| |
| |||||||
Log-Analyse und Auswertung: goingonearth Redirect & Windows Sicherheitscenter deaktiviertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.04.2011, 11:47
| #1 |
 |  goingonearth Redirect & Windows Sicherheitscenter deaktiviert Hallo und erst einmal guten Tag an Alle. Ich habe mir den bekannten Redirecter goingoearth eingefangen und bitte Euch nun mir zu helfen ihn wieder loszuwerden. Nach einem Download wurde zuerst das Windows Sicherheitscenter deaktiviert und danach konnte in Firefox keine vernünftige suche mit Google durchgeführt werden. Das Ganze eskaliert nun, auch im IE 9 werde ich plötzlich bei Suchanfragen über Google auf irgenwelche Websites umgeleitet. Ich habe hier das Ergebniss des Scans mit OTL eingefügt. Im Voraus schon mal besten Dank für Eure Hilfe. JoachimOTL Logfile: Code:
ATTFilter OTL logfile created on: 20.04.2011 12:30:26 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\j2h.J2H\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 12,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 44,00% Memory free 24,00 Gb Paging File | 17,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 68,27 Gb Free Space | 57,30% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 917,45 Gb Free Space | 98,49% Space Free | Partition Type: NTFS Drive E: | 120,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 465,76 Gb Total Space | 367,83 Gb Free Space | 78,98% Space Free | Partition Type: NTFS Drive I: | 465,76 Gb Total Space | 367,83 Gb Free Space | 78,98% Space Free | Partition Type: NTFS Drive J: | 465,76 Gb Total Space | 367,83 Gb Free Space | 78,98% Space Free | Partition Type: NTFS Drive M: | 931,51 Gb Total Space | 485,58 Gb Free Space | 52,13% Space Free | Partition Type: NTFS Drive R: | 4,69 Gb Total Space | 4,69 Gb Free Space | 99,99% Space Free | Partition Type: FAT32 Computer Name: NTZ-B1 | User Name: j2h | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.20 12:21:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\j2h.J2H\Desktop\OTL.exe PRC - [2011.04.01 10:31:38 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.03.28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2011.03.17 13:11:38 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2011.03.07 15:48:19 | 004,886,136 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe PRC - [2011.02.21 02:00:00 | 001,770,424 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) -- C:\Programme\ArchiCrypt\ArchiCrypt Ultimate RAM-Disk 3\ACUltimateRamDisk.exe PRC - [2011.01.26 12:26:48 | 000,573,224 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.01.07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe PRC - [2010.12.20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010.12.20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2010.12.06 17:26:24 | 002,072,576 | ---- | M] (USB Server) -- C:\Program Files (x86)\USB Server 2\USB Server.exe PRC - [2010.10.22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe PRC - [2010.10.22 05:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgam.exe PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2007.01.11 13:57:20 | 000,291,760 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9300 Series\lxcqmon.exe ========== Modules (SafeList) ========== MOD - [2011.04.20 12:21:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\j2h.J2H\Desktop\OTL.exe MOD - [2010.11.20 04:21:38 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll MOD - [2010.11.20 04:21:38 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll MOD - [2010.11.20 04:20:48 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntlanman.dll MOD - [2010.11.20 04:18:28 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davclnt.dll MOD - [2010.11.20 03:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll MOD - [2010.02.04 20:17:27 | 000,129,984 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp.dll MOD - [2009.07.14 03:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drprov.dll MOD - [2009.07.14 03:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davhlpr.dll MOD - [2009.07.14 03:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.02.21 12:21:14 | 000,437,208 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) [Auto | Running] -- C:\Windows\SysNative\ACRAMDiskHandlerService64RD3.exe -- (ArchiCrypt Ultimate RAM-Disk 3) SRV:64bit: - [2011.01.27 00:55:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.01.17 17:00:50 | 000,164,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) SRV:64bit: - [2010.08.09 04:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service) SRV:64bit: - [2010.05.20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV:64bit: - [2009.12.09 13:48:26 | 000,844,616 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\CleverCache\ooccag.exe -- (O&O CleverCache) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2006.12.05 09:36:32 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcqcoms.exe -- (lxcq_device) SRV - [2011.04.01 10:31:38 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.03.28 15:41:12 | 002,111,368 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.03.17 13:11:38 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011.02.01 22:53:54 | 001,112,736 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.01.28 21:34:52 | 000,032,336 | ---- | M] (Sanford, L.P.) [Auto | Running] -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe -- (DymoPnpService) SRV - [2011.01.26 12:26:48 | 000,573,224 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.12.20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010.11.11 17:07:30 | 000,784,384 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\USB Server 2\NPW\NPWService.exe -- (NPWService) SRV - [2010.10.28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.10.22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2010.05.14 15:02:54 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.21 11:40:44 | 000,193,904 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2006.12.05 09:36:10 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxcqcoms.exe -- (lxcq_device) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.03.17 13:11:38 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2011.03.17 13:11:37 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) DRV:64bit: - [2011.03.17 13:11:37 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2011.03.17 13:11:36 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2011.02.21 12:21:12 | 000,024,536 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ACMoFlex64RD3.sys -- (ACMoFlex64RD3) DRV:64bit: - [2011.02.16 22:36:37 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd) DRV:64bit: - [2011.01.27 01:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.01.27 00:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.01.18 12:37:48 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL) DRV:64bit: - [2011.01.03 10:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.01.03 10:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2011.01.03 10:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2010.12.21 07:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.12.08 05:12:36 | 000,308,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2010.11.23 19:33:00 | 000,300,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 05:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.20 05:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.17 14:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.11.06 09:45:46 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.09.17 12:09:14 | 000,240,128 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NUServer64.sys -- (NUServer64) DRV:64bit: - [2010.09.13 16:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV:64bit: - [2010.09.07 04:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2010.09.07 04:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2010.08.24 19:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010.08.24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2010.05.20 16:26:32 | 002,143,600 | ---- | M] (Microsoft Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VX6000Xp.sys -- (VX6000) DRV:64bit: - [2010.04.27 03:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.04.27 03:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.04.07 10:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel(R) DRV:64bit: - [2010.03.17 10:14:02 | 000,302,632 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2010.01.28 14:51:28 | 000,030,208 | ---- | M] (Elite Silicon Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NUS_Bus.sys -- (NUS_Bus) DRV:64bit: - [2009.10.29 10:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.10.06 11:11:30 | 000,029,696 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenBus.sys -- (EST_BusEnum) DRV:64bit: - [2009.09.24 18:55:00 | 000,212,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd) DRV:64bit: - [2009.09.14 15:30:26 | 000,058,744 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb) DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009.08.05 13:56:04 | 000,063,856 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd) DRV:64bit: - [2009.07.28 21:02:10 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom) DRV:64bit: - [2009.07.24 12:33:14 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds) DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009.06.19 11:00:26 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid) DRV:64bit: - [2009.06.19 10:59:32 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp) DRV:64bit: - [2009.06.17 13:01:04 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.03.02 14:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT) DRV:64bit: - [2009.03.02 14:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp) DRV:64bit: - [2007.11.08 11:29:22 | 000,527,872 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PAC7302.SYS -- (PAC7302) DRV:64bit: - [2005.04.13 23:17:52 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0801.sys -- (tap0801) DRV - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 3A EB CD C3 D1 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Firefox4.0\components [2011.04.14 16:17:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.04.14 16:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\j2h.J2H\AppData\Roaming\mozilla\Extensions [2011.04.14 15:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.02.22 14:53:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- [2011.02.22 14:53:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.03.16 13:18:48 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml O1 HOSTS File: ([2011.04.19 11:38:59 | 000,000,100 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [LXCQCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCQtime.DLL (Lexmark International Inc.) O4:64bit: - HKLM..\Run: [lxcqmon.exe] C:\Program Files (x86)\Lexmark 9300 Series\lxcqmon.exe () O4:64bit: - HKLM..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe (O&O Software GmbH) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI-Grafik\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ACRAMDisk] C:\Program Files\ArchiCrypt\ArchiCrypt Ultimate RAM-Disk 3\ACUltimateRamDisk.exe (Softwareentwicklung Remus - ArchiCrypt) O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [USB Server] File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.4.22.0.cab (SysInfo Class) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex64-2.2.5.7.cab (DLM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = j2h.de O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{8ea65a46-3dd2-11e0-80f2-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{8ea65a46-3dd2-11e0-80f2-005056c00008}\Shell\AutoRun\command - "" = G:\StartCD.exe O33 - MountPoints2\{c0b00e94-40b0-11e0-841f-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{c0b00e94-40b0-11e0-841f-005056c00008}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - File not found O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.04.20 12:26:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.04.20 12:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.04.20 12:25:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2011.04.20 12:21:05 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\j2h.J2H\Desktop\Erunt-setup.exe [2011.04.20 12:21:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\j2h.J2H\Desktop\OTL.exe [2011.04.20 12:21:05 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\j2h.J2H\Desktop\TFC.exe [2011.04.20 08:17:51 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\Application Data [2011.04.20 08:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON [2011.04.20 08:17:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NAVIGON [2011.04.19 12:36:09 | 000,000,000 | ---D | C] -- C:\Programme\Hitman Pro 3.5 [2011.04.19 12:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5 [2011.04.19 12:08:05 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe [2011.04.19 12:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro [2011.04.19 11:32:06 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyNoMore [2011.04.19 11:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyNoMore [2011.04.19 11:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpyNoMore [2011.04.19 11:31:24 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\GetRightToGo [2011.04.16 12:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to Word [2011.04.16 12:05:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free PDF to Word Doc Converter [2011.04.16 09:59:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2011.04.16 09:50:49 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2011.04.16 09:50:34 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2011.04.14 18:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.04.14 16:17:23 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\Mozilla [2011.04.14 16:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefox4.0 [2011.04.14 14:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla! [2011.04.14 10:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babylon Translator Removal Tool [2011.04.14 09:37:32 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\TuneUp Software [2011.04.14 09:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2011.04.14 09:37:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2011.04.13 18:35:51 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\Malwarebytes [2011.04.13 18:35:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.04.13 18:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.13 18:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.13 18:35:44 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.04.13 18:35:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.04.13 18:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.04.13 18:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011.04.13 16:06:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2011.04.13 16:06:53 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.04.10 19:04:34 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Local\assembly [2011.04.10 18:19:34 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Local\Sanford,_L.P [2011.04.10 18:19:01 | 000,000,000 | ---D | C] -- D:\E_Daten\E_Dokumente\DYMO Label [2011.04.10 18:19:01 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Local\DYMO [2011.04.10 18:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO [2011.04.10 18:17:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DYMO [2011.04.10 18:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\DYMO [2011.04.10 18:10:17 | 000,000,000 | R--D | C] -- D:\E_Daten\E_Dokumente\Scanned Documents [2011.04.10 18:10:16 | 000,000,000 | ---D | C] -- D:\E_Daten\E_Dokumente\Fax [2011.04.10 18:07:51 | 000,000,000 | ---D | C] -- C:\Programme\Lx_cats [2011.04.10 18:07:30 | 000,000,000 | ---D | C] -- C:\Programme\Lexmark 9300 Series [2011.04.10 18:07:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark Toolbar [2011.04.10 18:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 9300 Series [2011.04.10 18:07:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark 9300 Series [2011.04.10 18:07:27 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqserv.dll [2011.04.10 18:07:27 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqusb1.dll [2011.04.10 18:07:27 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqhbn3.dll [2011.04.10 18:07:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqcomc.dll [2011.04.10 18:07:27 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqpmui.dll [2011.04.10 18:07:27 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqlmpm.dll [2011.04.10 18:07:27 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqcoms.exe [2011.04.10 18:07:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqcomm.dll [2011.04.10 18:07:27 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqinpa.dll [2011.04.10 18:07:27 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqiesc.dll [2011.04.10 18:07:27 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqih.exe [2011.04.10 18:07:27 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqcfg.exe [2011.04.10 18:07:27 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqppls.exe [2011.04.10 18:07:27 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqprox.dll [2011.04.10 18:07:27 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqpplc.dll [2011.04.10 18:07:13 | 001,417,728 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqserv.dll [2011.04.10 18:07:13 | 001,099,264 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqusb1.dll [2011.04.10 18:07:13 | 000,695,808 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqcomc.dll [2011.04.10 18:07:13 | 000,659,456 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqhbn3.dll [2011.04.10 18:07:13 | 000,566,192 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqcoms.exe [2011.04.10 18:07:13 | 000,487,424 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqlmpm.dll [2011.04.10 18:07:13 | 000,409,600 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqpmui.dll [2011.04.10 18:07:13 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysNative\LXCQhcp.dll [2011.04.10 18:07:13 | 000,249,856 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqcomm.dll [2011.04.10 18:07:13 | 000,238,592 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqinpa.dll [2011.04.10 18:07:13 | 000,235,952 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqcfg.exe [2011.04.10 18:07:13 | 000,233,392 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqih.exe [2011.04.10 18:07:13 | 000,226,816 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqiesc.dll [2011.04.10 18:07:13 | 000,035,328 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqprox.dll [2011.04.10 18:07:13 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqpplc.dll [2011.04.10 17:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung CLP-300 Series [2011.04.10 17:55:14 | 000,151,552 | ---- | C] (SS) -- C:\Windows\SysNative\SUGG1ci.exe [2011.04.10 17:55:14 | 000,089,600 | ---- | C] (SS) -- C:\Windows\SysNative\SUGG1ci.dll [2011.04.10 17:54:50 | 000,053,816 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\Windows\SysNative\drivers\DGIVECP.SYS [2011.04.10 17:54:50 | 000,011,576 | ---- | C] (Samsung Electronics) -- C:\Windows\SysNative\drivers\SSPORT.SYS [2011.04.10 17:39:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2011.04.10 17:39:41 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information [2011.04.10 17:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4700 series [2011.04.10 17:39:31 | 000,000,000 | -H-D | C] -- C:\Programme\CanonBJ [2011.04.10 17:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Server 2 [2011.04.10 17:08:16 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\USB Server [2011.04.10 17:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB Server 2 [2011.04.08 19:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0 [2011.04.05 16:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC [2011.04.05 16:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealVNC [2011.04.05 15:56:27 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\UltraVNC [2011.04.05 11:30:22 | 000,000,000 | ---D | C] -- D:\E_Daten\E_Dokumente\Xen [2011.04.05 00:02:43 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\Citrix [2011.04.05 00:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix [2011.03.31 12:36:08 | 000,000,000 | ---D | C] -- D:\E_Daten\E_Dokumente\Xilisoft Corporation [2011.03.30 17:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS [2011.03.30 17:26:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS [2011.03.30 17:22:13 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\Download Manager [2011.03.30 16:44:21 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2011.03.30 08:57:21 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2011.03.30 08:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2011.03.30 08:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2011.03.29 12:56:10 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Local\Stardock [2011.03.29 12:56:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock [2011.03.29 12:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CursorFX [2011.03.29 12:55:15 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Sync Framework [2011.03.29 12:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011.03.29 12:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.03.29 12:26:06 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Local\Google [2011.03.29 12:26:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2011.03.24 15:51:21 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\ArchiCrypt Ultimate RAM-Disk3 [2011.03.24 15:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ArchiCrypt Ultimate RAM-Disk [2011.03.24 15:51:13 | 000,437,208 | ---- | C] (Softwareentwicklung Remus - ArchiCrypt) -- C:\Windows\SysNative\ACRAMDiskHandlerService64RD3.exe [2011.03.24 15:51:13 | 000,170,968 | ---- | C] (Softwareentwicklung Remus - ArchiCrypt.com) -- C:\Windows\SysNative\ACMFEngine64RD3.dll [2011.03.24 15:51:13 | 000,024,536 | ---- | C] (Softwareentwicklung Remus - ArchiCrypt.com) -- C:\Windows\SysNative\drivers\ACMoFlex64RD3.sys [2011.03.24 15:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAM-Disk 3 [2011.03.24 15:51:05 | 000,000,000 | ---D | C] -- C:\Programme\ArchiCrypt [2011.03.24 15:24:56 | 000,000,000 | ---D | C] -- C:\Programme\Intel [2011.03.24 15:21:50 | 000,000,000 | ---D | C] -- C:\Programme\SystemRequirementsLab [2011.03.24 15:11:07 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll [2011.03.24 15:11:07 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll [2011.03.24 15:11:07 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll [2011.03.24 15:11:07 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll [2011.03.24 15:11:07 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll [2011.03.24 15:11:07 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll [2011.03.24 10:34:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun ========== Files - Modified Within 30 Days ========== [2011.04.20 12:31:13 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.20 12:31:13 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.20 12:28:13 | 001,621,772 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.20 12:28:13 | 000,700,288 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.20 12:28:13 | 000,655,000 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.20 12:28:13 | 000,149,084 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.20 12:28:13 | 000,121,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.20 12:25:06 | 000,000,924 | ---- | M] () -- C:\Users\j2h.J2H\Desktop\NTREGOPT.lnk [2011.04.20 12:25:06 | 000,000,905 | ---- | M] () -- C:\Users\j2h.J2H\Desktop\ERUNT.lnk [2011.04.20 12:23:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.20 12:23:54 | 1066,749,950 | -HS- | M] () -- C:\hiberfil.sys [2011.04.20 12:21:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\j2h.J2H\Desktop\Erunt-setup.exe [2011.04.20 12:21:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\j2h.J2H\Desktop\OTL.exe [2011.04.20 12:21:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\j2h.J2H\Desktop\TFC.exe [2011.04.20 12:19:05 | 000,377,260 | ---- | M] () -- C:\Users\j2h.J2H\Desktop\Load.exe [2011.04.20 12:06:34 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys [2011.04.20 11:05:54 | 000,020,675 | ---- | M] () -- C:\Users\j2h.J2H\.recently-used.xbel [2011.04.20 08:07:10 | 112,847,303 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2011.04.19 12:08:05 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe [2011.04.19 11:38:59 | 000,000,100 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2011.04.19 11:32:13 | 000,001,152 | ---- | M] () -- C:\Windows\SysWow64\windrv.sys [2011.04.16 10:01:26 | 000,456,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.15 18:44:41 | 000,002,058 | -H-- | M] () -- D:\E_Daten\E_Dokumente\Default.rdp [2011.04.14 09:51:31 | 000,000,000 | ---- | M] () -- C:\Windows\lgfwup.ini [2011.04.14 09:01:59 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2011.04.14 09:01:59 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2011.04.13 19:05:02 | 000,000,000 | RHS- | M] () -- C:\Windows\wininit.ini [2011.04.13 15:23:02 | 000,123,392 | RHS- | M] () -- C:\Windows\SysWow64\MSAC3ENCX.dll [2011.04.10 18:07:45 | 000,019,148 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf [2011.03.29 09:59:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf [2011.03.26 16:36:48 | 001,872,355 | ---- | M] () -- D:\E_Daten\E_Dokumente\wa24neu.pdf [2011.03.26 15:56:48 | 000,002,012 | ---- | M] () -- D:\E_Daten\E_Dokumente\ntzsrv(Intern).RDP [2011.03.24 17:45:43 | 000,010,240 | ---- | M] () -- C:\Windows\SysNative\ACRAMDiskHandlerService64RD3.ini ========== Files Created - No Company Name ========== [2011.04.20 12:25:06 | 000,000,924 | ---- | C] () -- C:\Users\j2h.J2H\Desktop\NTREGOPT.lnk [2011.04.20 12:25:06 | 000,000,905 | ---- | C] () -- C:\Users\j2h.J2H\Desktop\ERUNT.lnk [2011.04.20 12:19:25 | 000,377,260 | ---- | C] () -- C:\Users\j2h.J2H\Desktop\Load.exe [2011.04.20 11:05:54 | 000,020,675 | ---- | C] () -- C:\Users\j2h.J2H\.recently-used.xbel [2011.04.19 12:01:03 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys [2011.04.19 11:32:13 | 000,001,152 | ---- | C] () -- C:\Windows\SysWow64\windrv.sys [2011.04.16 09:51:03 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2011.04.16 09:50:48 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2011.04.16 09:50:40 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe [2011.04.16 09:50:35 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc [2011.04.16 09:50:35 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2011.04.16 09:50:35 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2011.04.16 09:50:35 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2011.04.14 16:17:19 | 000,001,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.04.14 08:59:34 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml [2011.04.14 08:59:34 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2011.04.13 19:05:02 | 000,000,000 | RHS- | C] () -- C:\Windows\wininit.ini [2011.04.13 15:23:02 | 000,123,392 | RHS- | C] () -- C:\Windows\SysWow64\MSAC3ENCX.dll [2011.04.10 18:07:29 | 000,000,031 | ---- | C] () -- C:\Windows\SysNative\lxcqrwrd.ini [2011.04.10 18:07:27 | 002,468,096 | ---- | C] () -- C:\Windows\SysWow64\lxcqhelp.chm [2011.04.10 18:07:27 | 000,380,928 | ---- | C] () -- C:\Windows\SysWow64\lxcqcomx.dll [2011.04.10 18:07:27 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCQinst.dll [2011.04.10 18:07:27 | 000,001,922 | ---- | C] () -- C:\Windows\SysWow64\lxcq.loc [2011.04.10 18:07:13 | 002,468,096 | ---- | C] () -- C:\Windows\SysNative\lxcqhelp.chm [2011.04.10 18:07:13 | 000,294,400 | ---- | C] () -- C:\Windows\SysNative\lxcqgrd.dll [2011.04.10 18:07:13 | 000,194,048 | ---- | C] () -- C:\Windows\SysNative\LXCQinst.dll [2011.04.10 18:07:13 | 000,019,148 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf [2011.04.10 18:07:13 | 000,001,922 | ---- | C] () -- C:\Windows\SysNative\lxcq.loc [2011.04.10 17:55:14 | 000,022,016 | ---- | C] () -- C:\Windows\SysNative\SUGG1l6.DLL [2011.04.10 17:55:14 | 000,000,411 | ---- | C] () -- C:\Windows\SysNative\SUGG1l6.SMT [2011.04.05 00:02:33 | 000,002,164 | ---- | C] () -- C:\Users\j2h.J2H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix XenCenter.lnk [2011.03.30 17:26:38 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys [2011.03.30 17:26:37 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2011.03.30 17:26:37 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011.03.29 09:59:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf [2011.03.26 16:36:47 | 001,872,355 | ---- | C] () -- D:\E_Daten\E_Dokumente\wa24neu.pdf [2011.03.26 15:56:48 | 000,002,012 | ---- | C] () -- D:\E_Daten\E_Dokumente\ntzsrv(Intern).RDP [2011.03.24 17:39:21 | 000,010,240 | ---- | C] () -- C:\Windows\SysNative\ACRAMDiskHandlerService64RD3.ini [2011.03.17 14:02:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.15 15:56:39 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini [2011.03.01 19:54:03 | 000,008,192 | ---- | C] () -- C:\Users\j2h.J2H\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.21 16:50:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.02.21 15:28:21 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe [2011.02.21 15:26:07 | 001,650,006 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.02.21 14:38:36 | 000,003,078 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.02.21 12:58:25 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.02.21 12:58:20 | 000,036,283 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.01.29 18:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2010.12.21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.26 18:24:18 | 000,015,497 | ---- | C] () -- C:\Windows\VX6KStd.ini [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2008.08.26 16:26:24 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\pt243F.DLL ========== LOP Check ========== [2011.03.17 13:09:23 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\Acronis [2011.03.24 15:51:21 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\ArchiCrypt Ultimate RAM-Disk3 [2011.02.21 17:06:08 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\Artisteer [2011.02.21 16:59:19 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\AVG10 [2011.04.05 00:02:45 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\Citrix [2011.04.07 10:44:56 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\FileZilla [2011.04.19 11:32:06 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\GetRightToGo [2011.04.20 11:02:29 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\gtk-2.0 [2011.02.21 16:53:33 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\Leadertech [2011.03.01 19:53:00 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\Samsung [2011.02.21 17:14:06 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\SWiSH Max4 DEU [2011.03.04 13:25:14 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\TeamViewer [2011.04.14 09:37:32 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\TuneUp Software [2011.04.10 17:28:17 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\USB Server [2011.04.14 14:08:57 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.02.21 17:18:14 | 000,000,000 | -H-D | M] -- C:\$AVG [2011.02.21 14:33:23 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.02.21 12:49:12 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.02.21 15:13:31 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.04.19 12:36:09 | 000,000,000 | R--D | M] -- C:\Programme [2011.04.20 12:25:05 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.04.19 12:00:45 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.02.21 12:49:12 | 000,000,000 | -HSD | M] -- C:\Programme [2011.02.21 12:49:12 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.04.13 19:43:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.04.13 16:34:09 | 000,000,000 | ---D | M] -- C:\Temp [2011.03.24 15:11:02 | 000,000,000 | R--D | M] -- C:\Users [2011.04.20 12:26:24 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe [2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe [2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: USERINIT.EXE > [2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > |
|
20.04.2011, 12:03
| #2 |
| /// Malware-holic   | goingonearth Redirect & Windows Sicherheitscenter deaktiviert • Starte bitte die OTL.exe
__________________• Kopiere nun das Folgende in die Textbox. :OTL :Files C:\Windows\SysWow64\MSAC3ENCX.dll ipconfig /flushdns /c :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. das archiv nach anleitung hochladen: http://www.trojaner-board.de/54791-a...ner-board.html
__________________ |
|
20.04.2011, 12:57
| #3 |
| | goingonearth Redirect & Windows Sicherheitscenter deaktiviert Hallo und Danke für die schnelle Antwort,
__________________die File wurde hochgeladen. Nun der Inhalt der ... log die nach dem Neustart generiert wurde All processes killed ========== OTL ========== ========== FILES ========== C:\Windows\SysWow64\MSAC3ENCX.dll moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\j2h.J2H\Desktop\cmd.bat deleted successfully. C:\Users\j2h.J2H\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: j2h ->Flash cache emptied: 0 bytes User: j2h.J2H ->Flash cache emptied: 0 bytes User: j2h~J2H User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes User: j2h ->Temp folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: j2h.J2H ->Temp folder emptied: 752 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 23717374 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: j2h~J2H ->Temp folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 23,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04202011_134745 Files\Folders moved on Reboot... C:\Users\j2h.J2H\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Zur Info: Soeben hat sich das Windows Sicherheitscenter erneut verabschiedet. Danke Joachim |
|
20.04.2011, 13:06
| #4 |
| /// Malware-holic | goingonearth Redirect & Windows Sicherheitscenter deaktiviert danach: downloade get info: File-Upload.net - GetInfo.exe doppelklicke die .exe im selben ordner wird nun eine .txt erstellt: summary-info.txt diese doppelklicken und deren inhalt posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.04.2011, 13:28
| #5 |
| | goingonearth Redirect & Windows Sicherheitscenter deaktiviert Hallo hier der Inhalt System volume information: dwHighDateTime = 0x1cbd1b4,dwLowDateTime = 0xd58ab25 System32: dwHighDateTime = 0x1ca0431,dwLowDateTime = 0xfec9a6f8 dwSerialNumber = 0x88585f3b Danke |
|
20.04.2011, 13:31
| #6 |
| /// Malware-holic | goingonearth Redirect & Windows Sicherheitscenter deaktiviert ok weiter gehts. download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ --> goingonearth Redirect & Windows Sicherheitscenter deaktiviert |
|
20.04.2011, 13:52
| #7 |
| | goingonearth Redirect & Windows Sicherheitscenter deaktiviert Alles klar, hier das gewünschte: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6406 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 20.04.2011 14:49:53 mbam-log-2011-04-20 (14-49-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 319786 Laufzeit: 6 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
20.04.2011, 13:59
| #8 |
| /// Malware-holic | goingonearth Redirect & Windows Sicherheitscenter deaktiviert 1. gibts noch umleitungen? 2. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.04.2011, 15:24
| #9 |
| | goingonearth Redirect & Windows Sicherheitscenter deaktiviert So danke für Deine Geduld mein AVG macht massiv problemem und lies sich nur mit Gewalt deistallieren Hier nun das log File: Combofix Logfile: Code:
ATTFilter ComboFix 11-04-19.06 - j2h 20.04.2011 16:17:38.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.12279.5731 [GMT 2:00]
ausgeführt von:: c:\users\j2h.J2H\Desktop\ComboFix.exe
AV: AVG Internet Security Business Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security Business Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\SysWow64\muzapp.exe
.
----- BITS: Eventuell infizierte Webseiten -----
.
hxxp://ntzsrv.j2h.de
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-20 bis 2011-04-20 ))))))))))))))))))))))))))))))
.
.
2011-04-20 14:20 . 2011-04-20 14:20 -------- d-----w- c:\users\j2h\AppData\Local\temp
2011-04-20 14:20 . 2011-04-20 14:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-20 11:47 . 2011-04-20 11:50 -------- d-----w- C:\_OTL
2011-04-20 10:25 . 2011-04-20 10:25 -------- d-----w- c:\program files (x86)\ERUNT
2011-04-20 06:17 . 2011-04-20 06:18 -------- d-----w- c:\program files (x86)\NAVIGON
2011-04-19 10:36 . 2011-04-19 10:36 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-04-19 10:08 . 2011-04-19 10:08 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-04-19 10:01 . 2011-04-20 10:06 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-19 10:00 . 2011-04-19 10:08 -------- d-----w- c:\programdata\Hitman Pro
2011-04-19 09:32 . 2011-04-19 09:32 1152 ----a-w- c:\windows\SysWow64\windrv.sys
2011-04-19 09:32 . 2011-04-19 10:08 -------- d-----w- c:\program files (x86)\SpyNoMore
2011-04-19 09:31 . 2011-04-19 09:32 -------- d-----w- c:\users\j2h.J2H\AppData\Roaming\GetRightToGo
2011-04-16 10:05 . 2011-04-16 10:05 -------- d-----w- c:\program files (x86)\Free PDF to Word Doc Converter
2011-04-16 07:59 . 2011-04-16 07:59 -------- d-----w- c:\windows\system32\SPReview
2011-04-16 07:52 . 2010-11-20 03:00 2560 ----a-w- c:\windows\system32\drivers\de-DE\rdpwd.sys.mui
2011-04-16 07:52 . 2010-11-20 02:59 6656 ----a-w- c:\windows\system32\drivers\de-DE\rdvgkmd.sys.mui
2011-04-16 07:52 . 2010-11-20 03:12 7168 ----a-w- c:\windows\system32\drivers\de-DE\msdsm.sys.mui
2011-04-16 07:52 . 2010-11-20 03:07 3584 ----a-w- c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2011-04-16 07:52 . 2010-11-20 03:01 4608 ----a-w- c:\windows\system32\drivers\de-DE\tsusbhub.sys.mui
2011-04-16 07:52 . 2010-11-20 03:00 4608 ----a-w- c:\windows\system32\drivers\de-DE\vdrvroot.sys.mui
2011-04-16 07:52 . 2010-11-20 03:07 2560 ----a-w- c:\windows\system32\drivers\de-DE\disk.sys.mui
2011-04-16 07:50 . 2010-11-20 03:29 345600 ----a-w- c:\windows\system32\fveapi.dll
2011-04-14 16:33 . 2011-04-14 16:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-14 14:17 . 2011-04-14 14:17 -------- d-----w- c:\program files (x86)\Firefox4.0
2011-04-14 13:28 . 2010-01-10 17:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2011-04-14 12:52 . 2011-04-19 10:12 -------- d-----w- c:\programdata\STOPzilla!
2011-04-14 08:56 . 2011-04-14 09:25 -------- d-----w- c:\program files (x86)\Babylon Translator Removal Tool
2011-04-14 07:37 . 2011-04-14 07:37 -------- d-----w- c:\users\j2h.J2H\AppData\Roaming\TuneUp Software
2011-04-14 07:37 . 2011-04-14 07:37 -------- d-----w- c:\programdata\TuneUp Software
2011-04-14 07:37 . 2011-04-14 07:37 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-04-13 16:35 . 2011-04-13 16:35 -------- d-----w- c:\users\j2h.J2H\AppData\Roaming\Malwarebytes
2011-04-13 16:35 . 2011-04-13 16:35 -------- d-----w- c:\programdata\Malwarebytes
2011-04-13 16:35 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-13 16:35 . 2011-04-13 16:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-13 16:35 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-13 16:09 . 2011-04-14 13:46 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-04-13 16:09 . 2011-04-14 13:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-13 14:06 . 2011-04-13 14:06 388096 ----a-r- c:\users\j2h.J2H\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-13 14:06 . 2011-04-13 14:06 -------- d-----w- c:\program files (x86)\Trend Micro
2011-04-10 17:04 . 2011-04-10 17:04 -------- d-----w- c:\users\j2h.J2H\AppData\Local\assembly
2011-04-10 16:19 . 2011-04-10 16:19 -------- d-----w- c:\users\j2h.J2H\AppData\Local\Sanford,_L.P
2011-04-10 16:19 . 2011-04-10 16:19 -------- d-----w- c:\users\j2h.J2H\AppData\Local\DYMO
2011-04-10 16:17 . 2011-04-10 16:17 -------- d-----w- c:\program files (x86)\DYMO
2011-04-10 16:17 . 2011-04-10 16:17 -------- d-----w- c:\programdata\DYMO
2011-04-10 15:55 . 2006-12-09 02:55 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\sugg1pc.dll
2011-04-10 15:55 . 2006-12-03 23:26 22016 ----a-w- c:\windows\system32\SUGG1l6.DLL
2011-04-10 15:55 . 2006-11-21 09:40 89600 ----a-w- c:\windows\system32\SUGG1ci.dll
2011-04-10 15:55 . 2006-11-20 06:22 151552 ----a-w- c:\windows\system32\SUGG1ci.exe
2011-04-10 15:54 . 2009-03-02 12:12 11576 ------w- c:\windows\system32\drivers\SSPORT.SYS
2011-04-10 15:54 . 2009-03-02 12:12 53816 ------w- c:\windows\system32\drivers\DGIVECP.SYS
2011-04-10 15:39 . 2011-04-10 15:39 -------- d--h--w- c:\programdata\CanonBJ
2011-04-10 15:39 . 2010-04-24 03:00 83968 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPA1.DLL
2011-04-10 15:39 . 2010-04-24 03:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDA1.DLL
2011-04-10 15:39 . 2011-04-10 15:39 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-04-10 15:39 . 2010-04-24 03:00 336896 ----a-w- c:\windows\system32\CNMLMA1.DLL
2011-04-10 15:39 . 2009-03-18 07:10 244736 ----a-w- c:\windows\system32\CNMIUA1.DLL
2011-04-10 15:39 . 2011-04-10 15:39 -------- d--h--w- c:\program files\CanonBJ
2011-04-10 15:08 . 2011-04-10 15:28 -------- d-----w- c:\users\j2h.J2H\AppData\Roaming\USB Server
2011-04-10 15:07 . 2011-04-10 15:21 -------- d-----w- c:\program files (x86)\USB Server 2
2011-04-08 17:22 . 2011-04-08 17:22 -------- d-----w- c:\program files (x86)\GIMP-2.0
2011-04-05 14:04 . 2011-04-05 14:04 -------- d-----w- c:\program files (x86)\RealVNC
2011-04-05 13:56 . 2011-04-05 13:56 -------- d-----w- c:\users\j2h.J2H\AppData\Roaming\UltraVNC
2011-04-04 22:02 . 2011-04-04 22:02 -------- d-----w- c:\users\j2h.J2H\AppData\Roaming\Citrix
2011-04-04 22:02 . 2011-04-04 22:02 -------- d-----w- c:\program files (x86)\Citrix
2011-04-04 06:43 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-04-04 06:43 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-04-04 06:43 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-04-04 06:43 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-04-04 06:43 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-03-30 15:26 . 2009-07-06 08:48 13368 ----a-w- c:\windows\SysWow64\drivers\AsUpIO.sys
2011-03-30 15:26 . 2011-03-30 15:26 -------- d-----w- c:\program files (x86)\ASUS
2011-03-30 15:26 . 2009-09-30 09:33 24576 ----a-w- c:\windows\SysWow64\AsIO.dll
2011-03-30 15:26 . 2009-08-04 08:28 13440 ----a-w- c:\windows\SysWow64\drivers\AsIO.sys
2011-03-30 15:22 . 2011-04-04 15:27 -------- d-----w- c:\users\j2h.J2H\AppData\Roaming\Download Manager
2011-03-30 14:36 . 1998-05-07 08:57 143872 ----a-w- c:\windows\SysWow64\iacenc.dll
2011-03-30 14:33 . 1998-01-23 09:20 305664 ----a-w- c:\windows\IsUn0407.exe
2011-03-30 06:57 . 2009-03-18 15:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2011-03-30 06:57 . 2011-03-30 06:57 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-03-29 10:56 . 2011-03-29 10:56 -------- d-----w- c:\users\j2h.J2H\AppData\Local\Stardock
2011-03-29 10:56 . 2011-03-30 17:13 -------- d-----w- c:\program files (x86)\CursorFX
2011-03-29 10:55 . 2011-03-29 10:55 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-03-29 10:26 . 2011-03-29 10:49 -------- d-----w- c:\users\j2h.J2H\AppData\Local\Google
2011-03-29 10:26 . 2011-03-29 10:27 -------- d-----w- c:\program files (x86)\Google
2011-03-24 13:51 . 2011-03-24 13:51 -------- d-----w- c:\users\j2h.J2H\AppData\Roaming\ArchiCrypt Ultimate RAM-Disk3
2011-03-24 13:51 . 2011-03-24 13:51 -------- d-----w- c:\programdata\ArchiCrypt Ultimate RAM-Disk
2011-03-24 13:51 . 2011-02-21 10:21 437208 ----a-w- c:\windows\system32\ACRAMDiskHandlerService64RD3.exe
2011-03-24 13:51 . 2011-02-21 10:21 24536 ----a-w- c:\windows\system32\drivers\ACMoFlex64RD3.sys
2011-03-24 13:51 . 2011-02-21 10:21 170968 ----a-w- c:\windows\system32\ACMFEngine64RD3.dll
2011-03-24 13:51 . 2011-03-24 13:51 -------- d-----w- c:\program files\ArchiCrypt
2011-03-24 13:25 . 2011-01-17 15:00 164520 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2011-03-24 13:24 . 2011-03-24 13:24 -------- d-----w- c:\program files\Intel
2011-03-24 13:21 . 2011-03-24 13:21 -------- d-----w- c:\program files\SystemRequirementsLab
2011-03-24 13:11 . 2010-11-23 17:33 300648 ----a-w- c:\windows\system32\drivers\RtHDMIVX.sys
2011-03-24 13:11 . 2010-11-18 14:01 2813544 ----a-w- c:\windows\system32\RtkHDM64.dll
2011-03-24 13:11 . 2010-11-18 14:01 2185832 ----a-w- c:\windows\system32\RHDMEx64.dll
2011-03-24 13:11 . 2010-11-11 12:27 83048 ----a-w- c:\windows\system32\RHCoInst64.dll
2011-03-24 13:11 . 2010-11-08 06:31 97624 ----a-w- c:\windows\system32\RTEEL64H.dll
2011-03-24 13:11 . 2010-11-08 06:31 78680 ----a-w- c:\windows\system32\RTEEG64H.dll
2011-03-24 13:11 . 2010-11-08 06:31 372056 ----a-w- c:\windows\system32\RTEEP64H.dll
2011-03-24 13:11 . 2010-11-08 06:31 310104 ----a-w- c:\windows\system32\RH3DHT64.dll
2011-03-24 13:11 . 2010-11-08 06:31 310104 ----a-w- c:\windows\system32\RH3DAA64.dll
2011-03-24 13:11 . 2010-11-08 06:31 204120 ----a-w- c:\windows\system32\RTEED64H.dll
2011-03-24 13:11 . 2011-03-24 13:11 -------- d-----w- c:\users\j2h~J2H
2011-03-24 08:34 . 2011-03-24 08:34 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-16 07:57 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-04-16 07:57 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-03-17 11:11 . 2011-03-17 11:11 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys
2011-03-17 11:11 . 2011-03-17 11:11 970336 ----a-w- c:\windows\system32\drivers\timntr.sys
2011-03-17 11:11 . 2011-03-17 11:11 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2011-03-17 11:11 . 2011-03-17 11:11 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-03-15 13:54 . 2011-03-15 13:55 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-03-14 13:34 . 2011-03-14 13:34 1784832 ----a-w- c:\windows\SysWow64\iertutil.dll_old0
2011-03-14 13:34 . 2011-03-14 13:34 1125376 ----a-w- c:\windows\SysWow64\wininet.dll_old0
2011-03-14 13:34 . 2011-03-14 13:34 1098240 ----a-w- c:\windows\SysWow64\urlmon.dll_old0
2011-03-07 02:08 . 2011-03-07 02:08 93552 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll
2011-02-28 07:09 . 2011-02-21 10:59 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2011-02-23 10:04 . 2011-02-21 14:53 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-02-22 12:53 . 2011-02-22 12:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-21 17:38 . 2011-02-21 17:38 181608 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10137.bin
2011-02-21 14:53 . 2011-02-21 14:53 53248 ----a-r- c:\users\j2h.J2H\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-02-16 20:36 . 2011-02-16 20:36 46112 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2011-02-08 17:43 . 2011-02-08 17:43 845944 ----a-w- c:\windows\system32\ncs2dmix.dll
2011-02-08 17:43 . 2011-02-08 17:43 836216 ----a-w- c:\windows\system32\accesor.dll
2011-02-08 17:19 . 2011-02-08 17:19 217208 ----a-w- c:\windows\system32\ncs2instutility.dll
2011-02-08 17:02 . 2011-02-08 17:02 2534008 ----a-w- c:\windows\system32\ncscolib.dll
2011-02-02 16:11 . 2011-02-21 12:07 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 16:10 . 2011-02-21 12:07 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{660EF582-C377-4004-BD63-6ABDE06BF5D0}\mpengine.dll
2011-01-29 22:16 . 2011-01-29 22:16 30056 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2011-01-29 16:00 . 2011-03-01 17:53 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2011-01-29 16:00 . 2011-01-29 16:00 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-01-29 16:00 . 2011-01-29 16:00 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-01-29 16:00 . 2011-01-29 16:00 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-01-29 16:00 . 2011-01-29 16:00 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2011-01-29 16:00 . 2011-01-29 16:00 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2011-01-29 16:00 . 2011-01-29 16:00 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2011-01-29 16:00 . 2011-01-29 16:00 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2011-01-29 16:00 . 2011-01-29 16:00 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2011-01-29 16:00 . 2011-01-29 16:00 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2011-01-29 16:00 . 2011-01-29 16:00 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2011-01-29 16:00 . 2011-01-29 16:00 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2011-01-29 16:00 . 2011-01-29 16:00 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2011-01-29 16:00 . 2011-01-29 16:00 40960 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2011-01-29 16:00 . 2011-01-29 16:00 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2011-01-29 16:00 . 2011-01-29 16:00 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2011-01-29 16:00 . 2011-01-29 16:00 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2011-01-29 16:00 . 2011-01-29 16:00 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2011-01-29 16:00 . 2011-01-29 16:00 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2011-01-29 16:00 . 2011-01-29 16:00 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2011-01-29 16:00 . 2011-01-29 16:00 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2011-01-29 16:00 . 2011-01-29 16:00 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2011-01-29 16:00 . 2011-01-29 16:00 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2011-01-29 16:00 . 2011-01-29 16:00 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2011-01-29 16:00 . 2011-01-29 16:00 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2011-01-29 16:00 . 2011-03-01 17:53 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2011-01-28 19:35 . 2011-01-28 19:35 6144 ----a-w- c:\windows\system32\lmmonres.tr.dll
2011-01-28 19:35 . 2011-01-28 19:35 5120 ----a-w- c:\windows\system32\lmmonres.zh.dll
2011-01-28 19:35 . 2011-01-28 19:35 6144 ----a-w- c:\windows\system32\lmmonres.sv.dll
2011-01-28 19:35 . 2011-01-28 19:35 6144 ----a-w- c:\windows\system32\lmmonres.pt.dll
2011-01-28 19:35 . 2011-01-28 19:35 6144 ----a-w- c:\windows\system32\lmmonres.pt-BR.dll
2011-01-28 19:35 . 2011-01-28 19:35 6144 ----a-w- c:\windows\system32\lmmonres.pl.dll
2011-01-28 19:35 . 2011-01-28 19:35 6144 ----a-w- c:\windows\system32\lmmonres.no.dll
2011-01-28 19:35 . 2011-01-28 19:35 6144 ----a-w- c:\windows\system32\lmmonres.nl.dll
2011-01-28 19:35 . 2011-01-28 19:35 6144 ----a-w- c:\windows\system32\lmmonres.it.dll
2011-01-28 19:35 . 2011-01-28 19:35 6144 ----a-w- c:\windows\system32\lmmonres.hu.dll
2011-01-28 19:35 . 2011-01-28 19:35 6144 ----a-w- c:\windows\system32\lmmonres.fr.dll
2011-01-28 19:35 . 2011-01-28 19:35 6144 ----a-w- c:\windows\system32\lmmonres.fr-CA.dll
2011-01-28 19:35 . 2011-01-28 19:35 6144 ----a-w- c:\windows\system32\lmmonres.fi.dll
2011-01-28 19:35 . 2011-01-28 19:35 6144 ----a-w- c:\windows\system32\lmmonres.es.dll
2011-01-28 19:35 . 2011-01-28 19:35 6144 ----a-w- c:\windows\system32\lmmonres.es-CO.dll
2011-01-28 19:35 . 2011-01-28 19:35 6144 ----a-w- c:\windows\system32\lmmonres.dll
2011-01-28 19:35 . 2011-01-28 19:35 6144 ----a-w- c:\windows\system32\lmmonres.de.dll
2011-01-28 19:35 . 2011-01-28 19:35 6144 ----a-w- c:\windows\system32\lmmonres.da.dll
2011-01-28 19:35 . 2011-01-28 19:35 5632 ----a-w- c:\windows\system32\lmmonres.cs.dll
2011-01-28 09:52 . 2011-01-28 09:52 225280 ----a-w- c:\windows\system32\Ncs2Setp.dll
2011-01-28 09:19 . 2011-02-21 11:37 316104 ----a-w- c:\windows\system32\PROUnstl.exe
2011-01-26 23:37 . 2011-01-26 23:37 9085952 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-01-26 23:22 . 2011-01-26 23:22 22295040 ----a-w- c:\windows\system32\atio6axx.dll
2011-01-26 23:00 . 2011-01-26 23:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-26 23:00 . 2011-01-26 23:00 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-01-26 22:59 . 2011-01-26 22:59 17204736 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-01-26 22:59 . 2011-01-26 22:59 708608 ----a-w- c:\windows\system32\aticfx64.dll
2011-01-26 22:56 . 2011-01-26 22:56 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-26 22:56 . 2011-01-26 22:56 479232 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-26 22:55 . 2011-01-26 22:55 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-26 22:54 . 2011-01-26 22:54 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-01-26 22:54 . 2011-01-26 22:54 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-01-26 22:53 . 2011-01-26 22:53 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-01-26 22:53 . 2011-01-26 22:53 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-01-26 22:53 . 2011-01-26 22:53 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-26 22:53 . 2011-01-26 22:53 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-01-26 22:53 . 2011-01-26 22:53 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-01-26 22:49 . 2011-01-26 22:49 4105728 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-01-26 22:40 . 2011-01-26 22:40 4847616 ----a-w- c:\windows\system32\atidxx64.dll
2011-01-26 22:32 . 2011-01-26 22:32 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-01-26 22:32 . 2011-01-26 22:32 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-01-26 22:32 . 2011-01-26 22:32 3222016 ----a-w- c:\windows\system32\atiumd6a.dll
2011-01-26 22:28 . 2011-01-26 22:28 4170752 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-01-26 22:27 . 2011-01-26 22:27 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-01-26 22:27 . 2011-01-26 22:27 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-01-26 22:27 . 2011-01-26 22:27 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-01-26 22:27 . 2011-01-26 22:27 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-03-07 4886136]
"ACRAMDisk"="c:\program files\ArchiCrypt\ArchiCrypt Ultimate RAM-Disk 3\ACUltimateRamDisk.exe" [2011-02-21 1770424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"StartCCC"="c:\program files (x86)\ATI-Grafik\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/03/15 14:56;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 136176]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 NUServer64;Network USB Server Device ;c:\windows\system32\DRIVERS\NUServer64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 ACMoFlex64RD3;ACMoFlex64RD3;c:\windows\system32\drivers\ACMoFlex64RD3.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-03-17 3246040]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ArchiCrypt Ultimate RAM-Disk 3;ArchiCrypt Ultimate RAM-Disk 3 - Realisiert RAM-Disk;c:\windows\system32\ACRAMDiskHandlerService64RD3.exe [x]
S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2011-01-28 32336]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 2111368]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 lxcq_device;lxcq_device;c:\windows\system32\lxcqcoms.exe [2006-12-05 566192]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-01-26 573224]
S2 NPWService;NPWService;c:\program files (x86)\USB Server 2\NPW\NPWService.exe [2010-11-11 784384]
S2 O&O CleverCache;O&O CleverCache ;c:\program files\OO Software\CleverCache\ooccag.exe [2009-12-09 844616]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NUS_Bus;Network USB Server Bus;c:\windows\system32\DRIVERS\NUS_Bus.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ooccctrl.exe"="c:\program files\OO Software\CleverCache\ooccctrl.exe" [2009-12-09 4314440]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"lxcqmon.exe"="c:\program files (x86)\Lexmark 9300 Series\lxcqmon.exe" [2007-01-11 291760]
"LXCQCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCQtime.dll" [2006-11-21 31744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: {19F75BD1-7726-42DB-95B2-DA59455F31B1} = 192.168.11.10
FF - ProfilePath - c:\users\j2h.J2H\AppData\Roaming\Mozilla\Firefox\Profiles\pb5vkwrc.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-USB Server - %ProgramFiles(x86)%\USB Server 2\USB Server.exe
AddRemove-webKONRAD - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_3_162_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_3_162_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOCC7.00.00.01PROSTATION"="7CF3CA3F285B68AEB198125403E1F7E566D0AD4EDA6F48F40DD2E4A5688A2C9ACEF99652EC74622041AC98C4CA4E94D96CCE586F7BD52CB39CC0D7DAC12CEC5088F5F3493D366C3B47167F714482CBA0112DA8C38FC5CC2257F1B3C237633031A6958262040CE67FDBA76D870163927DAB88EA8A753DD566F0EA0A4C96E674E2576538DE9805C4B54D1A5C3A0B78F0F645E13E8684DB03E751933D6DA110CB4F0258DC844C530EE59B8619415D6D83589D9B93010667A6D214BB859F0FDC5CA13DC30E1DE14F5DDE7E6DC755E712F830287F34C3B5C9A4170913EE5E07EE61CC5763BB760FF16133DE33DBB60E5B17D2093BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5C8EDD5E5BE2F6E667FEBC9E127BECC74C06CA9D313504187483D262B1BB33C70A9A22E4C55636A0D742210781418CFD241FFE641078C99A64D92972E0B50F192BCE4EEBE5C897D3AF7C798DD82EDC84DF5534A21988C1B6FED040DF14D94F0F5C595D944499875914021EA0B390C078E0114FC61E0E150D7F53704697E3E18622CC38C646BAD26E71ABA816B2AE85111E8E3BB597C433738625943459A47414E511485FF53108001A23B4B61563BA3C73DE6545A0FACD73965B89AFEE80F9FC73607F2F7F17FC34C369E3C2431C379A1DE83EBFF692DA4917DEB3B08FEDAABCFAC8507CB319C8E186D2DA6AC55A92FE3F61BC65FD0694E8D3EF782196FB8181902F320007F7C613E086C054C936AB73DED859693C5E7874FB1EC3628548BC2DADC72166130A9909B301431A23D8A13568AE13F15D3CC9C823CF83C8FE095FD6AE1F9DD094B723B7C49094CAC601DB32A817E91BAF518D7241BE2A9CCA85B249D2932AD36C7E8CC3BDD9E5684E018211511B65F126660F323078AD98D5993F82BE56CDF7A0EFC10CAB5573E6F73E02297A188D7CD8D45BFD30608A6D2FB656357B7196BCD730F29D7FCDF73326358C889EBE71AE808EC5FE65A9BEBE8AE18948F5BC9290DFFA933E0FE3B3295D71966E9A9322F57D946493D5DFCB26C0B030567C68D459AA1B5D63930A6C1BC896D94F326EB4AFD2FE10CCEDE03AADCCD066AC46F676F0CB73CAB9AA89EAD0B6D9D2540B7E44AF26F9686FFBDD135750838B4FE93E91A3FC789D9FD57D7A02970843D9AFC16C3D44C34EF635DBE5948C1C41F3E26B47329AB259AAF9556CDE81FCAF708E0E50921A2FE80F30B6C54FEB826F8514FA3B5226C145A0E054960730AB62DCFA8D15DEBB25A299E61AC764F7B341A2C04014AC44D4EE7E38945092FE1BE716A9BB6445601F28ACBA090721E2BF261D11E2FDDDBDB12571917FF58BF1E490CAB5E8EC5D62ADEB91EDD8A44B7EC9507B91DC28F67EB27DDEE0D5696D2DB7F2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-20 16:21:29
ComboFix-quarantined-files.txt 2011-04-20 14:21
.
Vor Suchlauf: 8 Verzeichnis(se), 73.628.938.240 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 73.646.751.744 Bytes frei
.
- - End Of File - - A7D0F5763D83447E804698513CAEA931
Umleitungen finden nicht mehr statt. Danke |
|
20.04.2011, 15:34
| #10 |
| /// Malware-holic | goingonearth Redirect & Windows Sicherheitscenter deaktiviert hohl dir mal lieber avast, das läuft wesendlich runder. http://www.trojaner-board.de/110895-...antivirus.html teste mal und schau ob du damit klar kommst. vorher den avg remover nutzen: AVG - Tools-Download
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.04.2011, 15:54
| #11 |
| | goingonearth Redirect & Windows Sicherheitscenter deaktiviert Danke für Deine Hilfe. Echt super was hier läuft.  Die Umleitung scheint weg zu sein und das Windows Sicherheitscenter ist aktiv. Nochmals vielen Dank für die professionelle Unterstützung. Das mit AVAST werde ich bei der Neuanschaffung ins Auge fassen, auch hier danke für den Tip. Gruß Joachim |
|
20.04.2011, 16:07
| #12 |
| /// Malware-holic | goingonearth Redirect & Windows Sicherheitscenter deaktiviert avast kostet nichts. die free version ist ausreichend und läuft wie gesagt, besser als avg. wir haben noch n bissel was zu tun. lade den CCleaner slim: Piriform - Builds falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.04.2011, 16:29
| #13 |
| | goingonearth Redirect & Windows Sicherheitscenter deaktiviert Hier die Daten: 7-Zip 9.20 (x64 edition) Igor Pavlov 20.02.2011 4,53MB 9.20.00.0 notwendig Acronis*True*Image*Home 2011 Acronis 16.03.2011 246MB 14.0.6696 notwendig Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 13.04.2011 6,00MB 10.2.152.32 notwendig Adobe Flash Player 10 ActiveX 64-bit Adobe Systems Incorporated 22.02.2011 6,00MB 10.3.162.28 notwendig Adobe Flash Player 10 Plugin Adobe Systems Incorporated 13.04.2011 6,00MB 10.2.152.32 notwendig Adobe Reader X (10.0.1) - Deutsch Adobe Systems Incorporated 20.02.2011 115,9MB 10.0.1 notwendig Agent Ransack 2010 (64-bit) 20.02.2011 13,5MB notwendig AnyDVD SlySoft 13.04.2011 6.7.9.0 notwendig ArchiCrypt Ultimate RAM-Disk 3 Version 3.0.7.2618 Softwareentwicklung Patric Remus - ArchiCrypt 23.03.2011 7,14MB 3.0.7.2618 notwendig Artisteer 2 Extensoft 13.04.2011 2.5 notwendig ASUSUpdate ASUSTeK Computer Inc. 13.04.2011 7.18.03 unnötig ATI Catalyst Install Manager ATI Technologies, Inc. 17.03.2011 22,4MB 3.0.812.0 notwendig Audials RapidSolution Software AG 20.02.2011 287MB 8.0.42101.100 notwendig Audials TV RapidSolution Software AG 20.02.2011 2,07MB 1.3.10803.300 unnötig Bluetooth Stack for Windows by Toshiba TOSHIBA CORPORATION 20.02.2011 73,2MB v7.10.01 notwendig Brother P-touch Editor 5.0 Brother Industries, Ltd. 15.03.2011 22,3MB 5.0.1220 notwendig Canon iP4700 series Printer Driver 09.04.2011 notwendig CCleaner Piriform 29.03.2011 3.05 notwendig Citrix XenCenter Citrix Systems, Inc. 04.04.2011 56,0MB 5.6.100 notwendig CyberLink BD Advisor 2.0 13.04.2011 unnötig CyberLink Blu-ray Disc Suite CyberLink Corp. 14.03.2011 16,6MB 6.0.3226 unnötig CyberLink PowerDVD 9 CyberLink Corp. 14.03.2011 192,8MB 9.0.2919.52 notwendig Die Siedler 7 Ubisoft 12.03.2011 1.11.1371 notwendig DYMO Label v.8 Sanford, L.P. 13.04.2011 8.3.0.1242 notwendig Feedback Tool Microsoft Corporation 13.03.2011 2,30MB 1.2.0 unnötig FileZilla Client 3.3.5.1 13.04.2011 3.3.5.1 notwendig Free PDF to Word Doc Converter v1.1 www.hellopdf.com 15.04.2011 1.1 notwendig GIMP 2.6.11 The GIMP Team 07.04.2011 107,7MB 2.6.11 notwendig Google Chrome Google Inc. 28.03.2011 10.0.648.205 notwendig Google Earth Google 28.03.2011 84,4MB 6.0.1.2032 notwendig HiJackThis Trend Micro 12.04.2011 0,36MB 1.0.0 notwendig Hitman Pro 3.5 SurfRight B.V. 18.04.2011 3.5.8.119 notwendig Intel(R) Network Connections 16.1.53.0 Intel 23.03.2011 14,9MB 16.1.53.0 notwendig Intel® Matrix Storage Manager Intel Corporation 20.02.2011 notwendig Java(TM) 6 Update 24 Oracle 21.02.2011 94,8MB 6.0.240 unbekannt JMicron JMB36X Driver JMicron Technology Corp. 20.02.2011 1.00.0000 notwendig LameACM 13.04.2011 notwendig Lexmark 9300 Series Lexmark International, Inc. 09.04.2011 notwendig Logitech SetPoint 6.20 Logitech 20.02.2011 39,1MB 6.20.64 notwendig LogMeIn Hamachi LogMeIn, Inc. 13.04.2011 2.0.3.111notwendig Malwarebytes' Anti-Malware Malwarebytes Corporation 12.04.2011 10,5MB notwendig marvell 91xx driver Marvell 13.04.2011 1.0.0.1036 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 20.02.2011 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 20.02.2011 2,94MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Extended Microsoft Corporation 20.02.2011 52,0MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 20.02.2011 10,7MB 4.0.30319 unbekannt Microsoft Expression Design 4 Microsoft Corporation 13.04.2011 7.0.20516.0 notwendig Microsoft Expression Encoder 4 Microsoft Corporation 13.04.2011 4.0.1651.0 notwendig Microsoft Expression Encoder 4 Screen Capture Codec Microsoft Corporation 20.02.2011 1,80MB 4.0.1651.0 notwendig Microsoft Expression Web 4 Microsoft Corporation 13.04.2011 4.0.1241.0 notwendig Microsoft LifeCam Microsoft Corporation 20.02.2011 60,6MB 3.22.270.0 unnötig Microsoft Office Professional Plus 2010 Microsoft Corporation 20.02.2011 14.0.4763.1000 notwendig Microsoft Silverlight Microsoft Corporation 21.02.2011 60,3MB 4.0.60129.0 notwendig Microsoft Sync Framework 2.0 Core Components (x64) ENU Microsoft Corporation 28.03.2011 1,33MB 2.0.1578.0 unbekannt Microsoft Sync Framework 2.0 Provider Services (x64) ENU Microsoft Corporation 28.03.2011 3,20MB 2.0.1578.0 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 14.03.2011 2,69MB 8.0.59193 unbekannt Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Corporation 12.04.2011 0,30MB 8.0.51011 unbekannt Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 21.02.2011 0,21MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 12.04.2011 0,77MB 9.0.30729.5570 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 12.04.2011 0,58MB 9.0.30729.5570 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 20.02.2011 0,77MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 12.03.2011 2,87MB 9.0.21022 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 20.02.2011 0,23MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 20.02.2011 0,57MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 12.04.2011 13,7MB 10.0.30319 unbekannt Mozilla Firefox 4.0 (x86 de) Mozilla 13.04.2011 30,1MB 4.0 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 21.02.2011 1,28MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 21.02.2011 1,33MB 4.20.9876.0 unbekannt NAVIGON Fresh 3.2.0 NAVIGON 19.04.2011 3.2.0 notwendig Nero Burning ROM 10 Nero AG 20.02.2011 167,7MB 10.2.11000.12.100 notwendig Nero BurnRights 10 Nero AG 20.02.2011 6,14MB 4.2.10300.0.102 notwendig Nero Express 10 Nero AG 20.02.2011 164,8MB 10.2.11100.12.100 notwendig Nero Multimedia Suite 10 Nero AG 20.02.2011 1.187MB 10.5.10500 unnötig Nero Recode 10 Nero AG 20.02.2011 92,3MB 4.8.10400.3.100 notwendig Nero SoundTrax 10 Nero AG 20.02.2011 95,0MB 4.8.10200.1.100 unnötig Nero StartSmart 10 Nero AG 20.02.2011 143,7MB 10.2.11100.10.100 unnötig Nero Update Nero AG 20.02.2011 2,20MB 1.0.10400.26.0 notwendig Nero Vision 10 Nero AG 20.02.2011 223MB 7.2.14700.9.100 notwendig Nero WaveEditor 10 Nero AG 20.02.2011 76,4MB 5.8.10400.2.100 notwendig O&O CleverCache O&O Software GmbH 20.02.2011 17,8MB 7.1.2737 notwendig Plus Pack für Acronis True Image Home 2011 Acronis 16.03.2011 91,5MB 14.0.6696 notwendig Realtek HDMI Audio Driver for ATI Realtek Semiconductor Corp. 13.04.2011 6.0.1.6251 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 23.03.2011 6.0.1.6299 notwendig Remote Control USB Driver 22.02.2011 2.3.2.317 unnötig Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 20.02.2011 1,03MB 2.0.4.0 unbekannt Samsung CLP-300 Series 13.04.2011 notwendig Samsung Kies Samsung Electronics Co., Ltd. 28.02.2011 167,1MB 2.0.0.11014_49 notwendig Samsung Universal Print Driver Samsung Electronics Co., Ltd. 13.04.2011 2.02.05.00:24 unnötig SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 28.02.2011 31,9MB 1.3.2000.0 notwendig Snapshot (remove only) 13.04.2011 notwendig Speccy Piriform 22.02.2011 1.08 notwendig SpyNoMore 2.98 Illysoft 18.04.2011 2.98 unnötig SWiSH Max4 SWiSHzone.com 13.04.2011 10.10.29.100 notwendig System Requirements Lab for Intel (64-bit) Husdawg, LLC 23.03.2011 0,90MB 4.4.22.0 unnötig TeamViewer 6 TeamViewer GmbH 15.04.2011 6.0.10462 notwendig Ubisoft Game Launcher UBISOFT 12.03.2011 1.0.0.0 notwendig USB Server Ihr Firmenname 09.04.2011 6,13MB 0.10.0917.0049 notwendig VirtualCloneDrive Elaborate Bytes 13.04.2011 notwendig Visual Studio Tools for the Office system 3.0 Runtime Microsoft Corporation 13.04.2011 notwendig Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU Microsoft Corporation 13.04.2011 notwendig VNC Free Edition 4.1.3 RealVNC Ltd. 04.04.2011 4.1.3 notwendig Xilisoft ISO Maker Xilisoft 13.04.2011 1.0.21.0402 notwendig |
|
20.04.2011, 16:39
| #14 |
| /// Malware-holic | goingonearth Redirect & Windows Sicherheitscenter deaktiviert deinstaliere: Audials TV CyberLink die unnötigen Feedback Tool Remote Control Samsung Universal Print Driver SpyNoMore bereinige mit dem ccleaner
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.04.2011, 16:48
| #15 |
| | goingonearth Redirect & Windows Sicherheitscenter deaktiviert Alle klar. Programme deinstalliert, CCleaner laufen lassen. Momentan keine Störungen mehr. |
|
| Themen zu goingonearth Redirect & Windows Sicherheitscenter deaktiviert |
| antivirus, avg, bho, device driver, document, download, error, eset nod32, excel.exe, explorer, firefox, format, frage, goingonearth, google, hijack, hitman pro, iastor.sys, langs, location, logfile, malwarebytes, microsoft, monitor.exe, mozilla, object, oldtimer, pdf, plug-in, programme, realtek, redirect, registry, searchplugins, server, start menu, suche, syswow64, usb, webcheck, windows, windows sicherheitccenter, windows sicherheitscenter deaktiviert, winlogon.exe |
Linear-Darstellung
