.22 17:43:44 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\aMule
[2011.02.05 11:13:53 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Appupdater
[2010.04.09 11:58:49 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\AquaSoft
[2010.02.18 13:29:45 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Artweaver
[2010.10.07 14:24:38 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\ASAP Utilities
[2010.09.18 12:59:14 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Atari
[2011.02.06 15:33:53 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\BitTorrent
[2010.10.23 14:17:20 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Broad Intelligence
[2010.05.13 12:48:18 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Bump Technologies, Inc
[2010.11.05 20:39:14 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Chilirec
[2010.03.27 11:27:40 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\CopyTransDoctor
[2010.03.27 11:25:40 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\CopyTransPhoto
[2010.05.05 18:51:21 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\DAEMON Tools Pro
[2010.04.09 11:21:13 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Digiarty
[2010.03.28 18:23:43 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Downloaded Installations
[2010.03.07 13:09:33 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\DreamDale
[2010.04.05 19:57:19 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Dropbox
[2010.06.14 19:15:04 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\eMagStudio
[2010.12.05 16:33:38 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\enchant
[2010.03.02 19:58:51 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\flightgear.org
[2011.02.06 10:24:29 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\GetRightToGo
[2010.10.17 17:31:36 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\GHISLER
[2010.04.05 14:12:54 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\GlarySoft
[2011.02.05 11:13:54 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\gnupg
[2010.04.05 20:33:55 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\GoodSync
[2010.10.29 20:07:43 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\GrabPro
[2010.03.07 13:26:03 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Jumping Bytes
[2010.02.20 13:00:47 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Leadertech
[2010.11.03 15:12:18 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\MAGIX
[2010.10.06 14:23:00 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Marine Aquarium 3
[2010.03.07 13:02:09 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\MB4
[2010.03.03 13:05:11 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Mobile Master
[2010.04.09 11:47:54 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\mresreg
[2010.04.05 12:08:26 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\MudTV
[2011.02.06 10:54:11 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Notepad++
[2010.11.02 19:49:38 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\OpenCandy
[2011.01.16 17:40:08 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\OpenOffice.org
[2011.02.06 17:59:58 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Orbit
[2010.11.03 13:20:50 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Outerspace Software
[2010.10.29 20:06:59 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\ProgSense
[2010.03.07 13:01:48 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\SmashFrenzy4
[2010.03.07 13:28:11 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\supertuxkart
[2010.04.25 12:00:36 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Thunderbird
[2010.06.26 17:26:48 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Titanium
[2010.04.21 15:03:34 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Tropico 3
[2010.03.27 10:52:56 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Ubisoft
[2010.10.17 17:19:31 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Uniblue
[2010.05.14 11:18:47 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\uTorrent
[2010.10.20 16:58:32 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\VOWSoft
[2010.10.18 17:49:33 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Win7codecs
[2010.10.30 11:56:48 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Windows Live Writer
[2010.10.31 08:15:11 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\WindSolutions
[2010.03.29 14:02:43 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\XWindows Dock
[2010.05.12 18:07:54 | 000,000,558 | ---- | M] () -- C:\Windows\Tasks\Backup Hauptplatte.job
[2010.04.06 09:32:37 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\GoodSync - Backup Hauptplatte.job
[2010.11.10 20:13:41 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.07.26 19:17:51 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\10 Finger BreakOut
[2010.05.12 18:18:31 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Acronis
[2011.02.04 14:54:59 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Adobe
[2010.12.04 11:54:06 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Ahead
[2010.04.22 17:43:44 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\aMule
[2010.03.27 11:43:41 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Apple Computer
[2011.02.05 11:13:53 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Appupdater
[2010.04.09 11:58:49 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\AquaSoft
[2010.02.18 13:29:45 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Artweaver
[2010.10.07 14:24:38 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\ASAP Utilities
[2010.09.18 12:59:14 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Atari
[2011.02.06 15:33:53 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\BitTorrent
[2010.10.23 14:17:20 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Broad Intelligence
[2010.05.13 12:48:18 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Bump Technologies, Inc
[2010.11.05 20:39:14 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Chilirec
[2010.03.27 11:27:40 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\CopyTransDoctor
[2010.03.27 11:25:40 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\CopyTransPhoto
[2010.05.13 11:05:20 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\CyberLink
[2010.05.05 18:51:21 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\DAEMON Tools Pro
[2010.04.09 11:21:13 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Digiarty
[2010.03.28 18:23:43 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Downloaded Installations
[2010.03.07 13:09:33 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\DreamDale
[2010.04.05 19:57:19 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Dropbox
[2010.07.30 11:13:20 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\dvdcss
[2010.06.14 19:15:04 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\eMagStudio
[2010.12.05 16:33:38 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\enchant
[2010.03.02 19:58:51 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\flightgear.org
[2011.02.06 10:24:29 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\GetRightToGo
[2010.10.17 17:31:36 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\GHISLER
[2010.04.05 14:12:54 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\GlarySoft
[2011.02.05 11:13:54 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\gnupg
[2010.04.05 20:33:55 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\GoodSync
[2010.10.29 20:07:43 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\GrabPro
[2010.10.30 17:00:35 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\InstallShield
[2010.03.07 13:26:03 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Jumping Bytes
[2010.02.20 13:00:47 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Leadertech
[2010.02.18 16:37:21 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Logitech
[2010.10.09 19:10:56 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Macromedia
[2010.11.03 15:12:18 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\MAGIX
[2011.02.06 17:35:42 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Malwarebytes
[2010.10.06 14:23:00 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Marine Aquarium 3
[2010.03.07 13:02:09 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\MB4
[2011.02.05 16:48:57 | 000,000,000 | --SD | M] -- C:\Users\*********\AppData\Roaming\Microsoft
[2010.03.03 13:05:11 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Mobile Master
[2010.06.02 12:56:01 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Move Networks
[2011.01.17 18:44:01 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Mozilla
[2010.04.09 11:47:54 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\mresreg
[2010.04.05 12:08:26 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\MudTV
[2011.01.19 15:04:33 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\NCH Software
[2010.08.02 15:57:47 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Nero
[2011.02.06 10:54:11 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Notepad++
[2010.11.02 19:49:38 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\OpenCandy
[2011.01.16 17:40:08 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\OpenOffice.org
[2011.02.06 17:59:58 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Orbit
[2010.11.03 13:20:50 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Outerspace Software
[2010.10.29 20:06:59 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\ProgSense
[2010.02.20 11:25:07 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Real
[2011.01.29 11:05:16 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Reallusion
[2010.02.20 13:12:36 | 000,000,000 | RH-D | M] -- C:\Users\*********\AppData\Roaming\SecuROM
[2010.03.07 13:01:48 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\SmashFrenzy4
[2010.03.07 13:28:11 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\supertuxkart
[2010.04.25 12:00:36 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Thunderbird
[2010.06.26 17:26:48 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Titanium
[2010.04.21 15:03:34 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Tropico 3
[2010.03.27 10:52:56 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Ubisoft
[2010.10.17 17:19:31 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Uniblue
[2010.05.14 11:18:47 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\uTorrent
[2010.10.29 19:25:00 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\vlc
[2010.10.20 16:58:32 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\VOWSoft
[2010.10.18 17:49:33 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Win7codecs
[2010.10.30 11:56:48 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Windows Live Writer
[2010.10.31 08:15:11 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\WindSolutions
[2010.03.27 11:14:13 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\WinRAR
[2010.03.29 14:02:43 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\XWindows Dock
 
< %APPDATA%\*.exe /s >
[2010.10.29 17:51:34 | 025,913,755 | ---- | M] () -- C:\Users\*********\AppData\Roaming\Chilirec\ChilirecUpdate.exe
[2010.11.21 18:46:51 | 000,012,862 | R--- | M] () -- C:\Users\*********\AppData\Roaming\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
[2010.03.28 17:44:44 | 000,010,134 | R--- | M] () -- C:\Users\*********\AppData\Roaming\Microsoft\Installer\{1AC91509-E17B-46F7-A032-B54DCCA6E8BB}\ARPPRODUCTICON.exe
[2011.02.06 12:23:35 | 000,098,304 | R--- | M] () -- C:\Users\*********\AppData\Roaming\Microsoft\Installer\{D40AF016-506C-43FB-A738-BD54FA8C1E85}\python_icon.exe
[2010.12.20 18:30:30 | 000,010,134 | R--- | M] () -- C:\Users\*********\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.06.02 12:56:01 | 000,144,053 | ---- | M] () -- C:\Users\*********\AppData\Roaming\Move Networks\uninstall.exe
[2010.02.11 20:31:38 | 000,097,216 | ---- | M] () -- C:\Users\*********\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2010.11.02 19:49:39 | 000,349,296 | ---- | M] () -- C:\Users\*********\AppData\Roaming\OpenCandy\OpenCandy_62256DED75BF402FAF991DC28BCFE193\DLMgr_3_1.6.87.exe
[2010.10.27 19:26:52 | 027,218,976 | ---- | M] (TuneUp Media, Inc.) -- C:\Users\*********\AppData\Roaming\OpenCandy\OpenCandy_62256DED75BF402FAF991DC28BCFE193\TuneUpInst-1.9.0-cmp132.exe
[2010.04.21 15:03:30 | 017,656,864 | ---- | M] () -- C:\Users\*********\AppData\Roaming\Tropico 3\Tropico3Patch100-109.exe
[2010.11.04 11:57:52 | 005,414,496 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\*********\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\ub.exe
[2010.10.30 19:00:00 | 005,514,920 | ---- | M] (WindSolutions) -- C:\Users\*********\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTrans.exe
[2010.10.23 18:48:06 | 002,728,160 | ---- | M] (WindSolutions) -- C:\Users\*********\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
[2010.10.31 08:15:03 | 005,191,864 | ---- | M] (WindSolutions) -- C:\Users\*********\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransPhoto.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 168 bytes -> C:\Users\*********\Desktop\bild2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\*********\Desktop\bild.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:0888F409
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34

< End of report >
--- --- ---
__________________
Alt 06.02.2011, 18:39   #4
markusg
/// Malware-holic
 
Problem mit Flash-Player Fälschung - Standard

Problem mit Flash-Player Fälschung


ich sehe true image, wirds genutzt? dann spiele doch nen backup zurück. das dauert 5 minuten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.02.2011, 18:43   #5
phochaew
 
Problem mit Flash-Player Fälschung - Standard

Problem mit Flash-Player Fälschung


Hallo,

wäre ungünstig, habe sehr viel gearbeitet seit letztem Backup!

MFG, phochaew


Alt 06.02.2011, 18:47   #6
markusg
/// Malware-holic
 
Problem mit Flash-Player Fälschung - Standard

Problem mit Flash-Player Fälschung


oman wofür instaliert ihr euch eig backup programme wenn ihr sie nicht so nutzt, dass sie euch im notfall was nutzen...?
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________
--> Problem mit Flash-Player Fälschung

Alt 06.02.2011, 18:49   #7
phochaew
 
Problem mit Flash-Player Fälschung - Standard

Problem mit Flash-Player Fälschung


Erstmal gute Nachricht:

Es kam nichtmehr, seit ich nochmal mit diversen Scannern durchgelaufen bin.

Wenn es nochmal kommen sollte, informiere ich hier!

Speziellen Dank an markusg!!!!!

MFG, phoachew

Alt 06.02.2011, 18:57   #8
markusg
/// Malware-holic
 
Problem mit Flash-Player Fälschung - Standard

Problem mit Flash-Player Fälschung


welche scanner, was haben sie gefunden?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Problem mit Flash-Player Fälschung
adobe, angehängt, bild, erweitert, fenster, flash, flash-player, fälschung, hinweis, installier, malware, neu, nichts, problem, öffnet


« Avira Antivir Guard lässt sich nicht mehr starten | Iexplore.exe Virus AD von IE »


Ähnliche Themen: Problem mit Flash-Player Fälschung


  1. Adobe Flash Player
    Log-Analyse und Auswertung - 21.11.2015 (28)
  2. Probleme mit Flash Player
    Alles rund um Windows - 27.04.2015 (8)
  3. Facebook Flash Player Problem
    Log-Analyse und Auswertung - 08.02.2015 (1)
  4. Win7_Rechner hängt/Internet langsam/ständig Meldung: Plug-in (Shockwave Flash / oder Flash Player) hängt oder reagiert nicht
    Plagegeister aller Art und deren Bekämpfung - 15.11.2014 (19)
  5. Pop ups von Flash Player Updates etc. + Flash Player funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 24.07.2014 (8)
  6. in PPopup vom flash Player: Seite kann nicht angezeigt werden! Aktualisieren sie Player auf die neueste Version!
    Plagegeister aller Art und deren Bekämpfung - 26.06.2014 (21)
  7. Problem mit dem Update von Adobe Flash Player
    Log-Analyse und Auswertung - 27.01.2014 (1)
  8. Windows 8 wird nach einiger Zeit immer langsamer. Problem mit Flash-Player oder Virus?
    Log-Analyse und Auswertung - 05.09.2013 (9)
  9. Firefox / plugin-container.exe - Absturz/ adobe flash player --> Problem
    Plagegeister aller Art und deren Bekämpfung - 24.02.2012 (8)
  10. Flash Player defekt
    Alles rund um Windows - 11.10.2011 (17)
  11. Einbruch bei RSA: Der Flash Player war schuld
    Nachrichten - 04.04.2011 (0)
  12. Flash Player 10.2 ist fertig
    Nachrichten - 09.02.2011 (0)
  13. Flash player update
    Netzwerk und Hardware - 27.12.2010 (19)
  14. Flash-Player als Spionagesystem
    Nachrichten - 06.09.2010 (0)
  15. Probleme mit Aktiv X und Flash Player
    Log-Analyse und Auswertung - 05.01.2008 (1)
  16. Macromedia Flash Player Problem
    Alles rund um Windows - 01.06.2005 (3)
  17. Flash Player für Offline?
    Alles rund um Windows - 09.03.2004 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Problem mit Flash-Player Fälschung - Hallo erstmal, ich bin neu hier und zwar wegen einem Problem. Bei mir öffnet sich die ganze Zeit so ein Adobe Flash Player- Installier Fenster (siehe Bild). Da aber nichts - Problem mit Flash-Player Fälschung...
Archiv
Du betrachtest: Problem mit Flash-Player Fälschung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19