| |
| |||||||
Log-Analyse und Auswertung: Rootkit Patched TDSS GEn entfernt?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.04.2011, 06:56
| #1 |
 |  Rootkit Patched TDSS GEn entfernt? Hallo Leute, mein Firefox hat sich in letzter Zeit komisch verhalten (Google Serveranfragen wurden umgeleitet und Werbepopups wurden eingeblendet). Nachdem ich mal Routinemäßig mein G-Data 2011 den Rechner Scannen lassen wollte ist mir aufgefallen das seit 02.04. keine Updates mehr geladen wurden (was er eigentlich stündlich macht). Nach Anruf beim Support wurde mir gesagt ich sollte die neueste Version installieren und den 2011er deinstallieren (Das Updateproblem könnte an einem Bluescreen liegen den ich vor ein paar Tagen mal hatte). So dann ging es los; ich konnte nicht auf den G-Data Server zugreifen (Server nicht gefunden - mit keinem Browser). Bei Chip ging dann der Download. Danach Spybot versucht zu starten - keine Chance. Ich habe dann mit der G-Data Boot CD 2012 und der neuesten Virendatenbank meinen Rechner gestartet und gescannt. Er fand Rootkit.Patched.TDSS.Gen in C:/Windows/System32/Drivers/Atapi.sys (Atapi oder so ähnlich) Ich habe ihn löschen lassen und mit einer Windowsdatei aus einem sauberen Backup ersetzt. Nun meine Frage ob der Rechner wieder sauber ist: OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.04.2011 20:29:56 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Marco\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): c:\pagefile.sys 5000 10000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 180,18 Gb Free Space | 38,69% Space Free | Partition Type: NTFS Drive E: | 292,80 Gb Total Space | 219,79 Gb Free Space | 75,07% Space Free | Partition Type: NTFS Drive F: | 5,29 Gb Total Space | 0,88 Gb Free Space | 16,60% Space Free | Partition Type: NTFS Drive G: | 930,86 Gb Total Space | 25,40 Gb Free Space | 2,73% Space Free | Partition Type: NTFS Drive I: | 614,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ***-PC | User Name: Marco | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.05 20:21:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe PRC - [2011.04.01 08:44:49 | 001,537,544 | ---- | M] (G Data Software AG) -- C:\Programme\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2011.04.01 08:44:44 | 001,430,024 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G DATA\AVKProxy\AVKProxy.exe PRC - [2011.04.01 08:44:30 | 000,922,120 | ---- | M] (G Data Software AG) -- C:\Programme\G DATA\InternetSecurity\AVKTray\AVKTray.exe PRC - [2011.03.18 19:56:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.03.04 19:56:38 | 000,353,288 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G DATA\GDScan\GDScan.exe PRC - [2011.03.04 19:56:14 | 000,381,448 | ---- | M] (G Data Software AG) -- C:\Programme\G DATA\InternetSecurity\AVK\AVKService.exe PRC - [2011.03.04 03:31:36 | 001,606,048 | ---- | M] (G Data Software AG) -- C:\Programme\G DATA\InternetSecurity\Firewall\GDFwSvc.exe PRC - [2011.03.04 03:22:12 | 001,368,648 | ---- | M] (G Data Software AG) -- C:\Programme\G DATA\InternetSecurity\AVK\AVKWCtl.exe PRC - [2011.01.07 22:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.10.20 12:22:24 | 000,630,272 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2010.10.20 12:20:46 | 000,149,504 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010.07.25 08:26:02 | 000,884,736 | ---- | M] () -- C:\Users\Marco\AppData\Local\TVersity\Media Server\MediaServer.exe PRC - [2010.01.27 14:38:30 | 003,557,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe PRC - [2009.12.08 21:10:24 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe PRC - [2009.10.27 11:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2009.10.23 14:53:26 | 000,834,888 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2009.10.23 14:51:02 | 001,011,528 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.07.14 22:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\Ralink\Common\RaRegistry.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:43 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe PRC - [2009.07.14 03:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2009.02.27 00:30:54 | 002,106,624 | ---- | M] () -- C:\Programme\OO Software\DiskImage\oodiag.exe PRC - [2008.05.07 17:48:12 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\ASTSRV.EXE PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE ========== Modules (SafeList) ========== MOD - [2011.04.05 20:21:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe MOD - [2010.12.18 07:29:18 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.07.14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2009.02.27 00:31:30 | 000,111,872 | ---- | M] () -- C:\Programme\OO Software\DiskImage\oodishi.dll MOD - [2009.02.27 00:30:06 | 000,353,536 | ---- | M] () -- C:\Programme\OO Software\DiskImage\oodishrs.dll ========== Win32 Services (SafeList) ========== SRV - [2011.04.01 08:44:44 | 001,430,024 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2011.03.19 20:22:39 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.03.04 19:56:38 | 000,353,288 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan) SRV - [2011.03.04 19:56:14 | 000,381,448 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2011.03.04 03:31:36 | 001,606,048 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc) SRV - [2011.03.04 03:22:12 | 001,368,648 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl) SRV - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.10.25 09:04:43 | 000,435,528 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.10.20 12:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.07.25 08:26:02 | 000,884,736 | ---- | M] () [Auto | Start_Pending] -- C:\Users\Marco\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer) SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [Auto | Running] -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009.12.08 21:10:24 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc) SRV - [2009.10.23 14:51:02 | 001,011,528 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2009.10.23 14:45:20 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) TuneUp Designerweiterung (beta) SRV - [2009.10.19 20:54:05 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.07.14 22:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Programme\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.02.27 00:30:54 | 002,106,624 | ---- | M] () [Auto | Running] -- C:\Program Files\OO Software\DiskImage\oodiag.exe -- (O&O DiskImage) SRV - [2008.05.07 17:48:12 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\ASTSRV.EXE -- (astcc) ========== Driver Services (SafeList) ========== DRV - [2011.04.05 19:24:44 | 000,030,256 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\GRD.sys -- (GRD) DRV - [2011.04.05 18:53:38 | 000,048,344 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt) DRV - [2011.04.05 18:53:06 | 000,073,432 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2011.04.05 18:53:06 | 000,039,640 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre) DRV - [2011.04.05 18:53:05 | 000,037,720 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\GDBehave.sys -- (GDBehave) DRV - [2011.04.05 18:53:05 | 000,029,400 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GdNetMon32.sys -- (GdNetMon) DRV - [2011.04.05 18:53:04 | 000,052,440 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd) DRV - [2011.01.08 05:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.02.26 15:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.02.26 15:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.02.26 15:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.02.26 15:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009.10.21 17:56:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009.08.22 20:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32) DRV - [2009.07.29 18:18:20 | 000,553,472 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.02.27 00:35:08 | 000,031,240 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\oodivdh.sys -- (oodivdh) DRV - [2009.02.27 00:35:06 | 000,133,640 | ---- | M] (O&O Software GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\oodivd.sys -- (oodivd) DRV - [2009.02.27 00:35:04 | 000,028,680 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\oodisrh.sys -- (oodisrh) DRV - [2009.02.27 00:35:02 | 000,095,752 | ---- | M] (O&O Software GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\oodisr.sys -- (oodisr) DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.02.20 14:47:34 | 000,027,936 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd) DRV - [2007.09.25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\MediaCoder\SysInfo.sys -- (CrystalSysInfo) DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2003.02.18 09:38:04 | 000,017,504 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gt680x.sys -- (GT680x) DRV - [2002.05.06 20:01:14 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (Aspi32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 6C 45 72 91 F3 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.02.07 11:19:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.16 02:37:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.16 02:37:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.03.06 09:13:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.01.16 02:37:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.03.06 09:13:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.01.16 02:37:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.03.06 09:13:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.01.16 02:37:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.03.06 09:13:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.01.16 02:37:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.03.06 09:13:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.01.16 02:37:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.06 09:13:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.03.06 09:13:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.01.16 02:37:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.03.06 09:13:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.01.16 02:37:25 | 000,000,000 | ---D | M] [2010.11.27 16:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Extensions [2010.08.19 15:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.11.27 16:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2009.10.19 14:43:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\43tdf2dy.default\extensions [2011.04.05 19:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions [2011.04.05 14:41:39 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9} [2011.04.05 14:41:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41} [2011.04.05 14:41:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.05 14:41:39 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b} [2011.04.05 14:41:39 | 000,000,000 | ---D | M] (Abstract Classic) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66} [2011.04.05 14:41:39 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.04.05 14:41:39 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2011.04.05 14:41:39 | 000,000,000 | ---D | M] (own) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{35f30c40-35d4-11d9-8dbc-000c6e787ef7} [2011.04.05 14:41:39 | 000,000,000 | ---D | M] (GrApple (Eos)) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{39cba7fd-64f8-4757-91f5-5586a78555fd} [2011.04.05 14:41:39 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2011.04.05 14:41:40 | 000,000,000 | ---D | M] (GrApple Delicious (blue)) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{472be34c-9688-fd8a-227e-f32eabb78c1c} [2011.04.05 14:41:40 | 000,000,000 | ---D | M] (iSafari) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{506622a4-fb54-11db-8314-0800200c9a66} [2011.04.05 14:41:40 | 000,000,000 | ---D | M] (Browse Images) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{62b958b4-9962-4fc2-9983-01a9a42d6f2d} [2011.04.05 14:41:40 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} [2011.04.05 14:41:40 | 000,000,000 | ---D | M] (iFox) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56} [2011.04.05 14:41:40 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2011.04.05 14:41:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.04.05 14:41:40 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011.04.05 14:41:40 | 000,000,000 | ---D | M] (SearchStatus) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a} [2011.04.05 14:41:40 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2011.04.05 14:41:40 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2011.04.05 14:41:40 | 000,000,000 | ---D | M] ("oneview Tools") -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{E9A4B2C3-9857-4873-BA67-FB4271257B20} [2011.04.05 14:41:12 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0} [2011.04.05 14:41:22 | 000,000,000 | ---D | M] (Multi Links) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\multilinks@plugin [2011.04.05 14:41:38 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\piclens@cooliris.com [2011.04.05 14:41:22 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\smarterwiki@wikiatic.com [2011.04.05 14:41:38 | 000,000,000 | ---D | M] (Splash) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\splash@aldreneo.com [2011.04.05 14:41:38 | 000,000,000 | ---D | M] ("Alexa Sparky") -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\toolbar@alexa.com [2011.04.05 14:41:38 | 000,000,000 | ---D | M] (Firefox ClickOnce Erweiterung) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\webmaster@meamod.com [2011.04.05 08:50:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}\chrome\mozapps\extensions [2009.10.19 15:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\twpdu6fu.default\extensions [2009.10.19 15:49:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\y292rhh4.default\extensions [2011.04.05 19:42:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.04.05 18:53:12 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2011.04.05 14:41:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.04.05 14:41:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [RK Launcher] C:\Program Files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe (RaduKing) O4 - HKLM..\Run: [System Files Updater] C:\Windows\FlyakiteOSX\Tools\System Files Updater.exe () O4 - HKCU..\Run: [Alt+Q Hotkey Tool] C:\Windows\Alt+Q Hotkey.exe () O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKCU..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe (RapidSolution Software AG) O4 - HKCU..\Run: [UberIcon] C:\Program Files\UberIcon\UberIcon Manager.exe () O4 - HKCU..\Run: [WinRoll] C:\Programme\WinRoll\winroll.exe () O4 - HKCU..\Run: [Yz Shadow] C:\Programme\YzShadow\YzShadow.exe (Y'z@Home) O4 - Startup: C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BeratungsNavigator Quickstarter.lnk = C:\Stuttgarter_Versicherungsgruppe\Stuttgarter\.kevuSSLV\SAS\kqstarter.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\excel.exe (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab (CKAVWebScan Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.177 217.0.43.161 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.06.18 23:12:18 | 000,000,088 | ---- | M] () - I:\autorun.inf -- [ UDF ] O33 - MountPoints2\{5acc1b3f-688c-11df-a204-cf16305673b9}\Shell - "" = AutoRun O33 - MountPoints2\{5acc1b3f-688c-11df-a204-cf16305673b9}\Shell\AutoRun\command - "" = I:\WD SmartWare.exe -- [2009.11.13 21:25:22 | 003,280,672 | ---- | M] (Western Digital) O33 - MountPoints2\{a162abee-f23b-11de-9e5b-0023542551c7}\Shell - "" = AutoRun O33 - MountPoints2\{a162abee-f23b-11de-9e5b-0023542551c7}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O33 - MountPoints2\{c33a2fa5-d1b7-11de-8f30-0023542551c7}\Shell - "" = AutoRun O33 - MountPoints2\{c33a2fa5-d1b7-11de-8f30-0023542551c7}\Shell\AutoRun\command - "" = H:\Setup\rsrc\Autorun.exe O33 - MountPoints2\{c33a2fa5-d1b7-11de-8f30-0023542551c7}\Shell\dinstall\command - "" = H:\Directx\dxsetup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe - () MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk - C:\Programme\Ralink\Common\RaUI.exe - (Ralink Technology, Corp.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Register Mask Pro 3.0.lnk - - File not found MsConfig - StartUpReg: Acrobat Assistant 7.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - File not found MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) MsConfig - StartUpReg: EADM - hkey= - key= - C:\Program Files\Electronic Arts\EADM\EADMUI\EADMUI.exe (Electronic Arts) MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig - State: "bootini" - 2 MsConfig - State: "startup" - 2 ========== Files/Folders - Created Within 30 Days ========== [2011.04.05 20:29:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.04.05 20:28:28 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.04.05 20:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.04.05 20:22:04 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Marco\Desktop\Erunt-setup.exe [2011.04.05 20:21:32 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe [2011.04.05 20:21:30 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Marco\Desktop\TFC.exe [2011.04.05 19:24:44 | 000,030,256 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2011.04.05 18:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity 2012 [2011.04.05 18:53:06 | 000,073,432 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2011.04.05 18:53:06 | 000,039,640 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys [2011.04.05 18:53:05 | 000,037,720 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2011.04.05 18:53:05 | 000,029,400 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GdNetMon32.sys [2011.04.05 18:53:04 | 000,052,440 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2011.04.05 15:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011.04.05 15:41:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\Kaspersky Lab [2011.04.05 13:31:04 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2011.04.05 13:30:09 | 000,000,000 | ---D | C] -- C:\Programme\Sun [2011.03.29 15:22:59 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Roaming\MySEOSolution_DB_Dir [2011.03.29 15:22:36 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Local\MySEOSolution [2011.03.29 15:21:58 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Article Wizard [2011.03.29 15:21:58 | 000,000,000 | ---D | C] -- C:\Programme\Article Wizard [2011.03.28 20:58:45 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NÜRNBERGER BTplus 01.2011 [2011.03.28 20:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.03.28 20:56:12 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight [2011.03.27 17:03:25 | 000,000,000 | ---D | C] -- C:\Users\Marco\Desktop\mein_hpl_2009 [2011.03.26 20:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D [2011.03.26 20:35:23 | 000,000,000 | ---D | C] -- C:\Programme\Sweet Home 3D [2011.03.24 15:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\firebird [2011.03.23 16:33:29 | 000,000,000 | ---D | C] -- C:\Programme\SomePDF [2011.03.23 16:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SomePDF [2011.03.15 22:09:40 | 000,000,000 | ---D | C] -- C:\Users\Marco\Desktop\zeitler angebot [2011.03.13 10:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.03.13 10:27:17 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.03.12 16:59:47 | 000,000,000 | --SD | C] -- C:\Users\Marco\AppData\Roaming\Brother [2011.03.10 19:41:22 | 000,000,000 | ---D | C] -- C:\Users\Marco\Desktop\Backlinkspeed [2011.03.09 14:25:28 | 000,000,000 | ---D | C] -- C:\PCWELT [2010.07.13 14:55:07 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Marco\AppData\Roaming\pcouffin.sys [2010.07.02 19:22:49 | 000,017,504 | ---- | C] ( ) -- C:\Windows\System32\drivers\gt680x.sys ========== Files - Modified Within 30 Days ========== [2011.04.05 20:28:29 | 000,000,894 | ---- | M] () -- C:\Users\Marco\Desktop\NTREGOPT.lnk [2011.04.05 20:28:29 | 000,000,875 | ---- | M] () -- C:\Users\Marco\Desktop\ERUNT.lnk [2011.04.05 20:22:14 | 000,301,568 | ---- | M] () -- C:\Users\Marco\Desktop\g2m3e4r.exe [2011.04.05 20:22:05 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Marco\Desktop\Erunt-setup.exe [2011.04.05 20:21:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe [2011.04.05 20:21:32 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Marco\Desktop\TFC.exe [2011.04.05 20:15:41 | 000,377,280 | ---- | M] () -- C:\Users\Marco\Desktop\Load.exe [2011.04.05 20:08:05 | 004,272,474 | ---- | M] () -- C:\Users\Marco\Desktop\osam_autorun_manager_5_0_portable.rar [2011.04.05 19:47:00 | 000,701,762 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.05 19:47:00 | 000,656,076 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.05 19:47:00 | 000,149,656 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.05 19:47:00 | 000,122,464 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.05 19:45:17 | 000,001,216 | ---- | M] () -- C:\Users\Marco\Desktop\Spybot - Search & Destroy.lnk [2011.04.05 19:36:17 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.05 19:36:17 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.05 19:24:44 | 000,030,256 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2011.04.05 19:24:04 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2011.04.05 19:21:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.05 19:21:41 | 2616,500,224 | -HS- | M] () -- C:\hiberfil.sys [2011.04.05 19:12:31 | 000,258,786 | ---- | M] () -- C:\Windows\System32\sig.bin [2011.04.05 19:12:31 | 000,028,071 | ---- | M] () -- C:\Windows\System32\nmp.map [2011.04.05 18:57:25 | 000,000,044 | ---- | M] () -- C:\unconfirm.ini [2011.04.05 18:53:38 | 000,048,344 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys [2011.04.05 18:53:06 | 000,073,432 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2011.04.05 18:53:06 | 000,039,640 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys [2011.04.05 18:53:05 | 000,037,720 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2011.04.05 18:53:05 | 000,029,400 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GdNetMon32.sys [2011.04.05 18:53:04 | 000,052,440 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2011.04.05 15:13:42 | 000,000,036 | ---- | M] () -- C:\Users\Marco\AppData\Local\housecall.guid.cache [2011.04.05 08:46:11 | 058,851,542 | ---- | M] () -- C:\Users\Marco\Documents\Firefox 3.6.16 (de) - 2011-04-05.pcv [2011.04.04 14:24:36 | 058,198,443 | ---- | M] () -- C:\Users\Marco\Documents\Firefox 4.0 (de) - 2011-04-04.pcv [2011.03.31 09:36:59 | 000,016,904 | ---- | M] () -- C:\Windows\VFRAME32.INI [2011.03.31 09:17:45 | 000,000,848 | ---- | M] () -- C:\Windows\VFORTSCH.INI [2011.03.31 09:17:33 | 000,000,590 | ---- | M] () -- C:\Windows\VPMS.INI [2011.03.29 08:23:53 | 002,114,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.03.28 21:01:18 | 000,017,482 | ---- | M] () -- C:\Windows\System32\drivers\etc\services [2011.03.28 18:13:02 | 000,001,277 | ---- | M] () -- C:\Windows\CAF.INI [2011.03.28 18:13:02 | 000,000,996 | ---- | M] () -- C:\Windows\DOCS.INI [2011.03.24 12:40:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2011.03.22 19:57:21 | 000,001,254 | ---- | M] () -- C:\Users\Marco\Desktop\Scan - Verknüpfung.lnk [2011.03.22 16:55:52 | 000,000,182 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.03.22 11:51:18 | 000,000,003 | ---- | M] () -- C:\Windows\VMAPO.DAT [2011.03.18 19:31:58 | 000,000,691 | ---- | M] () -- C:\Windows\cdplayer.ini [2011.03.18 18:20:04 | 000,376,684 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat [2011.03.13 13:36:01 | 000,009,241 | ---- | M] () -- C:\Users\Marco\Desktop\Anleitung.html [2011.03.12 01:23:19 | 000,026,624 | ---- | M] () -- C:\Users\Marco\Desktop\FreeBlogCommenter.exe [2011.03.10 19:49:24 | 000,632,037 | ---- | M] () -- C:\Users\Marco\Desktop\backlinks5k.php [2011.03.10 19:40:48 | 062,030,246 | ---- | M] () -- C:\Users\Marco\Desktop\Top 20 Premium Wordpress Theme - HOT 2010.rar [2011.03.08 15:13:01 | 000,151,581 | ---- | M] () -- C:\Users\Marco\Desktop\Abmahnung - Fiebel.pdf [2011.03.07 09:03:02 | 000,000,465 | ---- | M] () -- C:\Windows\System32\test ========== Files Created - No Company Name ========== [2011.04.05 20:28:29 | 000,000,894 | ---- | C] () -- C:\Users\Marco\Desktop\NTREGOPT.lnk [2011.04.05 20:28:29 | 000,000,875 | ---- | C] () -- C:\Users\Marco\Desktop\ERUNT.lnk [2011.04.05 20:21:16 | 000,301,568 | ---- | C] () -- C:\Users\Marco\Desktop\g2m3e4r.exe [2011.04.05 20:15:38 | 000,377,280 | ---- | C] () -- C:\Users\Marco\Desktop\Load.exe [2011.04.05 20:05:45 | 004,272,474 | ---- | C] () -- C:\Users\Marco\Desktop\osam_autorun_manager_5_0_portable.rar [2011.04.05 19:45:17 | 000,001,216 | ---- | C] () -- C:\Users\Marco\Desktop\Spybot - Search & Destroy.lnk [2011.04.05 19:12:23 | 000,258,786 | ---- | C] () -- C:\Windows\System32\sig.bin [2011.04.05 19:12:23 | 000,028,071 | ---- | C] () -- C:\Windows\System32\nmp.map [2011.04.05 18:57:25 | 000,000,044 | ---- | C] () -- C:\unconfirm.ini [2011.04.05 15:13:42 | 000,000,036 | ---- | C] () -- C:\Users\Marco\AppData\Local\housecall.guid.cache [2011.04.05 08:45:11 | 058,851,542 | ---- | C] () -- C:\Users\Marco\Documents\Firefox 3.6.16 (de) - 2011-04-05.pcv [2011.04.04 14:23:42 | 058,198,443 | ---- | C] () -- C:\Users\Marco\Documents\Firefox 4.0 (de) - 2011-04-04.pcv [2011.03.24 12:40:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2011.03.23 12:09:29 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.03.22 19:57:21 | 000,001,254 | ---- | C] () -- C:\Users\Marco\Desktop\Scan - Verknüpfung.lnk [2011.03.13 13:41:20 | 000,009,241 | ---- | C] () -- C:\Users\Marco\Desktop\Anleitung.html [2011.03.12 01:23:18 | 000,026,624 | ---- | C] () -- C:\Users\Marco\Desktop\FreeBlogCommenter.exe [2011.03.10 19:49:24 | 000,632,037 | ---- | C] () -- C:\Users\Marco\Desktop\backlinks5k.php [2011.03.10 19:15:35 | 062,030,246 | ---- | C] () -- C:\Users\Marco\Desktop\Top 20 Premium Wordpress Theme - HOT 2010.rar [2011.03.08 15:13:01 | 000,151,581 | ---- | C] () -- C:\Users\Marco\Desktop\Abmahnung - Fiebel.pdf [2011.03.07 09:03:02 | 000,000,465 | ---- | C] () -- C:\Windows\System32\test [2011.02.13 13:17:29 | 000,000,101 | ---- | C] () -- C:\Users\Marco\AppData\Local\fusioncache.dat [2011.02.07 13:05:08 | 000,000,244 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2011.02.07 13:05:08 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2011.02.07 13:03:01 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.02.07 13:03:01 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.02.07 12:59:31 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2011.02.07 12:58:45 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2011.02.07 12:58:45 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2011.02.07 12:58:44 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2011.02.07 12:50:52 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2011.01.04 20:24:09 | 000,000,000 | ---- | C] () -- C:\Windows\Hatchery.INI [2011.01.04 20:19:38 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe [2010.12.20 12:08:53 | 000,000,065 | ---- | C] () -- C:\Windows\BADENIA.INI [2010.10.30 11:32:43 | 000,000,331 | ---- | C] () -- C:\Windows\doom3.ini [2010.10.21 16:30:24 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.09.30 16:24:35 | 000,017,900 | ---- | C] () -- C:\Windows\War3Unin.dat [2010.09.18 23:28:21 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.09.18 10:49:32 | 000,005,095 | ---- | C] () -- C:\ProgramData\xpbthzbm.qqq [2010.09.03 15:45:22 | 000,376,684 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.07.13 14:55:47 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll [2010.07.13 14:55:07 | 000,081,920 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\ezpinst.exe [2010.07.13 14:55:07 | 000,007,176 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\pcouffin.cat [2010.07.13 14:55:07 | 000,001,144 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\pcouffin.inf [2010.07.02 19:22:49 | 000,118,784 | ---- | C] () -- C:\Windows\System32\MKCoInstaller.dll [2010.06.21 20:48:20 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010.04.20 16:08:17 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2010.02.07 19:43:30 | 000,000,026 | ---- | C] () -- C:\Windows\PhatMan.INI [2010.01.21 16:36:14 | 000,000,417 | ---- | C] () -- C:\Windows\BSC.ini [2009.12.26 20:43:15 | 000,000,248 | ---- | C] () -- C:\Windows\emug3.ini [2009.12.26 19:10:04 | 000,000,099 | ---- | C] () -- C:\Windows\RealFlight.INI [2009.12.26 19:06:50 | 000,000,008 | ---- | C] () -- C:\Windows\System32\PROTOCOL.INI [2009.12.26 18:57:59 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI [2009.12.08 21:10:24 | 000,003,072 | ---- | C] () -- C:\Windows\System32\Viveza2FC32.dll [2009.11.06 20:26:25 | 000,000,182 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.10.24 20:33:05 | 000,045,056 | ---- | C] () -- C:\Programme\leftsider.dll [2009.10.21 12:26:05 | 000,000,003 | ---- | C] () -- C:\Windows\VMAPO.DAT [2009.10.21 12:23:58 | 000,016,904 | ---- | C] () -- C:\Windows\VFRAME32.INI [2009.10.21 12:12:01 | 000,000,848 | ---- | C] () -- C:\Windows\VFORTSCH.INI [2009.10.21 12:08:42 | 000,001,277 | ---- | C] () -- C:\Windows\CAF.INI [2009.10.21 12:08:42 | 000,000,996 | ---- | C] () -- C:\Windows\DOCS.INI [2009.10.21 12:08:40 | 000,000,590 | ---- | C] () -- C:\Windows\VPMS.INI [2009.10.21 12:08:35 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.10.21 11:23:40 | 000,000,691 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.10.19 23:06:58 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI [2009.10.19 20:49:20 | 000,118,784 | ---- | C] () -- C:\Windows\bwUnin-7.2.0.137-8876480SL.exe [2009.10.19 19:50:57 | 000,001,179 | ---- | C] () -- C:\Windows\ODBC.INI [2009.10.19 14:44:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.07.14 10:47:43 | 000,701,762 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,149,656 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 002,114,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,656,076 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,122,464 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.05.17 23:02:42 | 000,000,012 | RHS- | C] () -- C:\Windows\msmkctrl.dll [2008.02.15 16:08:26 | 000,000,000 | ---- | C] () -- C:\ProgramData\f7129022-a000-4847-db07-470265a73c4f [2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2007.08.23 19:30:00 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007.06.28 18:54:10 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2007.06.28 18:52:18 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2005.12.18 21:14:24 | 000,027,648 | ---- | C] () -- C:\Windows\Alt+Q Hotkey.exe [2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [1995.11.16 18:31:36 | 000,000,127 | ---- | C] () -- C:\Windows\KPCMS.INI [1995.10.24 20:28:53 | 000,210,944 | ---- | C] () -- C:\Windows\System32\msvcrt10.dll ========== LOP Check ========== [2009.10.20 22:34:56 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Alien Skin [2010.11.16 12:26:42 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Broad Intelligence [2011.04.05 14:41:38 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Free Monitor for Google [2010.08.25 21:52:51 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\GHISLER [2010.05.10 18:49:25 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\gnupg [2009.10.26 09:34:42 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\invers [2009.10.20 08:49:20 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Leadertech [2011.01.16 02:37:33 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Local [2009.12.05 23:39:25 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Mask Pro 4.0 [2011.03.29 15:29:21 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\MySEOSolution_DB_Dir [2010.09.07 22:55:28 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Nik Software [2009.10.27 09:48:54 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Nokia [2010.07.26 14:32:52 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\onOne Software [2010.10.21 18:45:25 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\PC Suite [2010.08.27 17:33:58 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\RTPlayer [2009.11.15 15:28:08 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\runic games [2011.01.11 17:28:00 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\TeamViewer [2009.10.19 18:04:47 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Temp [2010.12.29 13:54:27 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Thunderbird [2010.11.27 16:17:41 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\TomTom [2011.04.04 08:02:28 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Tunebite [2009.10.24 14:37:40 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\TuneUp Software [2011.02.13 13:19:48 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Turbine [2010.04.16 12:40:20 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\uTorrent [2011.03.07 13:43:50 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Vso [2011.04.05 16:36:45 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.10.19 23:24:56 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.10.19 20:52:17 | 000,000,000 | ---D | M] -- C:\KPCMS [2009.10.19 19:47:26 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.02.07 19:10:31 | 000,000,000 | ---D | M] -- C:\My Music [2011.03.28 21:01:27 | 000,000,000 | ---D | M] -- C:\NBG_DFUE [2009.10.19 14:01:53 | 000,000,000 | ---D | M] -- C:\NVIDIA [2011.03.09 14:25:41 | 000,000,000 | ---D | M] -- C:\PCWELT [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2009.10.19 20:52:18 | 000,000,000 | ---D | M] -- C:\PM6 [2010.12.20 11:53:28 | 000,000,000 | ---D | M] -- C:\Prog [2011.04.05 20:28:28 | 000,000,000 | R--D | M] -- C:\Programme [2011.04.05 15:41:03 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.10.19 13:45:25 | 000,000,000 | -HSD | M] -- C:\Programme [2009.10.19 13:45:26 | 000,000,000 | -HSD | M] -- C:\Recovery [2009.10.19 19:34:43 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2010.12.09 10:53:47 | 000,000,000 | ---D | M] -- C:\StepOver [2010.10.21 16:33:01 | 000,000,000 | ---D | M] -- C:\Stuttgarter_Versicherungsgruppe [2011.04.05 19:39:43 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.03.28 21:29:28 | 000,000,000 | ---D | M] -- C:\Temp [2010.08.25 21:53:03 | 000,000,000 | ---D | M] -- C:\totalcmd [2009.10.19 14:36:24 | 000,000,000 | R--D | M] -- C:\Users [2009.10.21 12:22:19 | 000,000,000 | ---D | M] -- C:\VHV [2011.04.05 20:29:13 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2010.01.27 14:38:30 | 003,557,376 | ---- | M] (Microsoft Corporation) MD5=104E4B0F551667FA026DF09C34187C63 -- C:\Windows\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [2010.01.27 14:38:30 | 005,435,392 | ---- | M] (Microsoft Corporation) MD5=CAAAD7610368785CD8366B5F7B87B5E0 -- C:\Windows\FlyakiteOSX\Backup\explorer.exe < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-05 13:25:23 ========== Alternate Data Streams ========== @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:60466E88 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.04.2011 20:29:56 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Marco\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): c:\pagefile.sys 5000 10000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 180,18 Gb Free Space | 38,69% Space Free | Partition Type: NTFS
Drive E: | 292,80 Gb Total Space | 219,79 Gb Free Space | 75,07% Space Free | Partition Type: NTFS
Drive F: | 5,29 Gb Total Space | 0,88 Gb Free Space | 16,60% Space Free | Partition Type: NTFS
Drive G: | 930,86 Gb Total Space | 25,40 Gb Free Space | 2,73% Space Free | Partition Type: NTFS
Drive I: | 614,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ***-PC | User Name: Marco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OnlineFotoservice] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Directory [TVersity] -- "C:\Users\Marco\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D6DBAB-7C8E-4AC8-8B54-561286B50FEB}" = NÜRNBERGER Beratungstechnologie BTplus 01.2011 Aktualisierung
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D565ABB-F689-4B08-AA2A-F24BF7543B90}" = Baufi Kurz Gev
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"{11C4C376-7A39-456B-AF24-142C9408CC68}" = Advocard RS Formulare
"{12F8958F-CD7F-434D-B598-277EF446FE9C}" = Beratungsprotokolle
"{1454A1AD-E923-4E9C-9DC6-F173B5249A62}" = CD-Brennservice
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1CED7D61-9A4A-4D2B-8FB7-4DA1E5AEA7B1}" = TransSELEKT
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{24C152B6-544C-4B64-A4CA-575843C0CFE6}" = Article Wizard
"{25A09361-CF09-4351-8B91-FED52FA9F4E6}" = AIS Gev
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{27237DBF-81A7-4569-908C-48427460B7BA}" = The Panorama Factory V5 m32 Edition
"{281626C2-282A-4574-B19C-E1611CC8C604}" = GEV Excelloesungen
"{2853590B-752C-4F78-A4D0-8CA11A3C70C8}" = CAP GEV Child
"{2866D47D-EFE6-40A3-BA38-F88A865960FB}" = Moreba GEV
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2D147449-82F7-4603-9BBA-A7999BA648B5}" = NAFI Gev
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2DFAC810-6DD8-4E23-96A4-BEB118408203}" = Mask Pro 4.1
"{3092F28A-F757-4119-9B32-8DC7EEFC357A}" = AMBLebenStartHH
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32C7FDDF-8D18-4B29-B81A-CDA512093274}" = Intellihance Pro 4.2
"{35249233-B3B6-47D2-8D91-64BE6968F24E}" = BeratungsNavigator April 2010
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe
"{3706193A-737E-4AE1-A23B-3B0124C9D7EC}" = SUH-FK mit RS und GDV-Viewer
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39955D0F-633E-4C9C-9E0C-67B8DFC4D04A}" = VIT LV Gev
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{416483BC-C2B1-46D4-91F2-6ECB36C95295}" = PDF-Formular_Makler
"{4666A1CE-C9B4-4840-ADE4-2D86E2058551}" = Tunebite
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-5490CN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC7C2FD-CEE4-4CE4-9846-A932C54D3170}" = RK Launcher iVista Leopard
"{4CFB67CB-E8FF-4EA4-9DCA-6659D1D4EAD5}" = FIT GEV
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{515D3E4C-ADC5-4DB4-A497-ADCF3007522E}" = Bookmark Submitter Pro 1.2
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{534806D0-9B0B-41FA-A7BE-C294AAB7B31F}" = O&O DiskImage Professional
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{584267B8-0BB0-4D18-9FFA-726576619E9A}" = Doom 3
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F073685-ADDB-4D5A-98E9-0F795989A57F}" = PhotoFrame Pro 3.1
"{6006059E-013D-4B77-BC5C-4DD5E4A6570D}" = G Data InternetSecurity 2012
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{6273DF6A-FAFB-4C1E-8ABC-7EB581ECA09C}" = Generali BAV Prof GEV
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{68EAA7CE-63F0-4C5A-8163-3961F70FBD7C}" = Beraterplatz GEV
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E176203-DE71-454F-A735-73DE95853CEE}" = NÜRNBERGER Beratungstechnologie BTplus 01/2011
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C723788-585C-4537-92AC-CF616209197C}" = PhotoTune 2
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86D22899-0876-4D36-8B74-8A2061D85C66}" = Abgeltungsteuer GEV
"{873BDAD5-C967-4DAA-9E2A-B890D886E18D}" = Brainforce
"{87D9045F-5DE3-4AED-B56E-3A2927F2AF91}" = Fujitsu NetCOBOL Free Run-time
"{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.0.53
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FBA5944-95EA-4153-89A4-9AE16DB5E6AD}" = Generali Tarifierungen Gev
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{91130407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{95264FE1-B52C-4F32-9382-9B0923F61383}" = Jdk GEV
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{959A4711-CD64-4552-9E70-7BDB4F72336B}" = Updateservice GEV
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9EB46587-4354-411C-BBAC-A9BBB2131F3D}" = FocalPoint 1.0
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A470C94F-4F66-42E5-8D85-D4C2D2C1154F}" = PoA-MathBasis
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}" = PC Connectivity Solution
"{A5D861EC-419E-42F6-87DD-E02996244441}" = Angebots Msi
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{AA0FB0B5-D853-4F87-9261-A4BC7D503E0D}" = Microsoft Image Composite Editor
"{AA259E30-3918-4AE2-A969-3D155A5112A8}" = NÜRNBERGER Beratungstechnologie Version 03.2010 Einzelplatz
"{AC38B36B-90F8-4C1F-8AC9-236B851B8871}" = Genuine Fractals 5.0
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AD77394E-0107-4C2A-BF86-E633DFD09E33}" = Vera Kompas GEV
"{AE5AB508-545C-4291-B9DC-7FAEEDC6624E}" = Stufenmodell GEV
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B01DD5B7-9862-43D7-BCA3-7882A17E4328}" = PhotoTools 1.0 Professional Edition
"{B213E1A6-ACB3-4488-8221-0403F8B5EAC3}" = Konzept und Marketing Tarifrechner
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BC561EA3-69C7-4CDA-87CB-DB6B4311F16C}" = VIT LV Basis
"{BF6685DC-50F9-48EA-B2FF-99AF905D7660}" = Envisioneer Express 5.0
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF4ED9E2-7289-4D60-9E9A-AA726408C989}" = Vita Gev
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D3AAAEA9-9A0C-4568-8E9D-073497291031}" = Nero 8
"{D6DF7FE9-2420-4DAA-8A00-BB5367AE1DFA}" = NÜRNBERGER Beratungstechnologie 01/2011
"{D8B5B7C3-47B1-40FA-8251-59C74A543880}" = Dragon Age: Origins Character Creator
"{DA74A65E-31B4-4A32-A80C-96FF5CBA6A53}" = Movavi SplitMovie 2
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE64E0C1-1DF6-4997-9B98-10411D175BEC}" = Moreba
"{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}" = resident evil 4
"{E37AF296-698F-413B-8264-A3CB391DA44C}" = Fernwartung GEV
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FB6908C2-2138-4D6E-9CAF-11D7AE6C3909}" = Doom 3
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = DER HERR DER RINGE ONLINE: Schatten von Angmar v07.12.30.70
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Color Efex Pro 3.0 Complete" = Color Efex Pro 3.0 Complete
"CreaturesDeinstKey" = Creatures
"Dark Omen" = Dark Omen
"Dfine 2.0" = Dfine 2.0
"DivX Setup.divx.com" = DivX-Setup
"EADM" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"Exposure" = Alien Skin Exposure
"EyeCandy5Impact" = Alien Skin Eye Candy 5 Impact
"EyeCandy5Nature" = Alien Skin Eye Candy 5 Nature
"EyeCandy5Textures" = Alien Skin Eye Candy 5 Textures
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FlyakiteOSX" = FlyakiteOSX
"Free Monitor for Google_is1" = Free Monitor for Google 2.5
"FreePortScanner_is1" = FreePortScanner 2.8.2
"FreeUndelete" = FreeUndelete
"Generali Versicherungen Beratungssoftware" = Generali Versicherungen Beratungssoftware
"Google Desktop" = Google Desktop
"iColorFolder" = iColorFolder
"Image Doctor" = Alien Skin Image Doctor 1.0
"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"InstallShield_{35249233-B3B6-47D2-8D91-64BE6968F24E}" = BeratungsNavigator April 2010
"InstallShield_{87D9045F-5DE3-4AED-B56E-3A2927F2AF91}" = Fujitsu NetCOBOL Free Run-time
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{BF6685DC-50F9-48EA-B2FF-99AF905D7660}" = Envisioneer Express 5.0
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"Invers" = INVERS Makler Assistent
"Janitos Offline-Tarifrechner 3_is1" = Janitos Offline-Tarifrechner 3.1.8.4
"JDownloader" = JDownloader
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"MainApp.exe_is1" = CloneDVD 4.1.0.23
"MediaCoder" = MediaCoder 0.7.5.4762
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"NameNormPROFI_is1" = Entferne NameNormPROFI
"Nokia PC Suite" = Nokia PC Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Offline Tarifrechner 3_is1" = Offline Tarifrechner 3.1.5.1
"OnlineFotoservice" = OnlineFotoservice
"OpenAL" = OpenAL
"PDF zu HTML Wandler 1" = PDF zu HTML Wandler 1
"PhatMan" = PhatNoise Music Manager
"PhotoBookWorld_is1" = PhotoBookWorld 2.1
"RealFlightG4Pro" = RealFlight G4 R/C Simulator
"RealPlayer 12.0" = RealPlayer
"Rename-It Version 2_is1" = Rename-It Version 2
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"Runic Games Torchlight" = Torchlight
"Sharpener Pro 3.0" = Sharpener Pro 3.0
"Silver Efex Pro" = Silver Efex Pro
"Snap Art" = Alien Skin Snap Art
"Some PDF to HTML Converter_is1" = Some PDF to HTML Converter 1.5
"ST6UNST #1" = PrismaLife Angebots-Software
"ST6UNST #2" = PrismaLife Angebots-Software (C:\Program Files\PrismaLife Angebots-Software PrismaLife\)
"ST6UNST #3" = PrismaLife Angebots-Software (C:\Program Files\PrismaLife Angebots-Software PrismaLife\) #3
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"StarCraft II" = StarCraft II
"Steam App 21680" = Bionic Commando: Rearmed
"Steam App 2600" = Vampire: The Masquerade - Bloodlines
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 3620" = Zuma's Revenge
"Steam App 41020" = Serious Sam HD: The First Encounter Demo
"Steam App 47760" = Mass Effect 2 Demo
"Steam App 49460" = Magic: The Gathering - Duels of the Planeswalkers Demo
"Steam App 550" = Left 4 Dead 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 73050" = Magicka - Demo
"Sweet Home 3D_is1" = Sweet Home 3D version 3.1
"SWF & FLV Toolbox 4_is1" = SWF & FLV Toolbox 4.0 (build 4.0.0.440)
"Tiger System Preferences v2" = Tiger System Preferences v2
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Totalcmd" = Total Commander (Remove or Repair)
"TuneUp Utilities" = TuneUp Utilities
"TVersity Codec Pack" = TVersity Codec Pack 1.4
"TVersity Media Server" = TVersity Media Server 1.9.2
"uTorrent" = µTorrent
"Venetica_is1" = Venetica
"VirtualCloneDrive" = VirtualCloneDrive
"Viveza" = Viveza
"Viveza 2" = Viveza 2
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR Archivierer
"Xenofex2" = Alien Skin Xenofex 2.0
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Vielen Dank schon mal für eure Hilfe Spybot S&D findet nichts mehr. Malewarebyts Antimalware hatte das gefunden: PHP-Code: |
| Themen zu Rootkit Patched TDSS GEn entfernt? |
| 0x00000001, 7-zip, adblock, alternate, antivirus, bho, bluescreen, bonjour, bookmark, browser, converter, entfernt?, error, excel, excel.exe, firefox, flash player, frage, g-data, google, helper, home, install.exe, intranet, jdownloader, langs, location, logfile, mozilla thunderbird, msvcrt, nicht gefunden, nvlddmkm.sys, object, oldtimer, plug-in, preferences, realtek, rootkit, saver, scan, searchplugins, security, shell32.dll, software, spyware.onlinegames, start menu, starten, studio, total commander, trojan.fakems, updates, user agent, visual studio, webcheck, wordpress |
Baum-Darstellung